Skip to content
A convertor from .pcap network capture files to HTTP Archive files.
Python Shell
Find file
Pull request Compare This branch is 10 commits ahead, 4 commits behind master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


pcap2har: converts .pcap network capture files to HTTP Archive files.

mailing list:

The HAR format is still not completely supported, but the main parts are there
and features are being added.

To run the program, run with two arguments: the name of the capture
file, and the HAR output filename. For example:

./ my.pcap my_pcap.har

The HTTP Archive (HAR) file format specification is here:
It is a fairly straightforward JSON format.

(WIP) To decrypt SSL3/TLS connections, you will need to supply a key log file
generated by a recent version of libnss, the SSL library used by Chrome and
Firefox. For more details, read .
As of 17 Aug 2012, only unstable builds of Chrome support this. Once you have
a keylog, pass it to pcap2har with the --keylog flag, and pcap2har will do
its best to decrypt any SSL or TLS flows in the pcap.

pcap2har includes, by Leonard Richardson. It only uses the
class UnicodeDammit, for unicode encoding detection. Its capabilities will be
improved if the chardet library is also available. It can be gotten from here:

pcap2har is written in Python, and depends on the dpkt packet-parsing library
Something went wrong with that request. Please try again.