This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

WireShark API to handle in a application an intercepted packet ?

0

Hello everybody. I m going to attend a Security Project where, in the very first part, I have to check that on my architecture (IOT) some message packets goes on plaintext and also other security problems, related both to communication security and authentication (very simple security problems). During a little software selection, I m evaluating to use wireshark to sniff those "unsafe" packets, but I was wondering if there are some particular API that could be helpful to me in order to pick these data and handle it on my business logic application, in order to automatizing vulnerabilities' checking in a test driven development way (iff the test pass, I know that the vulnerabilities' are fixed). Example of test: intercept an ID (of an authorized device) and try a connection with the same ID from a "malicious" device, ndr. Everything could helping me, thank a lot.

asked 28 Jun '17, 01:10

ciandro92's gravatar image

ciandro92
6113
accept rate: 0%

edited 28 Jun '17, 01:58


One Answer:

0

Would piping of tshark textual output to the input of your business logic application do?

answered 28 Jun '17, 06:47

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Exact, I need the body of the message (i think that a txt format is enough). Is possible on wireshark without using other API from other languages? My application need to use the body of the intercepted message to get some information for a test. e.g. if in a message I send a plain ID for an authorization phase, the test could use this ID to connect, and if the connection goes on, the test send me a notification for this vulnerability, until i repair it. I found a library in pyhthon (name pyshark) that represent a "wrapper" for wireshark application component: could it be useful? anyone have used this library to do some kind of operation (like I described)? Thanks

(28 Jun '17, 07:35) ciandro92
1

Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.

(28 Jun '17, 08:23) Jaap ♦