-
Notifications
You must be signed in to change notification settings - Fork 38
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 8574d8c
Showing
31 changed files
with
13,939 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| ## =========== | ||
| ## SAP Dissector Plugin for Wireshark | ||
| ## | ||
| ## Copyright (C) 2014 Core Security Technologies | ||
| ## | ||
| ## The plugin was designed and developed by Martin Gallo from the Security | ||
| ## Consulting Services team of Core Security Technologies. | ||
| ## | ||
| ## This program is free software; you can redistribute it and/or | ||
| ## modify it under the terms of the GNU General Public License | ||
| ## as published by the Free Software Foundation; either version 2 | ||
| ## of the License, or (at your option) any later version. | ||
| ## | ||
| ## This program is distributed in the hope that it will be useful, | ||
| ## but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| ## GNU General Public License for more details. | ||
| ##============== | ||
|
|
||
| set(DISSECTOR_SRC | ||
| packet-sapdiag.c | ||
| packet-sapenqueue.c | ||
| packet-saprouter.c | ||
| packet-sapprotocol.c | ||
| packet-saprfc.c | ||
| packet-sapms.c | ||
| packet-sapsnc.c | ||
| ) | ||
|
|
||
| set(PLUGIN_FILES | ||
| plugin.c | ||
| ${DISSECTOR_SRC} | ||
| ) | ||
|
|
||
| set(CLEAN_FILES | ||
| ${PLUGIN_FILES} | ||
| ) | ||
|
|
||
| if (WERROR) | ||
| set_source_files_properties( | ||
| ${CLEAN_FILES} | ||
| PROPERTIES | ||
| COMPILE_FLAGS -Werror | ||
| ) | ||
| endif() | ||
|
|
||
| include_directories(${CMAKE_CURRENT_SOURCE_DIR}) | ||
|
|
||
| register_dissector_files(plugin.c | ||
| plugin | ||
| ${DISSECTOR_SRC} | ||
| ) | ||
|
|
||
| add_library(sap ${LINK_MODE_MODULE} | ||
| ${PLUGIN_FILES} | ||
| ) | ||
| set_target_properties(sap PROPERTIES PREFIX "") | ||
| set_target_properties(sap PROPERTIES LINK_FLAGS "${WS_LINK_FLAGS}") | ||
|
|
||
| target_link_libraries(sap epan) | ||
|
|
||
| install(TARGETS sap | ||
| LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}/@CPACK_PACKAGE_NAME@/plugins/${CPACK_PACKAGE_VERSION} NAMELINK_SKIP | ||
| RUNTIME DESTINATION ${CMAKE_INSTALL_LIBDIR}/@CPACK_PACKAGE_NAME@/plugins/${CPACK_PACKAGE_VERSION} | ||
| ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}/@CPACK_PACKAGE_NAME@/plugins/${CPACK_PACKAGE_VERSION} | ||
| ) | ||
|
|
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| 2014-03-25 Martin Gallo <[email protected]> | ||
|
|
||
| * - Version v0.1.4 released at Troopers'14. | ||
| * - Changelog now in GNU format. | ||
| * - Switched to wireshark 1.10 trunk. | ||
| * - Moved to the use of the new memory allocation API (wmem) on all | ||
| dissectors. | ||
| * packet-sapdiag.c: Fixed some support bits and added new ones found on SAP | ||
| GUI version 7.30. | ||
| * packet-sapdiag.c: Added dissection of new Diag Items: WindowsSize. | ||
| * packet-sapenqueue.c: New dissector. Parsing of Enqueue Server packets. | ||
| * packet-sapms.c: New dissector. Parsing of Message Server packets. | ||
| * packet-sapprotocol.c: Subdissectors tables are now handled only on the | ||
| NI Protocol dissector. | ||
| * packet-sapprotocol.h: Exported function to look at the NI Protocol | ||
| sub-dissector table. | ||
| * packet-saprfc.c: The RFC dissector now registeres two separate handlers: | ||
| one for internal calls (e.g. from SAP Diag dissector) and another for | ||
| external communications (e.g. RFC or Gateway Monitor). | ||
| * packet-saprfc.c: Refactored almost all of the dissector code. Added lot | ||
| of new fields and fixed some issues. | ||
| * packet-saprfc.c: Fixed reassemble of RFC tables. | ||
| * packet-saprouter.c: Added dissection of Admin and Control messages. | ||
| * packet-saprouter.c: Protocol port preference changed to a range to cover | ||
| the port used by niping. | ||
| * packet-sapsnc.c: New dissector. Moved dissection of SNC frames to a new | ||
| dissector for using it as subdissector of both SAP Router and SAP Diag | ||
| packets. | ||
| * sapdecompress.h: Exported return code strings for using it in both Diag | ||
| and RFC dissectors. | ||
| * wireshark.patch: Switched patch file to GIT as the repository isn't | ||
