* Release of Wireshark dissector with decryption support
@ 2017-03-03 16:08 Peter Wu
2017-03-03 17:37 ` Jason A. Donenfeld
0 siblings, 1 reply; 2+ messages in thread
From: Peter Wu @ 2017-03-03 16:08 UTC (permalink / raw)
To: wireguard
Hi all!
I have been working on a WireGuard dissector for Wireshark with
decryption support for both Transport data and handshake messages.
Since the extract-keys utility included with WG is quite limited (needs
CONFIG_DEVKMEM=y and cannot obtain handshake secrets), I took a
different approach using kprobes and am able to obtain the three
handshake secrets too. (Future work includes obtaining just the
ephemeral keys and then deriving the keys from that.)
For code, documentation, screenshots and sample captures, see
https://github.com/Lekensteyn/wireguard-dissector
Dissection is functionally complete. The main remaining tasks include
adding expert info when the protocol is not being followed and
verification/decryption of Cookie Replies.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Release of Wireshark dissector with decryption support
2017-03-03 16:08 Release of Wireshark dissector with decryption support Peter Wu
@ 2017-03-03 17:37 ` Jason A. Donenfeld
0 siblings, 0 replies; 2+ messages in thread
From: Jason A. Donenfeld @ 2017-03-03 17:37 UTC (permalink / raw)
To: Peter Wu; +Cc: WireGuard mailing list
Hey Peter,
This is wonderful news! Congrats on the release.
I look forward to a simplified version that merely extracts ephemerals
and derives all the rest, so that intermediate values can be
decrypted.
Regards,
Jason
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-03-03 17:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-03 16:08 Release of Wireshark dissector with decryption support Peter Wu
2017-03-03 17:37 ` Jason A. Donenfeld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).