My $0.02: > this could lead companies... to deny the use of the program, due to wrongly identifying Wireshark as a hacking tool.
Wireshark is already a "hacker tool" de facto, regardless of the fact that it performs passive network analysis. The first two results for "hacker tools" on Google list Wireshark as a key tool. If we are worried about password extraction, this is already possible with Wireshark for plaintext FTP passwords. I do not think that individuals making this decision will change their mind based on this feature alone. So far, no individuals have come forward stating that this will negatively affect them (i.e. if you one of these people, please speak up!) On Sat, Jun 15, 2019 at 9:57 AM Tomasz Moń <[email protected]> wrote: > On Fri, Jun 14, 2019 at 10:27 PM Roland Knall <[email protected]> wrote: > > There is a patch currently waiting for inclusion. It would allow for > dissectors to easily make credentials (username/password) available and > present them in a tool window in Wireshark. > > I understand that you mean, that it'd be easy to present the > credentials if the dissector is able to extract/derive the password. > If the protocol is cryptographically secure, then without keys, the > change in question won't have any impact, right? > > In other words, it is not about integrating some password cracking > mechanism but rather API to simply present the decoded information? > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
