Yamata Li from the Palo Alto Networks threat research team has developed a plugin for wireshark that allows you to view the obfuscated traffic generated by a Mariposa (Botnet) infected client.
This info was published on Full Disclosure today. The website mariposa-tool shows the detailed usage of this tool.