Wireshark-dev: [Wireshark-dev] Request for Wireshark Wiki: Two additions to CaptureSetup/USB
From: Hanno Zulla <abos@xxxxxxxx>
Date: Thu, 17 May 2018 09:44:11 +0200
Hi there,

as a new registered Wiki user, I cannot add text to the CaptureSetup/USB
wiki page. The page is protected against editing by normal users.

https://wiki.wireshark.org/CaptureSetup/USB

So I hope this is the right place to suggest two additions to that page.
It would be very helpful to have these added, since when I looked for
similar information, I didn't find a MITM hardware solution, but almost
every advice was to sniff USB traffic on the OS itself or using a
virtual machine. Both cannot be done when the USB host cannot be
accessed, e.g. a PS4.

The following two diy-hardware devices can be inserted on a cable
between a USB device and a USB host - and they are much cheaper than
commercial products I found.

I tested SerialUSB and it works fine with Wireshark. I didn't try
USBProxy due to lack of a BB.


-----------------------------------------------------------------------


USB traffic MITM with Linux

If you can't intercept USB traffic on the host, e.g. a game console,
there are projects that facilitate building a simple MITM sniffing device.


SerialUSB by Mathieu Laurendeau

https://blog.gimx.fr/serialusb/
https://github.com/matlo/serialusb

is designed to intercept USB HID traffic. Originally made for the GIMX
project, which aims to convert PC game controller USB messages for the
PS4. You will need a Linux computer to capture the HID messages and an
Arduino-based USB dongle. Parts are cheap. If you don't like soldering,
some enthusiasts sell ready-made "GIMX USB adapters" on eBay and elsewhere.


USBProxy by Dominic Spill

https://github.com/dominicgs/USBProxy

intercepts USB traffic with a Beaglebone Black, which is
reconfigured to act as a USB gadget emulating the device connected
to the 2nd USB port. According to the documentation, it allows sniffing
non-HID traffic, as well.