Re: Listener (Tap) in Lua to write SSL cert bytes

[Evan Huus <eapache () gmail com>]

On Fri, May 24, 2013 at 10:04 AM, Rion Carter <rion () rubion com> wrote:
> Hi everyone,
>
> If this is the wrong place for my question please let me know. I've used Wireshark for 5 years now and am looking to 
> get more out of this excellent tool.
>
> To get started I want to write a Tap that will write out the certificate used during an SSL handshake. While I think 
> I have it setup to pull the cert, I can't seem to actually write the bytes to disk. Here is what I have:
>
> tap = Listener.new(nil, "ssl.handshake.certificate");
> Cert_info = Field.new("ssl.handshake.certificate");
>
> function tap.packet(pinfo, buffer, userdata)
>  local cert = Cert_info();
>  file:write(cert.value);
> end
>
> I have the file defined elsewhere. When I try to write I get a message about a "Bad argument to write". I'm on my 
> phone right now or I'd post the full error text.
>
> Is this something I need to write in c, or does the Lua binding let me write non string data to files?

I think you're asking for the wrong field, actually (the lua code
looks fine to me). "ssl.handshake.certificate" appears to be a
non-typed field used just for a tree header. The actual certificate
appears to be parsed as a BER sequence, if I'm reading the code
correctly. If you open the capture in Wireshark and find the
certificate item in the tree, what is the actual field name listed as?

Evan
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe