On Jun 15, 2019, at 3:07 AM, Dario Lombardo <lomato@xxxxxxxxx> wrote:
> Actually no code for extracting credentials has been added.
...other than code that adds fields with names such as "User name" and "Password" to the protocol tree, which has been in Wireshark for a while.
> It's a tap that collects them and shows a table with them. The credentials already exist in wireshark in clear text.
Exactly.
All this does, apparently, is to make it easier to find the contents of those fields. *I* don't think that magically turns Wireshark into a "cracker's tool", but not everybody who might look at Wireshark is as clueful as we are, so they *might* see it as doing so, and if they're in a position to approve the use of Wireshark in the organization, they *might* treat that as a reason not to allow it - that's Roland's concern. (I seem to remember that a law passed in Germany in 2007 about "hacking tools" concerned some software developers:
https://www.schneier.com/blog/archives/2007/08/new_german_hack.html
and that at least some developers moved their projects out of Germany:
http://www.beskerming.com/commentary/2007/08/12/249/German_Security_Professionals_in_the_Mist
so that sort of reaction by people in positions of authority is not unheard of.)