Ask Your Question

How to call a Wireshark plugin protocol dissector programmatically?

asked 2019-07-09 19:17:50 +0000

sids2393 gravatar image

updated 2019-07-09 19:40:18 +0000

Hi, We have a Wireshark Plugin that decodes our proprietary protocol (built over TCP). I am building a Burp plugin that does the same decoding. I use mitm_relay to encapsulate the proprietary protocol in HTTP POST so Burp can intercept it. So is there a way that I can leverage Wireshark plugin (which we already have) to decode the packets by progamatically calling the protocol dissector from burp plugin ? What would be the best way to do it?

Thank You.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2019-07-10 04:21:16 +0000

Guy Harris gravatar image

You would have to make the entire Wireshark dissector engine a plugin for Burp, use the "Wireshark server" ("sharkd") and make a plugin that uses that, or run TShark capturing from a pipe and write your packet in pcap or pcapng form to that pipe. Wireshark plugin dissectors depend on the dissector engine core, so you can't omit it from the plugin.

The ways to do the first two of those are not documented and are subject to change, so that won't be easy.

edit flag offensive delete link more


Hi thanks for your answer Pipes sounds doable.

Just in case someone else stumbles on the same problem:

sids2393 gravatar imagesids2393 ( 2019-07-10 06:54:58 +0000 )edit

I have started to document the sharkd functionality - see

PaulOfford gravatar imagePaulOfford ( 2021-01-24 15:20:34 +0000 )edit

answered 2019-07-10 05:41:26 +0000

Jaap gravatar image

Hope I understand correctly, but it seems as though the Burp dissector needs to recreate the same proprietary PDUs from the HTTP POST data as would be seen transported over TCP and hand these to your proprietary plugin. This sounds like regular dissector chaining, in which one dissector finds another's handle (by name) and uses that to handoff dissection of the PDU.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2019-07-09 19:17:50 +0000

Seen: 863 times

Last updated: Jul 10 '19