Age | Commit message (Collapse) | Author | Files | Lines |
|
Well, this does not work because the actual data size is unknown... And
it turns out that you really have to parse the EoCD first, otherwise
.jar files cannot be parsed...
|
|
And also added missing fields for CD. Both were mostly scripted based on
the tables from Wikipedia.
|
|
|
|
|
|
Implemented a template for opening a file and making it available to
dissectors. For this, a FileHandler has been implemented which then
links with the MIME encapsulation type.
The "seek_read" issue mentioned in the comments should be fixed with
https://code.wireshark.org/review/19366
|
|
Append to PATH to avoid clobbering it when putting ccache in $PATH.
Enable SBC codec for testing.
Enable debug-prefix-map, should make relocatable debug builds easier
(where I build in a different directory and move it).
|
|
Created a sample (sip-rtp-g729a.pcap) using FreeSWITCH 1.6.12 and
mod_bcfg729 (https://github.com/xadhoom/mod_bcg729).
|
|
Requires appropriately configured FreeSWITCH server that responds to a
call to sip:test@host by playing a fragment, then hanging up.
SIPp scenario was used to create a bunch of captures, uploaded to
https://wiki.wireshark.org/SampleCaptures#SIP_and_RTP
|
|
Requires Python 3.4, but it can be adapted for older versions. It
demonstrates how "easy" it is to capture remotely over SSH when only
tcpdump is installed without dumpcap (in that case you could use
sshdump).
Note that on stopping/restarting captures, you still get some stderr
messages ("Dropped privileges", but that can be ignored). See also
https://ask.wireshark.org/questions/55768/remote-interface-linux
|
|
Match also stuff like DHE-PSK-AES128-CCM8. Improve error message if
cipher is not accepted by OpenSSL.
|
|
The options parser has changed, options now have to precede the
parameters (possible a bug, already reported to rt.openssl.org with
subject "Options after parameters are ignored in OpenSSL 1.1.0").
While at it, use COMPLEMENTOFALL instead of NULL since that possibly
includes more ciphers.
|
|
|
|
Prompted by https://code.wireshark.org/review/17749
|
|
OpenSSL 1.1.0 makes some structures opaque, but luckily it provides new
functions to extract the client random and master secret which is all we
need from the structures.
Tested with OpenSSL 1.1.0-pre6 using openssl s_client and
OpenSSL 1.0.2.h using curl.
|
|
Last modified at 2015-12-08
|
|
GELF is a simple UDP protocol, every datagram is a gzipped JSON message.
This dissector demonstrates how one could decompress it and parse it as
JSON.
Does not support chunked format.
|
|
Gold linker seems marginally faster.
|
|
Avoids handshake failure when a cipher suite is used which is disabled
by default (e.g. NULL-SHA).
|
|
Master secret is available in capture file comments. Note that this
capture uses NULL encryption, so these secrets *should* not be
necessary, but as of Wireshark 2.0.1. they are needed.
Created with:
curl --ciphers NULL-SHA256 https://10.9.0.1/ -k
openssl s_server -www -cipher NULL-SHA256
Created for investigating
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4652
|
|
Useful for wrapping existing protocols in SSL for testing.
|
|
|
|
Found 393 results, see
https://lekensteyn.nl/files/wireshark/wireshark-v2.1.0rc0-1421-g515502f-create_dissector_handle.txt
|
|
For testing other build types (-DCMAKE_BUILD_TYPE=RelWithDebInfo) and
compilers (BUILDDIR=/tmp/wsbuild-gcc).
|
|
|
|
|
|
Copy compile_commands.json, config.h. (ab)use CMAKE_INSTALL_RPATH to
enable relocatable executables. Note that this is only safe for
development, if you install the generated binaries without
stripping/modifying rpath, then insecure situations may occur in an
hostile environment (wrong libraries may be loaded).
|
|
|
|
Add tool that leverages clang-query to find expert info callers which
are behind an if(tree).
|
|
|
|
Found in gdb source code that 'all' implies everything except SIGTRAP
and SIGINT. SIGINT is normally used for interactive debugging (so can be
disabled) but SIGTRAP is used for breakpoints (and can therefore not be
disabled without killing the program on such signals).
|
|
Older gdb is upset by appending to a pipe, so fallback to writing
instead in such cases. Older python do not allow interpolation in bytes,
so use strings and encode it to bytes before writing.
