Add HTTP2 support - Githubissues

jpcofr commented 9 months ago

@seladb I noticed that PcapPlusPlus does not support HTTP2 and someone requested that through the google group. It seems also that there are not active PRs for this. Do you know if someone is already working on this? If not, I can start working on it...

seladb commented 9 months ago

The main problem with HTTP/2 (formerly known as SPDY) in the context of analyzing and parsing is that this protocol is encrypted by design, unlike previous versions of HTTP which weren't encrypted and needed an additional encryption layer known as SSL/TLS.

We currently don't have a way to decrypt traffic, and even if we had I'm not sure how it'd apply to HTTP/2.

Or maybe you think there is value in parsing the encrypted messages, like PcapPlusPlus already does for protocols like SSL/TLS, SSH, IPSec, etc.? 🤔

jpcofr commented 9 months ago

The main problem with HTTP/2 (formerly known as SPDY) in the context of analyzing and parsing is that this protocol is encrypted by design, unlike previous versions of HTTP which weren't encrypted and needed an additional encryption layer known as SSL/TLS. We currently don't have a way to decrypt traffic, and even if we had I'm not sure how it'd apply to HTTP/2.

I know that Wireshark is able to decrypt when the MAGIC frames in the stream are present. Even when it cannot decrypt, the HTTP2 frames show some unformatted payload. As for how to do it in PcapPlusPlus, I have no idea and that would be part the investigation during a PR.

Or maybe you think there is value in parsing the encrypted messages, like PcapPlusPlus already does for protocols like SSL/TLS, SSH, IPSec, etc.? 🤔

Yes! my initial interest in this project is to be able to reconstruct payloads from HTTP2. (e.gr. be able to reconstruct JSON payload easily for 3GPP 5G Network Function interactions) I still need to review the code more carefully. Assuming that the HTTP functionalities are incomplete (I saw in the docs that HTTP only uses headers) I propose the following:

Create a task to finish the HTTP implementation.
Create a task to implement HTTP2.

If you agree, just create these two tasks and assign them to me. This time I'll branch dev...

seladb commented 9 months ago

I think that Wireshark uses OpenSSL to decrypt data, not sure about HTTP2 though... however, we don't want to add OepnSSL as a dependency because it will make the build process more complex. If you find a way to decrypt without an external dependency then I'm all for it!

Regarding full HTTP implementation - the reason only headers are supported is because often full HTTP messages (especially responses) spread over more than one packet but the parsing in PcapPlusPlus is done packet-by-packet. Of course, HTTP headers can also spread over more than one packet (and the parser supports that), but this is a more rare edge case.

Anyway - feel free to start working on it! We don't have to open tickets for it, but we can if you prefer 😃

jpcofr commented 9 months ago

If you find a way to decrypt without an external dependency then I'm all for it!

seems this need require a lengthy investigation... I may look into that later after I have checked what is required.

Anyway - feel free to start working on it! We don't have to open tickets for it, but we can if you prefer

Yes, please open the ticket and I'll start pushing stuff soon.

seladb commented 9 months ago

@jpcofr actually we can use this ticket for HTTP2 😄 I just assigned it to you