Error while retrieving payload while trying to inspect HTTPS packets

Hi
I’m trying to detect whether HTTPS is being used in a packet capture file I downloaded off Wireshark. I’ve done the same for NTP so far and I’m trying to do the same for https.

This is the code I’m using to open the PCAP file


func (d *DPI) readPCAP(pcapFile string) (*pcap.Handle, error) {
	// Open file instead of device
	handle, err := pcap.OpenOffline(pcapFile)
	if err != nil {
		return nil, err
	}
	return handle, nil
}

and these two functions are the ones I’m using to test.

func TestHTTPS(t *testing.T) {
	dpi := newDPI()

	handle, err := dpi.readPCAP("data/pcap/rsasnakeoil2.cap")
	if(err != nil){
		fmt.Println(err)
	}

	var filter = "tcp"
	dpi.setFilter(handle,filter)

	httpsPackets := 0

	for packet := range dpi.getPacketChan(handle) {
		if dpi.detectHTTPS(packet) == 1 {
			httpsPackets++
		}
	}
	fmt.Println("Total https packets ", httpsPackets)
}

Detecting function :

func (d *DPI) detectHTTPS(packet gopacket.Packet) int {
	applicationLayer := packet.ApplicationLayer()
	//payload := applicationLayer.Payload()
	fmt.Println(applicationLayer.Payload()) // this is the line where the error pops up
	return 0


}

I’m getting a invalid memory address or nil pointer dereference error while trying to do this. I’m not sure why this is happening. I could use some help with this.

Thanks!

Without seeing any output or more of the source, my guess is that the problem could start from:

handle, err := dpi.readPCAP("data/pcap/rsasnakeoil2.cap")
if(err != nil){
	fmt.Println(err)
}

handle could be nil after this point in TestHTTPS. I think the function should terminate there because it relies on handle having a value after that point.

Slightly off topic, readPCAP can be written as:

func (d *DPI) readPCAP(pcapFile string) (*pcap.Handle, error) {
	// Open file instead of device
	return pcap.OpenOffline(pcapFile)
}

Also, from reading if dpi.detectHTTPS(packet) == 1 I think detectHTTPS should return bool instead of int because the meaning of the returned value would be clearer and not require the magic value of 1 to be known to indicate that the packet is HTTPS.

1 Like

Thanks for the reply!

It turned out I was just doing a stupid mistake, some of the application layers were empty and I wasn’t checking for a nil condition. I did that and it all worked out!

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.