good-tools / wiregasm

Packet Analyzer powered by Wireshark compiled for WebAssembly
GNU General Public License v2.0
59 stars 4 forks source link
analyzer packet pcap wasm wireshark

Wiregasm

Build Build

Packet Analyzer powered by Wireshark compiled for WebAssembly.

Demo it on good.tools.

Build

The library can be built in two ways:

  1. npm run build:emscripten using a docker image with all of the build tools installed
  2. npm run build:emscripten-local requires the build environment to be set up. A list of the tools and dependencies can be found in the build Dockerfile

After the WASM library is built, the wrapper lib can be built using npm run build. The wiregasm.js output file produced by the emscripten compiler is not processed by packer in the build step and gets added directly to dist. This is intentional as it provides consumers to use it for any enviornment they wish, be it nodejs or a browser.

See lib/Makefile for more information on how dependencies are built.

Patches

Cross-compiling Wireshark for emscripten/WASM isn't straightforward as it also depends on several other libraries to make it work, and those libraries also need to be ported to emscripten.

Usage

The Wiregasm Dissect Session implementation is effectively a tiny subset of sharkd APIs.

sharkd Wiregasm
load load
frames getFrames
frame getFrame
import loadWiregasm from '@goodtools/wiregasm/dist/wiregasm'

// override default locateFile to supply paths to data/wasm files
const wg = await loadWiregasm({
  locateFile: (path, prefix) => {
    if (path.endsWith(".data")) return "path/to/wiregasm.data";
    if (path.endsWith(".wasm")) return "path/to/wiregasm.wasm";
    return prefix + path;
  }
});

// initialize prefs and dissectors
wg.init();

// read file from local FS
const data = await fs.readFile("path/to/file.pcap");

// write file to the virtual emscripten FS
wg.FS.writeFile("/uploads/file.pcap", data);

// create a new dissect session
const sess = new wg.DissectSession("/uploads/file.pcap");

// load the file
const ret = sess.load(); // res.code == 0

// load frames
const filter = "";
const skip = 0;
const limit = 0;
const frames = sess.getFrames(filter, skip, limit);

// get all details including protocol tree for frame
const frame = sess.getFrame(1);

// destroy the session
sess.delete();

// destroy the lib
wg.destroy();

To add custom Lua dissectors, add your dissectors to the plugins directory before initializing wiregasm:

// read lua file from local FS
const dissector_data = await fs.readFile("path/to/dissector.lua");

// write lua file to the virtual emscripten FS plugin directory
wg.FS.writeFile("/plugins/dissector.lua", dissector_data)

// initialize and use wiregasm as usual
wg.init();

License

Wiregasm is a derivative work of the Wireshark project, hence it is licensed under the same GNU GPLv2 license.