0

I have a JPEG GET request in my PCAP as below but when I export it, it's not a valid JPEG file

enter image description here

Any advice as to what I'm doing wrong?

pee2pee
  • 483
  • 1
  • 5
  • 14

1 Answers1

0

The contents you see are encoded in Base64, where each character you see represents 6 bits of data, not 8 bits.

You need to decode that Base64 data into binary data, but what you on the screen is not an exact data, as all the unprintable characters were displayed as dots.

You need to get the binary data of the packet, then pass it through a Base64 decoder.

harrymc
  • 455,459
  • 31
  • 526
  • 924
  • Why do you think that's base64? Base64 should use only printable characters, specifically [a-zA-Z0-9+/] and maybe = for padding – gronostaj Mar 14 '21 at 22:28
  • @gronostaj: You're right, I should have taken a better look. I was mistaken since base64 is almost universally used for images. The actual format used is missing from the headers where it should have been specified. It's also not binary, since the first two characters are incorrect for JPEG. It's either a broken server, or a broken display by Wireshark. – harrymc Mar 15 '21 at 09:06