Hi
I’m trying to detect whether HTTPS is being used in a packet capture file I downloaded off Wireshark. I’ve done the same for NTP so far and I’m trying to do the same for https.
This is the code I’m using to open the PCAP file
func (d *DPI) readPCAP(pcapFile string) (*pcap.Handle, error) {
// Open file instead of device
handle, err := pcap.OpenOffline(pcapFile)
if err != nil {
return nil, err
}
return handle, nil
}
and these two functions are the ones I’m using to test.
func TestHTTPS(t *testing.T) {
dpi := newDPI()
handle, err := dpi.readPCAP("data/pcap/rsasnakeoil2.cap")
if(err != nil){
fmt.Println(err)
}
var filter = "tcp"
dpi.setFilter(handle,filter)
httpsPackets := 0
for packet := range dpi.getPacketChan(handle) {
if dpi.detectHTTPS(packet) == 1 {
httpsPackets++
}
}
fmt.Println("Total https packets ", httpsPackets)
}
Detecting function :
func (d *DPI) detectHTTPS(packet gopacket.Packet) int {
applicationLayer := packet.ApplicationLayer()
//payload := applicationLayer.Payload()
fmt.Println(applicationLayer.Payload()) // this is the line where the error pops up
return 0
}
I’m getting a invalid memory address or nil pointer dereference error while trying to do this. I’m not sure why this is happening. I could use some help with this.
Thanks!