原文地址:http://blog.csdn.net/vah101/article/details/44102501
首先使用wireshark启动抓包,然后以百度为例,访问百度的首页,之后停止抓包,wireshark的fiter框中输入:
http && http.host matches "baidu"
显示出所有针对百度的get请求,在某一条get请求上右键点击“follow tcp stream”,会弹出一个“follow tcp stream”对话框,显示所有与百度交互的http流,其中注意到百度的应答http头如下:
- HTTP/1.1 200 OK
- Date: Fri, 06 Mar 2015 09:34:02 GMT
- Content-Type: text/html
- Transfer-Encoding: chunked
- Connection: Keep-Alive
- Cache-Control: private
- Expires: Fri, 06 Mar 2015 09:34:02 GMT
- <span style="background-color: rgb(255, 0, 0);">Content-Encoding: gzip</span>
- Server: BWS/1.1
- BDPAGETYPE: 2
- BDQID: 0xaba126000003d5cb
- BDUSERID: 44636996
- Set-Cookie: BDSVRTM=138; path=/
- Set-Cookie: BD_HOME=1; path=/
- Set-Cookie: H_PS_PSSID=12633_12749_11076_1457_12692_12694_12716_12721_12729_12736_12738_12743_11089_10633; path=/; domain=.baidu.com
其中说明了http的payload已经使用了gzip进行压缩,所以在“follow tcp stream”对话框中显示的http payload是乱码。
此时,需要会退到wireshark的主窗口,选择file菜单下的export objects->html,这时会显示http objects对话框,如下所示:
根据hostname、filename选择一条,点击save as即可保存成html文件