Hi Sake On Mon, Jun 17, 2019 at 7:01 AM Sake Blok | SYN-bit <sake.b...@syn-bit.nl> wrote:
> Personally I don't like the option to have a central place to add > credential information to show to the user. I think this crosses the (very > thin) line between "being able to see a password" and "being a tool to > extract passwords". > > Personally this is what I like of it :). But indeed this is a discussion about lines crossed, so anybody's opinion and previous experience is welcome. The line between see and extract sounds to me like the Richard's picture of orchids. Wireshark can already extract the credentials: they are dissected and put under the proper proto item with names like "auth", "credential", "password", etc. This is rather different that "follow tcp stream" of an undissected protocol, that contains credentials. The patch doesn't give more "power" to the user: just instead of scripting tshark or jumping between packets it makes easier reading them through a dialog. IMHO Wireshark is already a tool to extract passwords. > Other tools for extracting passwords from pcap files do exist already > (just two results from a quick google search): > > - https://n0where.net/extract-data-from-pcap-files-pcredz > - https://github.com/DanMcInerney/net-creds > > So personally I do not see a use-case where there is added value to add > this to Wireshark. > I'm not sure this makes a point. Wireshark was born as a packet dissector. Now it's a packet and file dissector, with IO (or I/O ;)) graphs and so on and with tools that split/merge, and media viewer & player. Much more than a packet analysis tool :). I guess there are other tools around that do the same things, but the beauty of wireshark is it has a lot of features. I think that a new feature (if the feature makes sense, of course) gives more value to wireshark, even if it's already present in other tools. Again: this is my opinion, and I can get the difference between an image viewer and a password extractor from a security point of view, and that's why we're having discussions like this. > > Just my €0,02 > Taken ;).
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
