The advantage here is that Wireshark will often uncompress any compressed plaintext data for you when the protocol is known to carry compressed data.īoth of these methods are generally slow, so the tshark utility that is part of the Wireshark suite of tools can be leveraged to automate this task, but you really need to be familiar with using Wireshark before you can be terribly effective with tshark. Given a pcap I would always open it with Wireshark and do some searches using the contains operator. But even if I found something using this technique, I'd still do the next thing to verify the context (this would just be a potential time saver, but also might be a bit of a distraction) Right off the bat you might just throw the pcap through strings and see if you get lucky, using a case-insensitive search for the word "password" and seeing what strings immediately follow it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |