CloudShark 2.5 - Geolocation, HTTP object forensics, Wireless decryption

March 17, 2015 • 2 min read

Yes, it’s only been two months, but we had so many great ideas percolating (Yes, percolating. Like coffee.) that we couldn’t hold back any longer. Here’s the new and improved CloudShark 2.5.

The endpoints tool

A lot of people have asked us to have a tool that is a one-stop shop for the most active participants in a capture, which is useful for security analysis (among other things). The endpoints tool will give you a list of all of the “top talkers”. In addition, we’ve added support for GeoIP location - this allows CloudShark to map IP addresses in your captures to locations in the world. Even better, locations are display filter compatible so you can link to them just like any other filter.

HTTP object forensics

Speaking of mind-blowingly powerful features, our HTTP analysis tool now includes a link to our new HTTP object forensics tool, which lets you extract the original files transferred over HTTP. From there, you can either save them, or preview them directly in CloudShark! Try it here, it’s very cool.

Even more decryption options

We’ve beefed up CloudShark’s SSL decryption tools in 2.5 as well. With keylog-based SSL decryption, you can use the keylog files generated by browsers to decrypt sessions with keys saved during the interaction. The client keylog data can simply be pasted into CloudShark and used for SSL decryption. We’ve also added a logging function for administrators trying to use our decryption tools in case something goes wrong.

In addition, you can now specify a WPA passphrase or pre-shared key to decrypt raw 802.11 frames contained with a capture.

This was actually a big release that bubbled up from many great suggestions from our users! As always, feel free to give us suggestions at