AnsweredAssumed Answered

Brotli compression

Question asked by Paul Calamari on Dec 5, 2019
Latest reply on Dec 6, 2019 by Scott Moore

We are seeing a lot of sessions come through with Brotli compression.   Is there any thoughts about uncompressing this traffic so that the Netwitness parsers can leverage the uncompressed packet? Notice the "br" tag on the response.

 

GET /search?q=love+rosie&addon=opensearch HTTP/1.1
Host: www.xxxx.xxx
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: ECAS=1575476662016; ECFG=a=1:as=1:cs=0:dt=pc:f=i:fr=0:fs=0:l=en:lt=1575476661:mc=en-gb:nf=1:nt=0:t=86:tt=na:tu=auto:wu=auto:ma=1; ecosia_sp2id.3d5d=691ed3ee-9523-4745-9233-c08e477a4de3.1574854898.25.1575476666.1575471428.dc7a65a4-d3f4-4232-9417-4d692ae6c093

Outcomes