Wireshark mailing list archives

Re: Passwordlist in Wireshark - User feedback wanted

From: Sake Blok | SYN-bit <sake.blok () SYN-bit nl>
Date: Thu, 20 Jun 2019 12:35:33 +0200

On 19 Jun 2019 (Wed), at 14:11, Graham Bloice <graham.bloice () trihedral com> wrote:

On Fri, 14 Jun 2019 at 21:27, Roland Knall <rknall () gmail com <mailto:rknall () gmail com>> wrote:
Hi

There is a patch currently waiting for inclusion. It would allow for dissectors to easily make credentials 
(username/password) available and present them in a tool window in Wireshark.

The main concern here is, that this could lead companies, evaluating Wireshark to be used within  the company, to 
deny the use of the program, due to wrongly identifying Wireshark as a hacking tool.


I also haven't reviewed the proposed change but in general my view is that it's Wireshark's job to present the 
information in the capture files in a manner that's useful to the users.  Credentials are one element of this 
information, and to me, is like any other "object", so I think that adding the dialog that summarizes them is 
perfectly OK.

If this causes some companies to "ban" Wireshark, then so be it.  That won't hide the credentials travelling on their 
networks.

For more aware companies, they would be able to instruct users to check the "credentials" dialog before sharing the 
capture to minimise a compromise.


This is a tricky one, as these are just *some* of the credentials in the trace file. So if people start using it as a 
way to verify if there are *no* passwords in the trace file they could miss other passwords. I have not looked at the 
proposed change in detail, but I thin it should come with a warning that the list of credentials is not a complete list.

Cheers,
Sake

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Passwordlist in Wireshark - User feedback wanted, (continued)
- - - Re: Passwordlist in Wireshark - User feedback wanted João Valverde (Jun 17)
- Re: Passwordlist in Wireshark - User feedback wanted Uli Heilmeier (Jun 16)
- Re: Passwordlist in Wireshark - User feedback wanted Sake Blok | SYN-bit (Jun 16)
  - Re: Passwordlist in Wireshark - User feedback wanted Dario Lombardo (Jun 17)
    - Re: Passwordlist in Wireshark - User feedback wanted Sake Blok | SYN-bit (Jun 17)
    - Re: Passwordlist in Wireshark - User feedback wanted Dario Lombardo (Jun 19)
    - Re: Passwordlist in Wireshark - User feedback wanted Sake Blok | SYN-bit (Jun 21)
    - Re: Passwordlist in Wireshark - User feedback wanted Dario Lombardo (Jun 25)
    - Re: Passwordlist in Wireshark - User feedback wanted Dario Lombardo (Jun 27)
- Re: Passwordlist in Wireshark - User feedback wanted Graham Bloice (Jun 19)
  - Re: Passwordlist in Wireshark - User feedback wanted Sake Blok | SYN-bit (Jun 21)