All geek questions in one place

Dump protocol protocol data / response

Is it possible to dump (view) data recorded in the PB format without any knowledge of the types used to record this data?

I have found https://stackoverflow.com/a/167178

In short, protobufs on the wire are encoded as 3-tuples, where the key is the field number assigned to the field in the .proto scheme. Type one of. It contains enough information to decode the value of a 3-tuple, namely, it tells you how long this value is.

What is my ultimate goal is to write an extension for Fiddler2 to find out what is sent / received in PB format.

+6
source share
2 answers

There is a wirehark tool for this.

The problem here is that the protobuf format is ambiguous if you don't know the circuit:

  • fixed-32 can be a float or unsigned integer (32 bits)
  • fixed-64 can be a double or signed or unsigned integer (64 bit)
  • varint can be a signed or unsigned integer, a zigzag integer, or a boolean
  • The string can be utf-8, a packed array of primitives, a sub-message, or raw bytes.

In fact, the only unambiguous tokens are the beginning and the end group, and they are not subject to obsolescence!

So: this is kind of doable, but you may need to provide multiple interpretations of the same data

You can also specify only field numbers: in binary format there are no participant names

+6
source

Here's the implementation of Fiddler PB (not used): https://github.com/SecurityInnovation/ProtoMiddler

+2
source

Source: https://habr.com/ru/post/924915/

More articles:


All Articles