Fiddler refuses to decode when CRC mismatching?

3 posts, 0 answers
  1. Chun
    Chun avatar
    8 posts
    Member since:
    Nov 2014

    Posted 18 Jan 2017 Link to this post

    Hi:

    I downloaded a few .pcap files from http://malware-traffic-analysis.net.

    I noticed that Fiddler would complain about CRC mismatch when decoding some gzip streams, and hence it won't display the decoded stream.

    I am not quite sure whether the CRC is really wrong, however, looks like IE would decode regardless (since I have no trouble to replay it).

    I attached one here. Session 1, session 3 are complained by Fiddler. (I am using the latest version 4.6.3.50306)

    Password "infected"

     

     

     

  2. Chun
    Chun avatar
    8 posts
    Member since:
    Nov 2014

    Posted 18 Jan 2017 in reply to Chun Link to this post

    My attachment seems to be discarded somehow.

    You can download it from 

    http://malware-traffic-analysis.net/2017/01/18/2017-01-18-EK-campaigns-switch-back-to-Cerber-pcaps.zip

    unzip it(password "infected"), and look at session 1, 3 from capture 

    2017-01-18-pseudoDarkleech-Rig-V-sends-Cerber-ransomware.pcap  

     

  3. Chun
    Chun avatar
    8 posts
    Member since:
    Nov 2014

    Posted 18 Jan 2017 in reply to Chun Link to this post

    Attachment seems to be discarded:

    It can be downloaded from link

    hxxp://malware-traffic-analysis.net/2017/01/18/2017-01-18-EK-campaigns-switch-back-to-Cerber-pcaps.zip

    unzip it  with password "infected"

    2017-01-18-pseudoDarkleech-Rig-V-sends-Cerber-ransomware.pcap  

     

Back to Top