First of all, It s a good tool, thank you.
But I have some idea.
Please, make http analysis a bit "urlcentric".
I mean try to reconstruct ful URL of the received file from GET and POST, show query string, cookies send by both parties, POST DATA, etc. Preferably add a tab "HTTP traffic".
Currently, POST and GET data are analyzed but in special tab, AFAIK but I think it lost the context of the particular http client server conversation.
And please add support for gzip and deflate transfer encoding in http, and ability do grab form data.
And again, thanx for good program.
Thanks for your input!
You should be able to see the full URL (including query string) for each POST and GET under the "Files" tab by looking in the "Details" collumn. I did earlier try to name the reassembled files according to the query string, but that generated a lot of problems so I decided not to go down that road.
I have some ideas regarding the HTTP tab that you suggest, only I want to generalize it to a "sessions" tab. You can read more about this here:
NetworkMiner should support both gzip and deflate transfer encoding, as well as the ability to grab all form POST data. Please let me know if you might have encountered a bug in NetworkMiner! Could you maybe send me a pcap file that generates this behaviour?