Penetration Testing mailing list archives
Re: Keystroke logging
From: ChayoteMu <chayotemu () gmail com>
Date: Fri, 1 Jul 2005 17:52:49 -0700
This is mostly a question of curiosity. For the option of using a proxy would it be possible to SSH to the proxy then generate a new SSH from the proxy to the PC your getting into, and have the proxy log all info that way? It may not be doable for all situations because I figure you'd need to setup a hardend proxy on the network for that, but as I said, I'm mainly curious if that would work. On 7/1/05, Guillaume Vissian <somebodyishere () gmail com> wrote:
The proxy will not see everything, if the connection is encrypted with SSL, or for some other connection like ssh , and more : ssh tunneling the user will make the proxy logs unusable... G. -----Message d'origine----- De: Kurt Keys [mailto:KKeys () sddpc org] Envoyé: vendredi 1 juillet 2005 16:45 À: pentest () jitonline net; pen-test () securityfocus com Objet: Re: Keystroke logging Instead of a Keystroke logger, setup a proxy for your pen-test systems to use on their outbound connection to the target. Then have the proxy log everything and although you may not have all the mouse clicks and commands typed, you will have a log of the traffic to and from the target network. To me that is infinitely more valuable. But that's just me. Good Luck, Kurt Keys Information Security Specialist Information Security Department San Diego DPC"JB" <pentest () jitonline net> 6/30/2005 12:36:24 PM >>>I'm wondering if anyone has either a kernel level keystroke logger for the Linux 2.6, or a userspace keystroke logger for Linux. As part of our penetration testing, we are required to give the client a log of all actions performed - so this would be a good way of logging all linux commands. Also - if you know of the same sort of tool for windows - that would also be appreciated. -J
-- "To catch a thief, think like a thief. To catch a master thief, be a master thief."
Current thread:
- Re: Keystroke logging, (continued)
- Re: Keystroke logging Chuck (Jul 06)
- Re: Keystroke logging Tomasz Piotr Palarz (Jul 01)
- Re: Keystroke logging Dave McCormick (Jul 01)
- Re: Keystroke logging Jay D. Dyson (Jul 01)
- Re: Keystroke logging Jerome Athias (Jul 01)
- Re: Keystroke logging netmask (Jul 01)
- Re: Keystroke logging - mouse Alvin Oga (Jul 01)
- Re: Keystroke logging - mouse Golden_Eternity (Jul 01)
- Re: Keystroke logging - mouse Alvin Oga (Jul 01)
- Re: Keystroke logging Kurt Keys (Jul 01)
- RE: Keystroke logging Guillaume Vissian (Jul 01)
- Re: Keystroke logging ChayoteMu (Jul 01)
- Re: Keystroke logging Joachim Schipper (Jul 02)
- RE: Keystroke logging Guillaume Vissian (Jul 01)