Wireshark-dev: Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted

From: Sake Blok | SYN-bit <sake.blok@xxxxxxxxxx>
Date: Mon, 17 Jun 2019 13:40:38 +0200
Hi Dario,

On 17 Jun 2019 (Mon), at 11:23, Dario Lombardo <lomato@xxxxxxxxx> wrote:

Hi Sake

On Mon, Jun 17, 2019 at 7:01 AM Sake Blok | SYN-bit <sake.blok@xxxxxxxxxx> wrote:
Personally I don't like the option to have a central place to add credential information to show to the user. I think this crosses the (very thin) line between "being able to see a password" and "being a tool to extract passwords".


Personally this is what I like of it :). But indeed this is a discussion about lines crossed, so anybody's opinion and previous experience is welcome. The line between see and extract sounds to me like the Richard's picture of orchids. Wireshark can already extract the credentials: they are dissected and put under the proper proto item with names like "auth", "credential", "password", etc. This is rather different that "follow tcp stream" of an undissected protocol, that contains credentials. The patch doesn't give more "power" to the user: just instead of scripting tshark or jumping between packets it makes easier reading them through a dialog. IMHO Wireshark is already a tool to extract passwords.

I understand your point of view. However, needing a little more knowledge to extract passwords than just clicking on the "show me all credentials" is a good thing IMHO. If this feature is used to raise security awareness, then having a list of usernames with **** passwords to show for which users passwords are present in the pcap file is enough, no need to show the passwords themselves. If an individual password is needed, it can easily be obtained by going to the packet that has the password without showing all passwords in a list. 

To me for troubleshooting issues, it is sufficient to see the usernames and sometimes extract a password, but I do not need a list of them
For security awareness, you do not need the passwords, just the protocol and username and the fact that the password is available in the pcap file
For hacking you would want to have the full list, but then I would prefer people to use other available tools to keep Wireshark on the friendly side of the line.

What use-case do you see for a list of all passwords (where a list of just the usernames is not enough)?

Just my €0,02

Taken ;).

Make sure to collect them at a next Sharkfest ;-)