Packet Analyzer powered by Wireshark compiled for WebAssembly.
Demo it on good.tools.
The library can be built in two ways:
npm run build:emscriptenusing a docker image with all of the build tools installednpm run build:emscripten-localrequires the build environment to be set up. A list of the tools and dependencies can be found in the build Dockerfile
After the WASM library is built, the wrapper lib can be built using npm run build. The wiregasm.js output file produced by the emscripten compiler is not processed by packer in the build step and gets added directly to dist. This is intentional as it provides consumers to use it for any enviornment they wish, be it nodejs or a browser.
See lib/Makefile for more information on how dependencies are built.
Cross-compiling Wireshark for emscripten/WASM isn't straightforward as it also depends on several other libraries to make it work, and those libraries also need to be ported to emscripten.
- libffi
- glib
- wireshark
0001-dont-build-radiotap-lemon.patch- Disables building
Lemon- Wireshark builds the tool and uses it to process files within the build process. Instead of building it, we provide it externally. - Disables building
radiotapsubdir - It has a dependency onlibpcap
- Disables building
0002-fix-cpu-name-unknown.patch- Fix compilation error for undefinedmodel_namevariable0003-disable-snort-emscripten.patch- Disable the Snort dissector0004-export-wireshark-common.patch- Expose some headers and objects that are not part ofepan0005-force-data-dir.patch- Force/wiresharkas the data directory. It is needed for loading preferences, profiles and color filters0006-threadless-registration.patch- Makes dissector registrations threadless0007-export-lrexlib.patch- Exposelrexlib, which is really a private dependency, but which isn't linked properly if not exported.
The Wiregasm Dissect Session implementation is effectively a tiny subset of sharkd APIs.
| sharkd | Wiregasm |
|---|---|
| load | load |
| frames | getFrames |
| frame | getFrame |
import loadWiregasm from '@goodtools/wiregasm/dist/wiregasm'
// override default locateFile to supply paths to data/wasm files
const wg = await loadWiregasm({
locateFile: (path, prefix) => {
if (path.endsWith(".data")) return "path/to/wiregasm.data";
if (path.endsWith(".wasm")) return "path/to/wiregasm.wasm";
return prefix + path;
}
});
// initialize prefs and dissectors
wg.init();
// read file from local FS
const data = await fs.readFile("path/to/file.pcap");
// write file to the virtual emscripten FS
wg.FS.writeFile("/uploads/file.pcap", data);
// create a new dissect session
const sess = new wg.DissectSession("/uploads/file.pcap");
// load the file
const ret = sess.load(); // res.code == 0
// load frames
const filter = "";
const skip = 0;
const limit = 0;
const frames = sess.getFrames(filter, skip, limit);
// get all details including protocol tree for frame
const frame = sess.getFrame(1);
// destroy the session
sess.delete();
// destroy the lib
wg.destroy();To add custom Lua dissectors, add your dissectors to the plugins directory before initializing wiregasm:
// read lua file from local FS
const dissector_data = await fs.readFile("path/to/dissector.lua");
// write lua file to the virtual emscripten FS plugin directory
wg.FS.writeFile("/plugins/dissector.lua", dissector_data)
// initialize and use wiregasm as usual
wg.init();Wiregasm is a derivative work of the Wireshark project, hence it is licensed under the same GNU GPLv2 license.