Wireshark · Wireshark-dev: Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted

[Sake Blok | SYN-bit <sake.blok@xxxxxxxxxx>]

On 14 Jun 2019 (Fri), at 22:25, Roland Knall <rknall@xxxxxxxxx> wrote:

There is a patch currently waiting for inclusion. It would allow for dissectors to easily make credentials (username/password) available and present them in a tool window in Wireshark.

The main concern here is, that this could lead companies, evaluating Wireshark to be used within  the company, to deny the use of the program, due to wrongly identifying Wireshark as a hacking tool.

Personally I don't like the option to have a central place to add credential information to show to the user. I think this crosses the (very thin) line between "being able to see a password" and "being a tool to extract passwords".

Other tools for extracting passwords from pcap files do exist already (just two results from a quick google search):

- https://n0where.net/extract-data-from-pcap-files-pcredz

- https://github.com/DanMcInerney/net-creds

So personally I do not see a use-case where there is added value to add this to Wireshark.

Just my €0,02

Sake