Age | Commit message (Collapse) | Author | Files | Lines |
|
Allow decompression to be disabled for performance reasons.
|
|
Found also hints via http://unix.stackexchange.com/q/14705/8250
Anslysis of unix/unix.c was done on Info-ZIP 6.0.
|
|
System mappings are taken from the APPNOTE.
|
|
|
|
Finally parses dex2jar-2.0.zip now :-)
|
|
|
|
Jar magic found via
https://github.com/openjdk/jdk7-jdk/blob/f977378235c3f9a73b6f90980cbbcb3c78263c30/src/share/classes/java/util/jar/JarOutputStream.java#L103
|
|
Based on spec from
https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
|
|
To be able to scan linearly, apply heuristics.
|
|
Well, this does not work because the actual data size is unknown... And
it turns out that you really have to parse the EoCD first, otherwise
.jar files cannot be parsed...
|
|
And also added missing fields for CD. Both were mostly scripted based on
the tables from Wikipedia.
|
|
|
|
|
|
Implemented a template for opening a file and making it available to
dissectors. For this, a FileHandler has been implemented which then
links with the MIME encapsulation type.
The "seek_read" issue mentioned in the comments should be fixed with
https://code.wireshark.org/review/19366
|
|
Append to PATH to avoid clobbering it when putting ccache in $PATH.
Enable SBC codec for testing.
Enable debug-prefix-map, should make relocatable debug builds easier
(where I build in a different directory and move it).
|
|
Created a sample (sip-rtp-g729a.pcap) using FreeSWITCH 1.6.12 and
mod_bcfg729 (https://github.com/xadhoom/mod_bcg729).
|
|
Requires appropriately configured FreeSWITCH server that responds to a
call to sip:test@host by playing a fragment, then hanging up.
SIPp scenario was used to create a bunch of captures, uploaded to
https://wiki.wireshark.org/SampleCaptures#SIP_and_RTP
|
|
Requires Python 3.4, but it can be adapted for older versions. It
demonstrates how "easy" it is to capture remotely over SSH when only
tcpdump is installed without dumpcap (in that case you could use
sshdump).
Note that on stopping/restarting captures, you still get some stderr
messages ("Dropped privileges", but that can be ignored). See also
https://ask.wireshark.org/questions/55768/remote-interface-linux
|
|
Match also stuff like DHE-PSK-AES128-CCM8. Improve error message if
cipher is not accepted by OpenSSL.
|
|
The options parser has changed, options now have to precede the
parameters (possible a bug, already reported to rt.openssl.org with
subject "Options after parameters are ignored in OpenSSL 1.1.0").
While at it, use COMPLEMENTOFALL instead of NULL since that possibly
includes more ciphers.
|
|
|
|
Prompted by https://code.wireshark.org/review/17749
|
|
OpenSSL 1.1.0 makes some structures opaque, but luckily it provides new
functions to extract the client random and master secret which is all we
need from the structures.
Tested with OpenSSL 1.1.0-pre6 using openssl s_client and
OpenSSL 1.0.2.h using curl.
|
|
Last modified at 2015-12-08
|
|
GELF is a simple UDP protocol, every datagram is a gzipped JSON message.
This dissector demonstrates how one could decompress it and parse it as
JSON.
Does not support chunked format.
|
|
Gold linker seems marginally faster.
|
|
Avoids handshake failure when a cipher suite is used which is disabled
by default (e.g. NULL-SHA).
|
|
Master secret is available in capture file comments. Note that this
capture uses NULL encryption, so these secrets *should* not be
necessary, but as of Wireshark 2.0.1. they are needed.
Created with:
curl --ciphers NULL-SHA256 https://10.9.0.1/ -k
openssl s_server -www -cipher NULL-SHA256
Created for investigating
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4652
|
|
Useful for wrapping existing protocols in SSL for testing.
|
|
|
|
Found 393 results, see
https://lekensteyn.nl/files/wireshark/wireshark-v2.1.0rc0-1421-g515502f-create_dissector_handle.txt
|
|
For testing other build types (-DCMAKE_BUILD_TYPE=RelWithDebInfo) and
compilers (BUILDDIR=/tmp/wsbuild-gcc).
|
|
|
|
|
|
Copy compile_commands.json, config.h. (ab)use CMAKE_INSTALL_RPATH to
enable relocatable executables. Note that this is only safe for
development, if you install the generated binaries without
stripping/modifying rpath, then insecure situations may occur in an
hostile environment (wrong libraries may be loaded).
|
|
|
|
Add tool that leverages clang-query to find expert info callers which
are behind an if(tree).
|
|
|
|
Found in gdb source code that 'all' implies everything except SIGTRAP
and SIGINT. SIGINT is normally used for interactive debugging (so can be
disabled) but SIGTRAP is used for breakpoints (and can therefore not be
disabled without killing the program on such signals).
|
|
Older gdb is upset by appending to a pipe, so fallback to writing
instead in such cases. Older python do not allow interpolation in bytes,
so use strings and encode it to bytes before writing.
Previously tested with GDB 7.9.1 and Python 2.7.10. Now tested with
GDB 7.7.1 and Python 2.7.6 on Ubuntu 14.04.
|
|
Tool to extract SSL keys on-the-fly from existing OpenSSL programs.
Servers included!
|
|
Advantages: lower transmission size, faster completion for slow WAN
links. Disadvantage: slight delays in compile output reporting.
|
|
|
|
Useful to put remaining dissectors into a template which can further be
filled in.
|
|
|
|
Affects 13 dissectors.
|
|
|
|
Note: else heuristics is weak... g_hash_table_for_each has an unchecked
parameter which needs manual handling.
|
|
Needed for zigbee dissectors.
|
|
For tracking purposes and in case I need to do something similar again.
|