-
Notifications
You must be signed in to change notification settings - Fork 15
Home
MarkoPaul0 edited this page Apr 8, 2018
·
3 revisions
It simply exposes the Wireshark Lua API (or here) and attempts to reproduce its behavior. As a result, your script becomes "self sufficient" and you can execute it directly and without Wireshark. If you provide it with some data, it will print a text version of the dissection tree along with the payload in hexadecimal format. Now you can make changes to your dissector and see the effects immediately without leaving your Lua IDE!
- You have a Lua interpreter 5.2 or above
- You have a dissector and data to test it (hex string or pcap file)
- You have a Lua debugger (I like ZeroBrane Studio) [only a requirement for step by step debugging]
Note that WireBait does not interact at all with Wireshark.
Getting started takes less than a minute:
- Add wirebait.lua somewhere in your Lua path
- Add the following snippet of code on top of the script you want to run/debug:
if disable_lua == nil and not _WIREBAIT_ON_ then
local wirebait = require("wirebait");
local dissector_tester = wirebait.plugin_tester.new({only_show_dissected_packets=true});
dissector_tester:dissectPcap("path_to_your_pcap_file.pcap"); --dissecting data from a pcap file
dissector_tester:dissectHexData("72ABE636AFC86572"); --dissecting data from a hex string
return
end- Edit the code snippet to have your dissector read the hexadecimal data and/or pcap file of your choice
- Execute your dissector script. Enjoy 😃