Release of Wireshark dissector with decryption support

Release of Wireshark dissector with decryption support

[Peter Wu]

Hi all!

I have been working on a WireGuard dissector for Wireshark with
decryption support for both Transport data and handshake messages.

Since the extract-keys utility included with WG is quite limited (needs
CONFIG_DEVKMEM=y and cannot obtain handshake secrets), I took a
different approach using kprobes and am able to obtain the three
handshake secrets too. (Future work includes obtaining just the
ephemeral keys and then deriving the keys from that.)

For code, documentation, screenshots and sample captures, see
https://github.com/Lekensteyn/wireguard-dissector

Dissection is functionally complete. The main remaining tasks include
adding expert info when the protocol is not being followed and
verification/decryption of Cookie Replies.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl

Re: Release of Wireshark dissector with decryption support

[Jason A. Donenfeld]

Hey Peter,

This is wonderful news! Congrats on the release.

I look forward to a simplified version that merely extracts ephemerals
and derives all the rest, so that intermediate values can be
decrypted.

Regards,
Jason