42 lines
1.4 KiB
Markdown
42 lines
1.4 KiB
Markdown
# blob2wireshark
|
|
|
|
Is a plugin for wireshark, which helps to analyse binaries arrays or blob by dissectors
|
|
|
|
plugin functions:
|
|
|
|
* convert bin files into pcap file
|
|
* provides lua dissectors templates
|
|
* creates lua dissectors snippets depends of pseudo-c-struct-definition
|
|
|
|
## How to
|
|
|
|
### Install
|
|
|
|
1. Copy [b2ws-plugin folder](b2ws-plugin) to a [wireshark plugin folder](https://www.wireshark.org/docs/wsug_html_chunked/ChPluginFolders.html)
|
|
|
|
### Convert binary file to pcap files
|
|
|
|
Create example a binary file with:
|
|
|
|
```sh
|
|
mkdir example_build
|
|
cd example_build
|
|
cmake ../example
|
|
make
|
|
./b2ws_example_blob_writer
|
|
ls *.bin
|
|
```
|
|
1. Open Wireshark
|
|
2. Open ImportBlob windows by click on "Tools-> bw2s -> ImportBlob"
|
|
3. Click on "Change Settings", enter the path of the binary file.
|
|
* you could also change the fake src, dst and type field.
|
|
4. Click on "ImportBlob". Now the create a pcap file (in the same folder as the binary file) and open this file
|
|
|
|
|
|
### Create lua dissector file
|
|
|
|
1. Open Wireshark
|
|
2. Open ImportBlob windows by click on "Tools-> bw2s -> ImportBlob"
|
|
3. Click on "Create Dissector"
|
|
4. Enter a name for the dissector and press ok. Now the plugin create a "default" lua dissector file in the b2ws-plugin folder. This file can und should be edit by you, e.g. add/change ProtoField or add protocol layes (see [wiki.wireshark LuaAPI/](https://wiki.wireshark.org/LuaAPI/)).
|