{"id":43496601,"url":"https://github.com/quarkslab/wirego","last_synced_at":"2026-02-03T10:38:35.260Z","repository":{"id":213582418,"uuid":"733134839","full_name":"quarkslab/wirego","owner":"quarkslab","description":null,"archived":false,"fork":false,"pushed_at":"2025-12-16T16:44:50.000Z","size":2425,"stargazers_count":41,"open_issues_count":6,"forks_count":3,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-12-20T07:38:34.060Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/quarkslab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-12-18T16:32:12.000Z","updated_at":"2025-12-16T16:44:54.000Z","dependencies_parsed_at":"2024-03-26T22:24:38.839Z","dependency_job_id":"f3a13b4b-504b-4c1d-8cce-cfaea13cb483","html_url":"https://github.com/quarkslab/wirego","commit_stats":null,"previous_names":["quarkslab/wirego"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/quarkslab/wirego","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quarkslab%2Fwirego","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quarkslab%2Fwirego/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quarkslab%2Fwirego/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quarkslab%2Fwirego/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/quarkslab","download_url":"https://codeload.github.com/quarkslab/wirego/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quarkslab%2Fwirego/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29041862,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T10:09:22.136Z","status":"ssl_error","status_checked_at":"2026-02-03T10:09:16.814Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-03T10:38:32.278Z","updated_at":"2026-02-03T10:38:35.254Z","avatar_url":"https://github.com/quarkslab.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Wirego\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"./doc/img/wirego_logo.png\" height=\"250\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  A Wireshark plugin framework based on ZMQ, supporting Golang, Python and hopefully more languages soon.\n\u003c/p\u003e\n\n## Introduction\n\nWriting plugins for Wireshark in C/C++ can be opaque: the APIs are quite powerfull, but not really obvious to use. If you just want to develop a quick and dirty plugin you will spend more time trying to understand how things work instead of actually writing the core of your plugin.\n\nAnother alternative is to use LUA, but first of all you need to know this language. So again, you'll spend more time trying to learn that new language than actually writing this quick and dirty plugin.\n\nWirego is a composed of:\n\n- a Wireshark plugin (wirego_bridge), written in C that will transmit all calls from Wireshark to a remote ZMQ endpoint\n- A set of packages for several languages receiving those ZMQ calls and converting them to a simple API that you can use\n\n![screenshot](./doc/img/schema.png)\n\nAs a starter, a **golang** package is provided and more languages will come later.\n\n![screenshot](./wirego_remote/go/examples/minimal/screenshot.png)\n\nIn all Wirego's code and documentations we will refer to:\n\n- **Wirego bridge** : the Wireshark plugin, written in C (you won't have to touch this one)\n- **Wirego package** : a package/class/bundle/sdk for a given language, used to make things easier on your side\n- **Wirego remote** : the application that you will develop using the **Wirego package**\n\nLanguages availability:\n\n| Language | Availability       |\n| -------- | ------------------ |\n| Go       | ✅ | \n| Python   | ✅ | \n| Rust     | ✅ | \n| C        | ✔️ | \n| C++      | ✔️ | \n| Java     | ✔️ | \n\n## Getting started\n\nIn order to setup Wirego, you will need follow 3 steps:\n\n1. Install or build the **Wirego bridge plugin** for Wireshark\n2. Develop your **Wirego remote**, using a **Wirego package**\n3. Start your **Wirego remote** program\n4. Start Wireshark and tell the Wirego bridge where your ZMQ endpoint is\n\nYou may use prebuilt binaries for **step 1**, those can be downloaded [here](https://github.com/quarkslab/wirego/releases).\nIf prefer building the plugin (or if prebuilt binaries fails), refer to the following documentation [here](./doc/BUILD_WIREGO.md)\n\nThe **step 2** will obviously depend on the language you're using.