We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] modifying strings in SSL streams possible, how?

From: Miroslav Rovis <miro.rovis@xxxxxxxxxxxxxxxxx>
Date: Mon, 14 Nov 2016 10:57:08 +0100

I wrote a script for the purpose of, well, not really modifying SSL
strings, but the ethers and serials in the link layer of PCAPs.

As per...

On 161031-19:53+0100, Miroslav Rovis wrote:
> I should have said in the title that also strings in plain TCP I need to
> modify...
...[as per]:
> > I like to use my (simple) program https://github.com/miroR/uncenz to
> > document what happened, and I want to keep tre traces as intact as
> > possible without endangering myself of course but publishing stuff that
> > needs not be public.
> For that reason, I don't want too much changed, but just the critical
> pieces... 
> But while tcprewrite can rewrite PCAP files, and, in my case, has to
> change DLT (data link type else it can not modify my PCAPs, I think for
> what I need to modify, such as some serials, some MACs, Perl can do a
> perfect job! And much better. In a perfect way!
> http://www.atrixnet.com/in-line-search-and-replace-in-files-with-real-perl-regular-expressions/
> where find:
> perl -p -i -e 's/change this/to that/g' file1 file2 file3...

And if anybody is interested to use my script, they can find it at:
but they (currently) need to clone the develop branch, such as e.g.:

git clone -b develop https://github.com/miroR/uncenz

The script is:

and it needs an orig,fake replacement list such as

included in the (currently) develop branch of my uncenz (primitive)

And this of course still holds on:
> But again, if anybody knows how strings *inside* SSL can be modified,
> pls do tell us!

Miroslav Rovis
Zagreb, Croatia

Attachment: signature.asc
Description: Digital signature