Wireshark mailing list archives
Re: modifying strings in SSL streams possible, how?
From: Miroslav Rovis <miro.rovis () croatiafidelis hr>
Date: Mon, 31 Oct 2016 19:53:54 +0100
I should have said in the title that also strings in plain TCP I need to modify... The below is for that second case. Solved, I think. On 161028-07:19+0200, Miroslav Rovis wrote:
Hi! That is the short question. The strings would include passwords, serial numbers, and other. I like to use my (simple) program https://github.com/miroR/uncenz to document what happened, and I want to keep tre traces as intact as possible without endangering myself of course but publishing stuff that needs not be public.
For that reason, I don't want too much changed, but just the critical pieces...
I had even installed [can't remember now the package name] with the binary replay, but that program is used for more than just modifying traces, and I wasn't able to figure out how to do it, without investing more time that I have yet had for that purpose.
I remembered, actually found that program, at: https://wiki.wireshark.org/Tools It's tcpreplay: http://tcpreplay.synfin.net/ (but read on)
If anybody can give us a quicker way to learn how to do it, they will be appreciated!
I've done a little research. And I just don't see that tcprewrite or tcpreplay-edit (apparently similar, somewhat overlapping the two) of the tcpreplay program... I just don't see that these could modify strings *inside* SSL streams... Maybe there is not such a thing that can do that in the whole of *nixdom? But while tcprewrite can rewrite PCAP files, and, in my case, has to change DLT (data link type else it can not modify my PCAPs, I think for what I need to modify, such as some serials, some MACs, Perl can do a perfect job! And much better. In a perfect way! First the source (lots of, but this one the simplest and very much to the point): http://www.atrixnet.com/in-line-search-and-replace-in-files-with-real-perl-regular-expressions/ where find: perl -p -i -e 's/change this/to that/g' file1 file2 file3... I checked it, it works perfectly! I thought I'd share this since there surely are Wireshark users who will find this useful! But again, if anybody knows how strings *inside* SSL can be modified, pls do tell us! Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
Attachment:
signature.asc
Description: Digital signature
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- modifying strings in SSL streams possible, how? Miroslav Rovis (Oct 27)
- Re: modifying strings in SSL streams possible, how? Miroslav Rovis (Oct 31)