Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Extracting credentials from pcap

From: David <lists () edeca net>
Date: Sun, 16 Sep 2007 13:00:22 +0100
I have a large number of pcaps from sensors around a network. I'd like to be able to extract details of authentications (e.g. HTTP, POP, IMAP) and credentials from these, with dates and times so I can draw up a report for a customer. Unfortunately they seem to have neglected to implement decent logging and now they are stuck.
dsniff is fantastic at pulling out various credentials but it doesn't get the dates correct from pcap. When digging about the source code it seems that dsniff just prints the current time/date when it finds a new record. It doesn't even seem that libnids passes the pcap timestamp.
So I'm looking for other ideas to extract credentials along with the date and time of their occurrence. This way I can hopefully have a decent log of what happened when and find out "whodunnit". 

Any ideas?

David

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: