> On 14 Jun 2019 (Fri), at 22:25, Roland Knall <rkn...@gmail.com> wrote: > > There is a patch currently waiting for inclusion. It would allow for > dissectors to easily make credentials (username/password) available and > present them in a tool window in Wireshark. > The main concern here is, that this could lead companies, evaluating > Wireshark to be used within the company, to deny the use of the program, due > to wrongly identifying Wireshark as a hacking tool.
Personally I don't like the option to have a central place to add credential information to show to the user. I think this crosses the (very thin) line between "being able to see a password" and "being a tool to extract passwords". Other tools for extracting passwords from pcap files do exist already (just two results from a quick google search): - https://n0where.net/extract-data-from-pcap-files-pcredz <https://n0where.net/extract-data-from-pcap-files-pcredz> - https://github.com/DanMcInerney/net-creds <https://github.com/DanMcInerney/net-creds> So personally I do not see a use-case where there is added value to add this to Wireshark. Just my €0,02 Sake
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
