[JohnLeitch]

Not even remotely accurate. While the dissector is not as mature as I thought and there's no built-in decryption as there is for TLS, that doesn't matter much. Hint: every component of the system is attacker controlled in this scenario.

[fragmede]

> Not even remotely accurate.

> there's no built-in decryption

Is that because wireshark can't do that just from packet captures?

[JohnLeitch]

>Is that because wireshark can't do that just from packet captures?

Well, not quite. I think it's more that nobody has taken the time to implement it. That's not to say such an implementation would automatically decrypt the traffic from a capture with no extra leg work, of course. Wireshark dissectors have user configurable preferences, and presumably this would be where captured secrets could be set for use. This is how it handles TLS decryption [1], which works beautifully.

[1] https://wiki.wireshark.org/TLS#tls-decryption