| updated on SVN now. | ||
|
|
||
| 2013-03-22 Martin Gallo <[email protected]> | ||
|
|
||
| * - Version v0.1.3 released. | ||
| * packet-sapdiag.c, packet-saprfc.c: Fixed compilations errors on RFC and | ||
| Diag dissectors and removed some warnings. | ||
|
|
||
| 2012-09-27 Martin Gallo <[email protected]> | ||
|
|
||
| * - Version v0.1.2 released at Brucon'12. | ||
| * packet-saprouter.c: Fixed minor issues and added dissection of Admin | ||
| requests. Thanks Dave (@nmonkee) for the feedback and reporting the issues. | ||
| * packet-saprouter.c: Route and Admin passwords are highlighted as Security | ||
| via expert warnings. | ||
| * packet-sapdiag.c: Added dissection of new Diag Atom types, as used in NW | ||
| 7.01 and early versions, and UI Events. | ||
| * packet-sapdiag.c: Added a preference setting for enabling highlighting of | ||
| unknown Diag Item/Atom types and password fields via expert warnings. | ||
| * packet-saprfc.c: Added a preference setting for enabling highlighting of | ||
| unknown RFC types via expert warnings. | ||
|
|
||
| 2012-07-29 Martin Gallo <[email protected]> | ||
|
|
||
| * - Initial version v0.1.1 releaseed at Defcon 20. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,134 @@ | ||
| # Makefile.am | ||
| # | ||
| # Automake file for SAP Dissector Plugin for Wireshark | ||
| # | ||
| # $Id$ | ||
| # | ||
| # Wireshark - Network traffic analyzer | ||
| # By Gerald Combs <[email protected]> | ||
| # Copyright 1998 Gerald Combs | ||
| # | ||
| # This program is free software; you can redistribute it and/or | ||
| # modify it under the terms of the GNU General Public License | ||
| # as published by the Free Software Foundation; either version 2 | ||
| # of the License, or (at your option) any later version. | ||
| # | ||
| # This program is distributed in the hope that it will be useful, | ||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| # GNU General Public License for more details. | ||
| # | ||
| # You should have received a copy of the GNU General Public License | ||
| # along with this program; if not, write to the Free Software | ||
| # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | ||
| # | ||
|
|
||
| include $(top_srcdir)/Makefile.am.inc | ||
|
|
||
| INCLUDES = -I$(top_srcdir) | ||
|
|
||
| include Makefile.common | ||
|
|
||
| if HAVE_WARNINGS_AS_ERRORS | ||
| AM_CFLAGS = -Werror | ||
| endif | ||
|
|
||
| plugindir = @plugindir@ | ||
|
|
||
| plugin_LTLIBRARIES = sap.la | ||
|
|
||
| sap_la_SOURCES = \ | ||
| plugin.c \ | ||
| moduleinfo.h \ | ||
| $(DISSECTOR_SRC) \ | ||
| $(DISSECTOR_SUPPORT_SRC) \ | ||
| $(DISSECTOR_INCLUDES) | ||
|
|
||
| sap_la_LDFLAGS = -module -avoid-version | ||
| sap_la_LIBADD = @PLUGIN_LIBS@ | ||
|
|
||
| # Libs must be cleared, or else libtool won't create a shared module. | ||
| # If your module needs to be linked against any particular libraries, | ||
| # add them here. | ||
| LIBS = | ||
|
|
||
| # | ||
| # Build plugin.c, which contains the plugin version[] string, a | ||
| # function plugin_register() that calls the register routines for all | ||
| # protocols, and a function plugin_reg_handoff() that calls the handoff | ||
| # registration routines for all protocols. | ||
| # | ||
| # We do this by scanning sources. If that turns out to be too slow, | ||
| # maybe we could just require every .o file to have an register routine | ||
| # of a given name (packet-aarp.o -> proto_register_aarp, etc.). | ||
| # | ||
| # Formatting conventions: The name of the proto_register_* routines an | ||
| # proto_reg_handoff_* routines must start in column zero, or must be | ||
| # preceded only by "void " starting in column zero, and must not be | ||
| # inside #if. | ||
| # | ||
| # DISSECTOR_SRC is assumed to have all the files that need to be scanned. | ||
| # | ||
| # For some unknown reason, having a big "for" loop in the Makefile | ||
| # to scan all the files doesn't work with some "make"s; they seem to | ||
| # pass only the first few names in the list to the shell, for some | ||
| # reason. | ||
| # | ||
| # Therefore, we have a script to generate the plugin.c file. | ||
| # The shell script runs slowly, as multiple greps and seds are run | ||
