Wireshark mailing list archives
Re: modifying strings in SSL streams possible, how?
From: Miroslav Rovis <miro.rovis () croatiafidelis hr>
Date: Mon, 14 Nov 2016 10:57:08 +0100
Hi! I wrote a script for the purpose of, well, not really modifying SSL strings, but the ethers and serials in the link layer of PCAPs. As per... On 161031-19:53+0100, Miroslav Rovis wrote:
I should have said in the title that also strings in plain TCP I need to modify...
...[as per]:
I like to use my (simple) program https://github.com/miroR/uncenz to document what happened, and I want to keep tre traces as intact as possible without endangering myself of course but publishing stuff that needs not be public.For that reason, I don't want too much changed, but just the critical pieces...
...
But while tcprewrite can rewrite PCAP files, and, in my case, has to change DLT (data link type else it can not modify my PCAPs, I think for what I need to modify, such as some serials, some MACs, Perl can do a perfect job! And much better. In a perfect way!
...
http://www.atrixnet.com/in-line-search-and-replace-in-files-with-real-perl-regular-expressions/ where find: perl -p -i -e 's/change this/to that/g' file1 file2 file3...
... And if anybody is interested to use my script, they can find it at: https://github.com/miroR/uncenz but they (currently) need to clone the develop branch, such as e.g.: git clone -b develop https://github.com/miroR/uncenz The script is: dump_perl_repl.sh and it needs an orig,fake replacement list such as dump_strings_ORIG2FAKE.ls-1 included in the (currently) develop branch of my uncenz (primitive) program. And this of course still holds on:
But again, if anybody knows how strings *inside* SSL can be modified, pls do tell us!
Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
Attachment:
signature.asc
Description: Digital signature
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: modifying strings in SSL streams possible, how? Miroslav Rovis (Nov 14)