Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mod app.conf to set default path to Wireshark and Sysmon #436

Open
guthubnik opened this issue Feb 23, 2022 · 2 comments
Open

Mod app.conf to set default path to Wireshark and Sysmon #436

guthubnik opened this issue Feb 23, 2022 · 2 comments
Labels
✨ enhancement

Comments

@guthubnik
Copy link

guthubnik commented Feb 23, 2022
edited
Loading

Behaviour

WindowsSpyBlocker v.4.38.0 don't use the default install directory of Wireshark and Sysmon.

On a Win7x32 OS Wireshark is installed as default in "%ProgramFiles%\Wireshark"
and Sysmon as default in "%WinDir%\ Sysmon.exe",
but WindowsSpyBlocker look only in his own folder (as a 'portable app with all components on board'):
.\libs\wireshark\tshark.exe
.\libs\sysmon\sysmon.exe
and not also in the default install folders of the OS.

Steps to reproduce this issue

2 - Print list of network interfaces
3 - Capture (required Npcap)
4 - Extract log

'menu' for help [dev-wireshark]> 2

'menu' for help [dev-wireshark]> 3

'menu' for help [dev-wireshark]> 4

Expected behaviour

Tell me what should happen

  1. Print list of network interfaces
  2. Capture
  3. Extract log

Actual behaviour

Tell me what happens instead

First Problem The executable image is not found on the system (although it is installed with default settings) and WindowsSpyBlocker tries to download it:
Downloading https://dl.crazymax.dev/Wireshark-win64-3.0.2.zip... Error: Head "https://dl.crazymax.dev/Wireshark-win64-3.0.2.zip": x509: certificate has expired or is not yet valid:

Second Problem: WindowsSpyBlocker try to download Wireshark in wrong architecture (as x64 instead of x32) as showed in UR.

Rules used

(ex: data/firewall/spy.txt)

this is not relevant for this problem case

Configuration

Country (ex. United-States) : DE-DE

Operating system (ex. Windows 10 Pro 64 bits) : Windows 7 x32 (Ultimate, v.6.1, Build 7601: SP1)
@crazy-max
Copy link
Owner 

Downloading https://dl.crazymax.dev/Wireshark-win64-3.0.2.zip... Error: Head "https://dl.crazymax.dev/Wireshark-win64-3.0.2.zip": x509: certificate has expired or is not yet valid:

This error should be fixed now but agree to allow using one from PATH.

@guthubnik
Copy link
Author

Thank.
Is it now possible to add another path to tshark.exe and sysmon.exe, e.g. via app.conf? I don't like to make Junctions or Symbollinks to such images in .\libs\ folder (that is in root directory of WindowsSpyBlocker).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
✨ enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crazy-max @guthubnik