admin管理员组

文章数量:1125610

I am writing a TCP deobfuscation plugin that XORs each byte of the payload with 0xAA and then re-parses it (so the TCP parser in Wireshark needs to be called again).I encountered two issues.

1.How can I obtain the TCP header so that I can call function Dissector.get("tcp"):call(...)

2.How can I avoid recursively calling function Dissector.get("tcp"):call(...)?

This is the code I have written so far. It cannot parse because the TCP header is missing. 
local NAME = "test"
local test = Proto(NAME, "test TCP Protocol")
local fields = test.fields

function test.dissector(tvb, pinfo, tree)
    if(pinfo.dst_port == 8000 or pinfo.src_port == 8000) 
    then

        -- is payload len
        print(tvb:len())
        
        local tmp = tvb:bytes()
        for i=0,tmp:len() - 1 do
            value = tmp:get_index(i)
            tmp:set_index(i,value - 1)
        end

        Dissector.get("tcp"):call(tmp:tvb(),pinfo,tree)
    end
end

DissectorTable.get("tcp.port"):add(8000, test)

本文标签: wireshark lua tcp decoderStack Overflow

版权声明:本文标题:wireshark lua tcp decoder - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736667250a1946728.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。