android - Decoding RAW protobuf data in Charles Proxy -

i have captured traffic between android application , website using charles proxy. charles identifies traffic protocol buffer stream.

the structure shown in charles:

- site.com | -- sub | --- message.proto 

the raw message:

post site.com/sub/message.proto http/1.1 token: random id: random authorization: basic oti[..] user-agent: dalvik/1.6.0 (linux; u; android 4.3; galaxy nexus build/jwr66y) host: site.com connection: keep-alive accept-encoding: gzip content-type: application/x-www-form-urlencoded content-length: 580  ��hï õÜÕñ6iaõ*|{6¤oqiùk*դž¼    s_½ª¥8.3ÝÎu öÚ´êvfbeùõÈî¿;µ¼ö%s [...] 

i have tried few things decode content, in vain. command proton decode_raw < message.txt results in fail message failed parse input. not sure if message protobuf message since content-type in headers not indicate protobuf used. have saved traffic .bin file.

charles has capability display contexts of protobuf message, requires corresponding descriptor file. descriptor file need actual .proto file not have.

so, forced decode message hand or there other possibilities overlooked?

i suspect application-level encryption used , charles identifies traffic protobuf unintentionally.

it looks me content compressed:

accept-encoding: gzip content-type: application/x-www-form-urlencoded 

try decompressing gunzip.

i agree not protobuf. charles proxy confused url ending in .proto.

note when attempting decode data (whether protobuf or gzip), you'll need make sure decoding body of request, i.e. not textual http headers. note editing headers out in text editor not work, since converting binary data text corrupts it. can best extract data doing:

tail -c 580 message.txt | zcat 

or, if think protobuf after all:

tail -c 580 message.txt | protoc --decode_raw 

note 580 comes content-length header.