|Release Type||Release Number||Release Date|
The snow is finally starting to melt here in the northeast US. Lots of hard work went into this release, getting us ready for some big things in the near future. Enjoy the new HTTP Streams!
CloudShark 3.2 lays the ground work for our new security-focused feature: CloudShark Threat Analysis. We’re building in powerful malware traffic detection rules and analysis features.
Interested in learning more or having a sneak-peek? Check it out on our website or get in touch with firstname.lastname@example.org. We will be reaching out to customers in the near future to talk more about this new add-on!
One of the most requested features has been the ability to uncompress and follow HTTP streams. CloudShark 3.2 adds the new “Follow HTTP” feature available in the Analysis Tools menu. The new view works exactly the same way as our existing Follow Stream view, but requires that you have first selected a packet with an HTTP section in the protocol tree.
Extracting content and objects from those streams is still performed via the HTTP Analysis - HTTP Objects tool also available in the Analysis Tools menu.
CloudShark 3.2 includes the latest protocols and dissectors from the latest Wireshark 2.2 release. You can read the Wireshark release notes here.
The underlying version of Ruby has been updated. This brings several improvements including the resolution of one particularly nasty segfault we were seeing in production. Heroku has an excellent writeup on what’s new in Ruby 2.4. Redhat also has a nice writeup on the faster hash tables in this release.
CloudShark now lets you configure additional defaults for login sessions and cookie handling. These options are not available through the Web UI and must be set by the administrator directly through SSH access on the system.
Please read our Best Practices for Cookie Management document for details on how to set and use the following options:
CloudShark does not need to access cookie data from within the application,
HTTPOnly flag on the cookies is set by default. This improves security by
If you are running CloudShark in an HTTPS-Only mode, you should also enable the
Secure flag on cookies in order to prevent them from being transferred over a
non-HTTPS connection. If Secure Cookies are enabled you will not be able to log
in via HTTP, and we strongly recommend HTTP access be turned off.
In some environments it is very important to specify a default cookie domain. This option allows administrators to control that field in the cookie.
The duration of a login session is tied to the expiration date of the cookie that is set by CloudShark. This value is now configurable by the system administrator.
The CloudShark installer has been improved to work better when behind a proxy server. Support has also been added for configuring a SOCKS Proxy.
For more information about installing from behind a proxy server, please see our documentation page.
Users upgrading from a version as old as CloudShark 2.8.x can run the following as root to perform the upgrade:
Please read the upgrade instructions if you are upgrading from an older version of CloudShark.