Penetration Testing mailing list archives
Extracting credentials from pcap
From: David <lists () edeca net>
Date: Sun, 16 Sep 2007 13:00:22 +0100
I have a large number of pcaps from sensors around a network. I'd like to be able to extract details of authentications (e.g. HTTP, POP, IMAP) and credentials from these, with dates and times so I can draw up a report for a customer. Unfortunately they seem to have neglected to implement decent logging and now they are stuck.
dsniff is fantastic at pulling out various credentials but it doesn't get the dates correct from pcap. When digging about the source code it seems that dsniff just prints the current time/date when it finds a new record. It doesn't even seem that libnids passes the pcap timestamp.
So I'm looking for other ideas to extract credentials along with the date and time of their occurrence. This way I can hopefully have a decent log of what happened when and find out "whodunnit".
Any ideas? David ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Extracting credentials from pcap David (Sep 16)
- RE: Extracting credentials from pcap Shenk, Jerry A (Sep 17)
- Re: Extracting credentials from pcap Brian Toovey (Sep 17)
- Re: Extracting credentials from pcap Brian Toovey (Sep 17)
- Re: Extracting credentials from pcap SD List (Sep 19)
- Re: Extracting credentials from pcap Brian Toovey (Sep 17)