| # for each input file; this is especially slow on Windows. Therefore, | ||
| # if Python is present (as indicated by PYTHON being defined), we run | ||
| # a faster Python script to do that work instead. | ||
| # | ||
| # The first argument is the directory in which the source files live. | ||
| # The second argument is "plugin", to indicate that we should build | ||
| # a plugin.c file for a plugin. | ||
| # All subsequent arguments are the files to scan. | ||
| # | ||
| plugin.c: $(DISSECTOR_SRC) $(top_srcdir)/tools/make-dissector-reg \ | ||
| $(top_srcdir)/tools/make-dissector-reg.py | ||
| @if test -n "$(PYTHON)"; then \ | ||
| echo Making plugin.c with python ; \ | ||
| $(PYTHON) $(top_srcdir)/tools/make-dissector-reg.py $(srcdir) \ | ||
| plugin $(DISSECTOR_SRC) ; \ | ||
| else \ | ||
| echo Making plugin.c with shell script ; \ | ||
| $(top_srcdir)/tools/make-dissector-reg $(srcdir) \ | ||
| $(plugin_src) plugin $(DISSECTOR_SRC) ; \ | ||
| fi | ||
|
|
||
| # | ||
| # Currently plugin.c can be included in the distribution because | ||
| # we always build all protocol dissectors. We used to have to check | ||
| # whether or not to build the snmp dissector. If we again need to | ||
| # variably build something, making plugin.c non-portable, uncomment | ||
| # the dist-hook line below. | ||
| # | ||
| # Oh, yuk. We don't want to include "plugin.c" in the distribution, as | ||
| # its contents depend on the configuration, and therefore we want it | ||
| # to be built when the first "make" is done; however, Automake insists | ||
| # on putting *all* source into the distribution. | ||
| # | ||
| # We work around this by having a "dist-hook" rule that deletes | ||
| # "plugin.c", so that "dist" won't pick it up. | ||
| # | ||
| #dist-hook: | ||
| # @rm -f $(distdir)/plugin.c | ||
|
|
||
| CLEANFILES = \ | ||
| sap \ | ||
| *~ | ||
|
|
||
| MAINTAINERCLEANFILES = \ | ||
| Makefile.in \ | ||
| plugin.c | ||
|
|
||
| EXTRA_DIST = \ | ||
| Makefile.common \ | ||
| Makefile.nmake \ | ||
| moduleinfo.nmake \ | ||
| plugin.rc.in \ | ||
| CMakeLists.txt | ||
|
|
||
| checkapi: | ||
| $(PERL) $(top_srcdir)/tools/checkAPIs.pl -g abort -g termoutput $(DISSECTOR_SRC) $(DISSECTOR_INCLUDES) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| # Makefile.common for SAP Dissector Plugin for Wireshark | ||
| # Contains the stuff from Makefile.am and Makefile.nmake that is | ||
| # a) common to both files and | ||
| # b) portable between both files | ||
| # | ||
| # $Id: Makefile.common 27491 2009-02-21 16:33:48Z jake $ | ||
| # | ||
| # Wireshark - Network traffic analyzer | ||
| # By Gerald Combs <[email protected]> | ||
| # Copyright 1998 Gerald Combs | ||
| # | ||
| # This program is free software; you can redistribute it and/or | ||
| # modify it under the terms of the GNU General Public License | ||
| # as published by the Free Software Foundation; either version 2 | ||
| # of the License, or (at your option) any later version. | ||
| # | ||
| # This program is distributed in the hope that it will be useful, | ||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| # GNU General Public License for more details. | ||
| # | ||
| # You should have received a copy of the GNU General Public License | ||
| # along with this program; if not, write to the Free Software | ||
| # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | ||
|
|
||
| # the name of the plugin | ||
| PLUGIN_NAME = sap | ||
|
|
||
| # the dissector sources (without any helpers) | ||
| DISSECTOR_SRC = \ | ||
| packet-sapdiag.c \ | ||
| packet-sapenqueue.c \ | ||
| packet-saprouter.c \ | ||
| packet-sapprotocol.c \ | ||
| packet-saprfc.c \ | ||
| packet-sapms.c \ | ||
| packet-sapsnc.c | ||
|
|
||
| # corresponding headers | ||
| DISSECTOR_INCLUDES = \ | ||
| packet-sapprotocol.h | ||
|
|
||
| # Dissector helpers. They're included in the source files in this | ||
| # directory, but they're not dissectors themselves, i.e. they're not | ||
| # used to generate "plugin.c". | ||
| DISSECTOR_SUPPORT_SRC = \ | ||
| sapdecompress.cpp \ | ||
| vpa105CsObjInt.cpp \ | ||
| vpa106cslzc.cpp \ | ||
| vpa107cslzh.cpp \ | ||
| vpa108csulzh.cpp | ||
|
|
||
| include ../Makefile.common.inc |
Oops, something went wrong.