I wonder if it is possible for Wireshark (or any compatible extension for Win7) to modify the packets being sent to the server based on some conditions (like checking the POST field value and taking action upon that)?
For example, when sending an application/x-www-form-urlencoded with a field like "login=user", is there a way to script it to change that to something like "login=otheruser"?
asked 19 Apr '12, 10:56
No, there isn't any way to do that.
Wireshark is an application for passively capturing network traffic, and the mechanisms it uses for capturing network traffic do not offer any ability to "edit" network traffic sent by or received by the machine on which it's running.
You'd have to find another tool to do that.
answered 19 Apr '12, 11:19
Guy Harris ♦♦
It sounds like what you are asking for is a general purpose man-in-the-middle security attack tool! Wireshark will not even show you the HTTP packets if they are going over HTTPS, as should be the case for anything for which the user identity makes a difference. (OK, Wireshark will decrypt the packets if you know the private key of the server's SSS/TLS certificate and capture the entire handshake.) If you control the browser being used, you can edit the values on the fly with a browser plugin.
answered 19 Apr '12, 16:45