diff options
| author | Aurelien Aptel <aaptel@suse.com> | 2020-02-19 22:16:45 +0100 |
|---|---|---|
| committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2020-02-23 06:12:32 +0000 |
| commit | 95a37ff2fe1017bd2a97e9f0d96d9fd0faffdbf4 (patch) | |
| tree | 53010aa5946a78b4decc102d2600da2b381c8e4c /test | |
| parent | de665417ab871f34bcf1fb536af308df691440d6 (diff) | |
SMB2: allow users to give decryption keys directly
Previously users could only give a session key via
uat:smb2_seskey_list:<id>,<seskey>
which was used to generate the decryption keys, as long as the trace
contained the session establishement.
Users have often asked about how to decrypt traffic captured in the
middle of an existing session but this wasn't possible.
This commit extends uat:smb2_seskey_list with 2 extra columns to store
decryption keys so that traffic can be decrypted at any point of the
session.
This has the side effect of changing the current syntax from:
... -o uat:smb2_seskey_list:<id>,<seskey>
To:
... -o 'uat:smb2_seskey_list:<id>,<seskey>,"",""'
(make sure the quoting is right)
Change-Id: I810d464b6f3e749de39b4428d73e0d6be29f3152
Reviewed-on: https://code.wireshark.org/review/36135
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/suite_decryption.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/test/suite_decryption.py b/test/suite_decryption.py index 85a5dc7349..9a044bbcc8 100644 --- a/test/suite_decryption.py +++ b/test/suite_decryption.py @@ -1112,7 +1112,7 @@ class case_decrypt_smb2(subprocesstest.SubprocessTestCase): sesid = '1900009c003c0000' proc = self.assertRun((cmd_tshark, '-r', capture_file('smb300-aes-128-ccm.pcap.gz'), - '-o', 'uat:smb2_seskey_list:{},{}'.format(sesid, seskey), + '-o', 'uat:smb2_seskey_list:{},{},"",""'.format(sesid, seskey), '-Y', 'frame.number == 7', )) self.assertIn('Invalid header', proc.stdout_str) @@ -1122,7 +1122,7 @@ class case_decrypt_smb2(subprocesstest.SubprocessTestCase): sesid = '2900009c003c0000' proc = self.assertRun((cmd_tshark, '-r', capture_file('smb311-aes-128-ccm.pcap.gz'), - '-o', 'uat:smb2_seskey_list:{},{}'.format(sesid, seskey), + '-o', 'uat:smb2_seskey_list:{},{},"",""'.format(sesid, seskey), '-Y', 'frame.number == 7' )) self.assertIn('Invalid header', proc.stdout_str) @@ -1134,7 +1134,7 @@ class case_decrypt_smb2(subprocesstest.SubprocessTestCase): tree = r'\\dfsroot1.foo.test\IPC$' proc = self.assertRun((cmd_tshark, '-r', capture_file('smb300-aes-128-ccm.pcap.gz'), - '-o', 'uat:smb2_seskey_list:{},{}'.format(sesid, seskey), + '-o', 'uat:smb2_seskey_list:{},{},"",""'.format(sesid, seskey), '-Tfields', '-e', 'smb2.tree', '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')), @@ -1148,7 +1148,7 @@ class case_decrypt_smb2(subprocesstest.SubprocessTestCase): tree = r'\\dfsroot1.foo.test\IPC$' proc = self.assertRun((cmd_tshark, '-r', capture_file('smb311-aes-128-ccm.pcap.gz'), - '-o', 'uat:smb2_seskey_list:{},{}'.format(sesid, seskey), + '-o', 'uat:smb2_seskey_list:{},{},"",""'.format(sesid, seskey), '-Tfields', '-e', 'smb2.tree', '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')), @@ -1162,7 +1162,7 @@ class case_decrypt_smb2(subprocesstest.SubprocessTestCase): tree = r'\\dfsroot1.foo.test\IPC$' proc = self.assertRun((cmd_tshark, '-r', capture_file('smb311-aes-128-gcm.pcap.gz'), - '-o', 'uat:smb2_seskey_list:{},{}'.format(sesid, seskey), + '-o', 'uat:smb2_seskey_list:{},{},"",""'.format(sesid, seskey), '-Tfields', '-e', 'smb2.tree', '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')), |