PA Toolkit – A collection of security-focused traffic analysis plugins

easternfn · Feb 19, 2025

The PA Toolkit is a collection of traffic https://linkmonetizado.com/full?api...QuY29tL3NlYXJjaC9sYWJlbC9BbmFseXNpcw==&type=2 plugins to extend the functionality of Wireshark from a microanalysis tool and a dissection protocol to the macro analyzer and threat hunter. The PA Toolkit contains plugins (dissectors and taps) covering various scenarios for various protocols, including:

WiFi (WiFi network summary, detection beacon, deauth floods, etc.)
HTTP (listing all websites visited, files downloaded)
HTTPS (List all websites open on HTTPS)
ARP (MAC-IP table, Detect MAC spoofing and ARP poisoning)
DNS (Listing DNS servers used and DNS resolution, Detecting DNS Tunnels)

The project is under active development and more plugins will be added in near future.
This material was created while working on “Traffic Analysis: TSHARK Unleashed” course. Those interested can check the course here: https://linkmonetizado.com/full?api...VzdGVyYWNhZGVteS5jb20vY291cnNlP2lkPTQy&type=2
Installation
Steps:

Copy the “plugins” directory to Wireshark plugins directory.
Start wireshark.

One can get the location of wireshark plugins directory by checking Help > About Wireshark > Folders

Tool featured at

Arsenal de Blackhat 2018 < https://linkmonetizado.com/full?api...1wbHVnaW5zLWZvci1wZW50ZXN0ZXJzLTEyMDM1&type=2 >
DEF CON 26 Demolabs < https://linkmonetizado.com/full?api...VmY29uLTI2L2RjLTI2LWRlbW9sYWJzLmh0bWw=&type=2 >

Author

Nishant Sharma, Technical Manager, Pentester Academy < [email protected] >
Jeswin Mathai, Security Researcher at Pentester Academy < [email protected] >

Under the guidance of Mr. Vivek Ramachandran, CEO of Pentester Academy
Documentation
For more details, see the PDF file “PA-Toolkit.pdf”. This file contains the slide deck used for presentations.
PA Toolkit screenshots
after installation