Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2024-01-29 03:41:59 +0000

zguest gravatar image

Can't active dessector function when use the lua to dissect the TLS V1.2.

I want to use lua api to dissect the custom tls v1.2 protocol.

I configured the RSA key files to decrypt TLS and the decrypted TLS info is shown as wanted.

To decrypt tls with lua, I register it to the tls.port: DissectorTable.get("tls.port"):add(port_id, my_protocol). But i find the dissector can't be actived, because the beginning print don't show in the lua console.

Please Help me to figure out how to active the lua dessector.

My demo as below:

smart_data_protocol = Proto("SmartData","SmartData Protocol")

-- fields component
data_header_status = ProtoField.uint16("smart_data.data_header_status", "data_header_status", base.DEC)

smart_data_protocol.fields = {data_header_status}



function smart_data_protocol.dissector(buffer, pinfo, tree)

    print("start dissector")
    length = buffer:len()
    if length == 0 then
        return 0
    end

    version = buffer(1,1):uint()
    if version ~= 0x03 then
        print("version ~= 0x03 ")
        return 0
    end
    print("version == 0x03 ")
    pinfo.cols.protocol = smart_data_protocol.name
    print("cols.protocol ")

    local subtree = tree:add(smart_data_protocol, buffer(), "SmartData Protocol Data")

    print("local subtree ")
    subtree:add(data_header_status, buffer(1,1))
    print("subtree:add")
end
DissectorTable.get("tls.port"):add(my_port, smart_data_protocol)

Thanks a lot!

Can't active dessector function when use the lua to dissect the TLS V1.2.

I want to use lua api to dissect the custom tls v1.2 protocol.

I configured the RSA key files to decrypt TLS and the decrypted TLS info is shown as wanted.wanted. The RSA keys is the .pfx file.

To decrypt tls with lua, I register it to the tls.port: DissectorTable.get("tls.port"):add(port_id, my_protocol). But i find the dissector can't be actived, because the beginning print don't show in the lua console.console.

Please Help me to figure out how to active the lua dessector.

My demo as below:

smart_data_protocol = Proto("SmartData","SmartData Protocol")

-- fields component
data_header_status = ProtoField.uint16("smart_data.data_header_status", "data_header_status", base.DEC)

smart_data_protocol.fields = {data_header_status}



function smart_data_protocol.dissector(buffer, pinfo, tree)

    print("start dissector")
    length = buffer:len()
    if length == 0 then
        return 0
    end

    version = buffer(1,1):uint()
    if version ~= 0x03 then
        print("version ~= 0x03 ")
        return 0
    end
    print("version == 0x03 ")
    pinfo.cols.protocol = smart_data_protocol.name
    print("cols.protocol ")

    local subtree = tree:add(smart_data_protocol, buffer(), "SmartData Protocol Data")

    print("local subtree ")
    subtree:add(data_header_status, buffer(1,1))
    print("subtree:add")
end
DissectorTable.get("tls.port"):add(my_port, DissectorTable.get("tls.port"):add(50556, smart_data_protocol)

PS: 1. when i register the dissector the tcp.port, the dissector function can run but can't decrypt. 2. the aim coloumn is the TLS segment of a ressabled PUD, I don't know if it matters. 3. I cannot upload the capture file due to confidentiality, sorry.

Thanks a lot!