Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: modifying strings in SSL streams possible, how?

From: Miroslav Rovis <miro.rovis () croatiafidelis hr>
Date: Mon, 14 Nov 2016 10:57:08 +0100
Hi!

I wrote a script for the purpose of, well, not really modifying SSL
strings, but the ethers and serials in the link layer of PCAPs.

As per...

On 161031-19:53+0100, Miroslav Rovis wrote:

I should have said in the title that also strings in plain TCP I need to
modify...


...[as per]:

I like to use my (simple) program https://github.com/miroR/uncenz to
document what happened, and I want to keep tre traces as intact as
possible without endangering myself of course but publishing stuff that
needs not be public.

For that reason, I don't want too much changed, but just the critical
pieces... 

...

But while tcprewrite can rewrite PCAP files, and, in my case, has to
change DLT (data link type else it can not modify my PCAPs, I think for
what I need to modify, such as some serials, some MACs, Perl can do a
perfect job! And much better. In a perfect way!


...

http://www.atrixnet.com/in-line-search-and-replace-in-files-with-real-perl-regular-expressions/
where find:
perl -p -i -e 's/change this/to that/g' file1 file2 file3...

...

And if anybody is interested to use my script, they can find it at:
https://github.com/miroR/uncenz
but they (currently) need to clone the develop branch, such as e.g.:

git clone -b develop https://github.com/miroR/uncenz

The script is:
dump_perl_repl.sh

and it needs an orig,fake replacement list such as
dump_strings_ORIG2FAKE.ls-1

included in the (currently) develop branch of my uncenz (primitive)
program.

And this of course still holds on:

But again, if anybody knows how strings *inside* SSL can be modified,
pls do tell us!



Regards!
-- 
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

Attachment: signature.asc
Description: Digital signature

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: