Wireshark · Wireshark-dev: [Wireshark-dev] SAP binary protocols dissectors contribution

Wireshark-dev: [Wireshark-dev] SAP binary protocols dissectors contribution

From: Martin Gallo <martin.gallo@xxxxxxxxx>

Date: Fri, 23 Sep 2022 13:20:06 +0200

Hey all,

I'm Martin Gallo, long-time Wireshark fan and contributor. For the last couple of years I've been maintaining a plugin for Wireshark that implements dissectors for various SAP binary protocols [1]. This was mainly the result of a series of research projects from my time at both Core Security [2] and SecureAuth [3]. Not only was it a very fun project to work on and maintain, but also sparked very interesting related projects, security findings and a small community using and contributing to it. Some of this work was also done in parallel with a Scapy-based implementation of most of the protocols, called pysap [4].

When conceived, the main idea was always to contribute this back to the mainstream Wireshark project (the code was always GPLv2), but for different reasons (time, experimental-level of some code, partial implementation of some protocols, etc.) never managed to do it. Since August I'm no longer part of SecureAuth, and along with the company we've decided to donate and contribute the code back to Wireshark. We expect the plugin project to be archived sooner.

I've already completed a good amount of the code migration, from plugin dissectors to main dissectors, but I expect a lot of back and forth until the code is ready to be merged (code quality, dependencies between dissectors, SAP's proprietary C/C++ decompression "library", etc.) Due to this, I'm breaking down the work on multiple PRs where I'd push individual dissectors, starting from the simpler ones. This is also because I don't have a full time dedication to this project and want to make sure the transition can be done with a decent level of involvement.

The first batch is comprised of the following two merge requests:

- [8202] SAP IGS (Internet Graphics Server) dissector [5]

- [8203] SAP HDB (HANA SQL Command Network Protocol) dissector [6]

Please let me know any feedback you might have, as well as if you see a better approach to integrate this work. I'm looking forward to your suggestions, feedback and code reviews to continue pushing individual dissectors!

Bests,

Martin.

[1] https://github.com/SecureAuthCorp/SAP-Dissection-plug-in-for-Wireshark

[2] https://www.coresecurity.com/core-labs/publications

[3] https://www.secureauth.com/labs/open-source-tools/sap-dissection-plug-in-for-wireshark/

[4] https://github.com/SecureAuthCorp/pysap

[5] https://gitlab.com/wireshark/wireshark/-/merge_requests/8202

[6] https://gitlab.com/wireshark/wireshark/-/merge_requests/8203

Prev by Date: [Wireshark-dev] Wireshark 3.6.8 is now available
Next by Date: [Wireshark-dev] AMQP data dissector
Previous by thread: [Wireshark-dev] Wireshark 3.6.8 is now available
Next by thread: [Wireshark-dev] AMQP data dissector
Index(es):
- Date
- Thread