Penetration Testing mailing list archives
Re: [PEN-TEST] sniffing ssh
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Wed, 6 Dec 2000 23:38:17 -0500
On Wed, 6 Dec 2000, Ovanes Manucharyan wrote:
I was just wondering if there is a tool that will let one sniff ssh traffic and view it on a terminal. Sort of similar to sniffit with the -D option. This of course would entail knowing the ssh key. But lets assume that I have recovered the session key somehow.
yes. if you are one end or the other you can use a tool called 'sshsniff' to do this on UNIX (tested on Linux with libc5). it works by examining the system calls, strace/ltrace style, and printing both sides of the conversation. extremely scary when you see it, but its due to the lack of protected/compartmentalized areas of memory in the UNIX world. never forget that this is your weakest link, the ends of the conversation (for both ssh and PGP). sshsniff can be found online at: http://www.psychoid.lam3rz.de/exploits.html ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- [PEN-TEST] sniffing ssh Ovanes Manucharyan (Dec 07)
- Re: [PEN-TEST] sniffing ssh Jose Nazario (Dec 10)