Wireshark-dev: Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted
My $0.02:
> this could lead companies... to deny the use of the program, due to wrongly identifying Wireshark as a hacking tool.
Wireshark is already a "hacker tool" de facto, regardless of the fact that it performs passive network analysis. The first two results for "hacker tools" on Google list Wireshark as a key tool. If we are worried about password extraction, this is already possible with Wireshark for plaintext FTP passwords. I do not think that individuals making this decision will change their mind based on this feature alone.
So far, no individuals have come forward stating that this will negatively affect them (i.e. if you one of these people, please speak up!)
On Fri, Jun 14, 2019 at 10:27 PM Roland Knall <rknall@xxxxxxxxx> wrote:
> There is a patch currently waiting for inclusion. It would allow for dissectors to easily make credentials (username/password) available and present them in a tool window in Wireshark.
I understand that you mean, that it'd be easy to present the
credentials if the dissector is able to extract/derive the password.
If the protocol is cryptographically secure, then without keys, the
change in question won't have any impact, right?
In other words, it is not about integrating some password cracking
mechanism but rather API to simply present the decoded information?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe