2025-07-02, 16:00–16:20 (Europe/Paris), Amphitheater 122
Wireshark is a widely used tool when it comes to view the contents of a network traffic capture.
When reversing a protocol, we tend to develop a simple program with a "simple" programming language (Python, Go...) to parse what is currently known.
The most logic way would be to develop this program as a Wireshark plugin, but the Wireshark plugin API is rarly used, since it's quite complex and does not fit for a quick and dirty task.
Wirego allows simple development of Wireshark plugins in Python and Go (and maybe more).
Developing plugins for Wireshark is quite complex. The API in written in C, dates from 1998 and is quite poorly documented. When working on a protocol, the reverser wants to stay focus on its main task and really doesn't want to go deep inside the Wireshark source code.
Wirego is a based on a Wireshark plugin which is ready to use and re-emits the Wireshark calls to a ZMQ (Zero-MQ) endpoint.
A package/class/framework for a given language receives these calls and converts them back to simple API calls. The end-user only needs to inherit a class (or implement an interface in Go) with just a few methods in order to develop his plugin.
Typically, one will simply implement seven methods in order to define the plugin name, the plugin filter (used to filter packets matching with the protocol), the list of fields eventually returned by the dissector (the parser), three methods for the protocol detection and the dissector itself.
A simple Wireshark plugin can be developed using only 100 lines of Python or less.
Wirego has been designed to easily allows the integration of additional languages.
Wirego is available on github: https://github.com/quarkslab/wirego/
I'm working on the cyber security domain since 2004.
After several years at the French ministry of Defense, I've founded two startups in the field of cryptography and I'm currently project manager at Quarkslab.
I spent most of my career designing systems and developping softwares related to vulnerability research and data processing.
I'm also a part time sound engineer in a recording studio.