Previously tested with GDB 7.9.1 and Python 2.7.10. Now tested with
GDB 7.7.1 and Python 2.7.6 on Ubuntu 14.04.
|
|
Tool to extract SSL keys on-the-fly from existing OpenSSL programs.
Servers included!
|
|
Advantages: lower transmission size, faster completion for slow WAN
links. Disadvantage: slight delays in compile output reporting.
|
|
|
|
Useful to put remaining dissectors into a template which can further be
filled in.
|
|
|
|
Affects 13 dissectors.
|
|
|
|
Note: else heuristics is weak... g_hash_table_for_each has an unchecked
parameter which needs manual handling.
|
|
Needed for zigbee dissectors.
|
|
For tracking purposes and in case I need to do something similar again.
|
|
Useful to build just tshark if I want to test a dissector.
|
|
Switch to bash as there is no readable / easy way to make it compatible
for all shells in the world.
|
|
Avoids the need to manually touch /tmp/sync-build-* to trigger a build
on startup. Can be overridden with the NOTRIGGER=1 env.
|
|
Master keys are available in the capture file comments.
This contains a HTTP request and a HTML response without Content-Length
over SSL. It is also
attached to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9154
|
|
Master keys are available in the capture file comments.
This contains a HTTP request and chunked response over SSL. It is also
attached to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11079
|
|
Let 'localhost' bypass SSH so I can still use its watch functionality,
but build locally.
Use -fno-common to workaround bug
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65285
Disable verbose warnings and disable werror to reduce the huge trace of
warnings which make me overlook real issues.
|
|
Master keys are available in the capture file comments.
Installed rabbitmq-server on Ubuntu 14.04 (upgraded halfway to 14.10)
and wrote /etc/rabbitmq/rabbitmq.config with appriopriate certs:
[
{rabbit,
[
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile, "/etc/rabbitmq/cert.pem"},
{certfile, "/etc/rabbitmq/cert.pem"},
{keyfile, "/etc/rabbitmq/key.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, false}]}
]}
].
amqp-tools (amqp-publish, etc.) did not work, so a quick Celery script
was used (install python-celery):
from celery import Celery
app = Celery('tasks', broker='amqp://guest@localhost:5671/')
app.conf.update(BROKER_USE_SSL=True)
@app.task
def add(x, y):
return x + y
print(add.delay(3, 4))
|
|
Consists of a single TCP stream with SIP over Websockets (port 10080).
Created with http://tryit.jssip.net/ and Chromium.
|
|
Master keys (for TCP[port=8082]/SSL/WebSocket/JSON and for DTLS-SRTP)
are present in the capture file comments.
Created by starting Chromium 40.0.2214.111 with a new profile, disabling
any settings that could cause network interference (also set
about:blank as home page). Visit
https://webrtc.freeswitch.org/verto/index.html to load everything in
cache.
Then restart with the sandbox disabled to avoid the suid sandbox (which
interferes with getting SSL keys from DTLS-SRTP) and start the actual
capture.
Command to launch the browser:
SSLKEYLOGFILE=premaster.txt \
chromium --user-data-dir=/tmp/cr \
--disable-component-extensions-with-background-pages \
--disable-web-resource --disable-background-networking \
--disable-sandbox --single-process
Analyse with:
capinfos -k webrtc-freeswitch.pcapng |
grep -Po 'CLIENT_RANDOM \S+ \S+' > premaster.txt
wireshark -r webrtc-freeswitch.pcapng \
-o ssl.keylog_file:premaster.txt \
-o dtls.keylog_file:premaster.txt \
-o http.ssl.port:8082
|