Wireshark-dev: Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted
From: Sake Blok | SYN-bit <sake.blok@xxxxxxxxxx>
Date: Thu, 20 Jun 2019 12:33:16 +0200
On 19 Jun 2019 (Wed), at 14:00, Dario Lombardo <lomato@xxxxxxxxx> wrote:
On Mon, Jun 17, 2019 at 1:42 PM Sake Blok | SYN-bit <sake.blok@xxxxxxxxxx> wrote:
Hi Dario,
To me for troubleshooting issues, it is sufficient to see the usernames and sometimes extract a password, but I do not need a list of them
For security awareness, you do not need the passwords, just the protocol and username and the fact that the password is available in the pcap file
For hacking you would want to have the full list, but then I would prefer people to use other available tools to keep Wireshark on the friendly side of the line.


Hi Sake
I am partially convinced by what you said. Partially because I'm not totally convinced, but I think also that "for troubleshooting it is sufficient to see the usernames" actually _IS_ a point.
A solution that could kill 2 pigeons with a stone could be to leave the passwords behind, but add a shortcut to "go to the packet" where you can find the actual password. That will raise the credentials to the attention of the analyst, but would require a step, that is pretty similar to the regular wireshark use, to obtain the single password.
The good part is that adding or removing the presence of the password is very easy, so adding them back, in case we will want them, will not require too much work.
Would it work?

Sounds like a good compromise to me!

Sake