Actually no code for extracting credentials has been added. It's a tap that collects them and shows a table with them. The credentials already exist in wireshark in clear text.
2 protocols have been instrumented so far, http (basic and header auth) and ftp.
On Fri, Jun 14, 2019 at 10:27 PM Roland Knall <rknall@xxxxxxxxx> wrote:
> There is a patch currently waiting for inclusion. It would allow for dissectors to easily make credentials (username/password) available and present them in a tool window in Wireshark.
I understand that you mean, that it'd be easy to present the
credentials if the dissector is able to extract/derive the password.
If the protocol is cryptographically secure, then without keys, the
change in question won't have any impact, right?
In other words, it is not about integrating some password cracking
mechanism but rather API to simply present the decoded information?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
