时间戳

首页 > 解决方案 > 我无法在 Wireshark/Lua 插件中将字符串显示为 XML 树

lua - 我无法在 Wireshark/Lua 插件中将字符串显示为 XML 树

问题描述

我有一个包含加密 XML 有效负载的数据包流。我正在开发一个 Wireshark/Lua 插件,以在解密后显示 XML 数据。这是我现在所拥有的:

decoded_buffer = ProtoField.string("tacserver.decoded_buffer", "XML")
.....
function tacserver_protocol.dissector(buffer, pinfo, tree)
     .....
     local decoded_string = decode(buffer(10))
     subtree:add(decoded_buffer, decoded_string)

     local xml_dis = Dissector.get("xml")
     local byte_array = ByteArray.new(decoded_string)
     local tvb = ByteArray.tvb(byte_array, "XMLdata");
     xml_dis:call(tvb, pinfo, tree)

我调用 decode 函数来解密 XML 有效负载并将结果存储在 decoded_string 中。在 Wireshark 中,当数据显示为字符串时,输出是正确的。

XML [truncated]: <?xml version="1.0" encoding="UTF-8" ?>\n<body>\n<TacServerInfo...
eXtensible Markup Language

但是,对 XML 解析器的调用不会生成任何输出。我需要做什么才能将解码的数据转储为 XML 树?谢谢!

这是版本信息:

Version 2.6.10 (Git v2.6.10 packaged as 2.6.10-1~ubuntu18.04.0) 
Copyright 1998-2019 Gerald Combs <gerald@wireshark.org> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (64-bit) with Qt 5.9.5, with libpcap, with POSIX capabilities (Linux), with libnl 3, with GLib 2.56.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.30.0, with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with SBC, with SpanDSP, without bcg729. 
Running on Linux 5.3.0-61-generic, with Intel(R) Core(TM) i5-7440HQ CPU @ 2.80GHz (with SSE4.2), with 3864 MB of physical memory, with locale en_US.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with zlib 1.2.11, binary plugins supported (14 loaded). Built using gcc 7.4.0. 
Wireshark is Open Source Software released under the GNU General Public License. 
Check the man page and http://www.wireshark.org for more information.

标签: luawireshark-dissector

解决方案

我弄清楚了这个问题。解码字符串是一个原始字符串,所以我需要将行更改为:

byte_array = ByteArray.new(decoded_string, true)

推荐阅读