\n\n### Overview in Go\n\nFor Go you will basically just have to copy/paste the **main()** function from one of our examples and implement the following interface:\n\n```golang\n    // WiregoInterface is implemented by the actual wirego plugin\n    type WiregoInterface interface {\n      GetName() string\n      GetFilter() string\n      GetFields() []WiresharkField\n      GetDetectionFilters() []DetectionFilterType\n      GetDetectionHeuristicsParent() []string\n      DetectionHeuristic(packetNumber int, src string, dst string, stack string, packet []byte) bool\n      DissectPacket(packetNumber int, src string, dst string, stack string, packet []byte) *DissectResult\n    }\n```\n\nIt's probably time for you to take a look at the minimal Go example found in [./wirego_remote/go/examples/minimal/](./wirego_remote/go/examples/minimal/README.md)\n\n### Overview in Python\n\nWhen using Python, you will need to declare a class inheriting **wirego.WiregoListener** from the **wirego** python package.\n\nThe following methods (callbacks) needs to be implemented:\n\n```python\nclass WiregoListener(ABC):\n\n    @abstractmethod\n    def get_name(self) -\u003e str:\n        pass\n\n    @abstractmethod\n    def get_filter(self) -\u003e str:\n        pass\n\n    @abstractmethod\n    def get_fields(self) -\u003e List[WiregoField]:\n        pass\n\n    @abstractmethod\n    def get_detection_filters(self) -\u003e List[DetectionFilter]:\n        pass\n\n    @abstractmethod\n    def get_detection_heuristics_parents(self) -\u003e List[str]:\n        pass\n\n    @abstractmethod\n    def detection_heuristic(self, packet_number: int, src: str, dst: str, stack: str, packet: bytes) -\u003e bool:\n        pass\n\n    @abstractmethod\n    def dissect_packet(self, packet_number: int, src: str, dst: str, stack: str, packet: bytes) -\u003e DissectResult:\n        pass\n```\n\nWhen it's done simply register your class to Wirego and start listening for Wireshark's commands:\n\n```python\nprint(\"Wirego remote Python example\")\n\n# Create our listener\ntl = WiregoMinimal()\n\n# Instanciate wirego\nwg = wirego.Wirego(\"ipc:///tmp/wirego0\", True, tl)\nwg.results_cache_enable(True)\n\nwg.listen()\n```\n\nIt's probably time for you to take a look at the minimal Python example found in [./wirego_remote/python/examples/minimal/](./wirego_remote/python/examples/minimal/README.md)\n\n\n### Overview in Rust\n\nA plugin in Rust is very similar to the Go or Python ones.\nJuste take a look at the minimal example in [./wirego_remote/rust/wirego/examples/minimal/](./wirego_remote/rust/wirego/examples/minimal/) and read the [documentation](./wirego_remote/rust/wirego/README.md).\n\n\n### Running Wirego\n\nNow it's time for **step 3**: [install the Wirego plugin and start Wireshark](./doc/RUNNING.md)!\n\n## Examples\n\nA few plugin examples are available for each languages:\n\n**In Go:**\n\n- [Minimal](./wirego_remote/go/examples/minimal/) : a minimalistic example showing the basic usage of Wirego\n- [Reolink Credentials light](./wirego_remote/go/examples/reolinkcredslight/) : a lightweight version of a Reolink camera credentials parser\n- [Reolink Credentials](./wirego_remote/go/examples/reolinkcreds/) : an advanced version of a Reolink camera credentials parser\n\n**In Python:**\n\n- [Minimal](./wirego_remote/python/examples/minimal/) : a minimalistic example showing the basic usage of Wirego\n\n## Implementing a new language\n\nIf you plan to implement a package for a currently unsupported language, please take a look at the [Wirego ZMQ specifications](./doc/PROTOCOL.md).\n\n## Additional notes\n\nWhen the ZMQ endpoint used by your **Wirego remote plugin** is modified, you will be required to restart Wireshark, here's why:\n\n- we need to setup everything (plugin name, fields..) during the proto_register_wirego call\n- preferences values, hence the ZMQ endpoint, are only loaded afterwards during the proto_reg_handoff_wirego call\n\n## Changelog\n\n### Wirego 0.9 (18/12/2023)\n\nFirst public release of Wirego\n\n### Wirego 1.0 (26/03/2024)\n\n- Plugins ABI updates to 1.1\n- A detection heuristics function can now be defined\n- Renamed DissectorFilter to DetectionFilters for more clarity\n\n### Wirego 2.0 (24/12/2024)\n\nWirego 2.0 is a major update from Wirego 1.0.\nThe communication between the Wireshark plugin and the end user plugin has been fully rewritten to allow more languages to be integrated later (Python, Rust...).\n\n- Wirego's Wireshark plugin (wirego bridge) now uses ZMQ\n- Golang package (wireshark remote) now receives commands from Wirego bridge\n- Specification for ZMQ protocol (see doc/PROTOCOL.md)\n\n### Wirego 2.1 (25/03/2025)\n\nWirego 2.1 is a simply a cosmetic update of version 2.0.\n\n- Moved Go examples to the wirego_remote Go subfolder\n- Added example for Python Package\n- Reviewed all documentations\n\n### Wirego latest\n\n  - FIX: DetectionHeuristic result was not properly handled\n  - Port is added to src/dst fields on DissectPacket and DetectionHeuristic when available\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquarkslab%2Fwirego","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fquarkslab%2Fwirego","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquarkslab%2Fwirego/lists"}