Wireshark Wizardry: Mastering Custom Lua Dissectors for Binary Protocols

Ever tried parsing binary protocols over TCP and ended up looking like a confused emoji? Fear not! I developed a Wireshark dissector in Lua, inspired by SANS ICS training, to decode firmware upload protocols. Configure fields, filter traffic, and extract data with ease. Check out my blog and video for a deep dive into network protocol reversing!

1P
Published: June 3, 2024 11:26 amAdded: June 3, 2024 at 4:36 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that reverse engineering a firmware upload protocol could be as thrilling as a spy movie’s plot twist? With a few lines of Lua, Didier Stevens is turning Wireshark into the Sherlock Holmes of network traffic analysis. Elementary, my dear data packets!

Key Points:

  • Developed a Wireshark Lua dissector for dissecting binary protocols over TCP.
  • Configurable dissector for parsing fields with fixed lengths.
  • Example protocol captures a firmware upload process with detailed field specifications.
  • Command-line arguments allow customization of protocol and field settings.
  • Dissector aids in filtering and analyzing specific protocol traffic in Wireshark and Tshark.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?