Wireshark-dev: Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sat, 15 Jun 2019 06:34:07 -0700
On Jun 15, 2019, at 3:07 AM, Dario Lombardo <lomato@xxxxxxxxx> wrote:

> Actually no code for extracting credentials has been added.

...other than code that adds fields with names such as "User name" and "Password" to the protocol tree, which has been in Wireshark for a while.

> It's a tap that collects them and shows a table with them. The credentials already exist in wireshark in clear text.

Exactly.

All this does, apparently, is to make it easier to find the contents of those fields.  *I* don't think that magically turns Wireshark into a "cracker's tool", but not everybody who might look at Wireshark is as clueful as we are, so they *might* see it as doing so, and if they're in a position to approve the use of Wireshark in the organization, they *might* treat that as a reason not to allow it - that's Roland's concern.  (I seem to remember that a law passed in Germany in 2007 about "hacking tools" concerned some software developers:

	https://www.schneier.com/blog/archives/2007/08/new_german_hack.html

and that at least some developers moved their projects out of Germany:

	http://www.beskerming.com/commentary/2007/08/12/249/German_Security_Professionals_in_the_Mist

so that sort of reaction by people in positions of authority is not unheard of.)