Hi Scott,
Okay we have a new build (1.8.0.1423) that can decode POST content. You can get it from our downloads page.
1. Install the new build ( if you are upgrading, cleanup your old configuration folder %APPDATA%\Unleash Networks\Unsniff)
2. Start Unsniff and import or sniff the packets off the wire. You should see something like [img/] this in the PDU sheet.
3. Unsniff will pull out all POST body and responses into PDUs. Note that PDUs are an Unsniff features that allow you to monitor entire messages which can span multiple packets.
The packets are just shown as DATA because the default protocol attached to the POST application/octet-stream type is called "DATA". "DATA" just means the entire payload is treated as a opaque blob.
4. To go further, we need to attach your PROTO file which describes the blob to the application/octet-stream type.
5. Go to Plugins -> Configure, scroll down to HTTP and enter the following GUID in the space for Protocol for application/octet-stream. (See image 2)
{B11F24EC-599C-486f-9E7E-56F5026F3A7A}
This GUID represents the specific PROTO we want to use to interpret the BLOB in the post body.
5. Now copy your PROTO file to the %APPDATA%\\Unleash Networks\Unsniff\XMLPlugs directory.
6. Edit the generic_protobuf.xml file found in the Program Files\Unleash Networks\Unsniff\XMLPlugs directory. Enter the name of the PROTO file and the name of the ROOT FIELD.
7. Upon restart, Unsniff will try to use the proto file to decode the blobs found in the post. With my dummy proto file I get something like image3.
8. Open the View > Log Window to look for errors.