Comment by JohnLeitch

20 hours ago

Not even remotely accurate. While the dissector is not as mature as I thought and there's no built-in decryption as there is for TLS, that doesn't matter much. Hint: every component of the system is attacker controlled in this scenario.

2 comments

JohnLeitch

Reply
fragmede  18 hours ago

> Not even remotely accurate.

> there's no built-in decryption

Is that because wireshark can't do that just from packet captures?

  • JohnLeitch  15 hours ago

    >Is that because wireshark can't do that just from packet captures?

    Well, not quite. I think it's more that nobody has taken the time to implement it. That's not to say such an implementation would automatically decrypt the traffic from a capture with no extra leg work, of course. Wireshark dissectors have user configurable preferences, and presumably this would be where captured secrets could be set for use. This is how it handles TLS decryption [1], which works beautifully.

    [1] https://wiki.wireshark.org/TLS#tls-decryption