[2021]SSH流量取证工具 huoji 流量监测,SSH,流量取证,调查取整,SSH解密 2021-04-11 1209 次浏览 0 次点赞 在实战中我们经常遇到ssh被爆破登陆后搞这个搞那个 我们需要一个工具来解密ssh流量并且取证 packetStrider就是干这个的 使用: ```bash pip3 install pandas matplotlib pyshark git clone https://github.com/benjeems/packetStrider.git python3 packetStrider-ssh.py -h usage: packetStrider-ssh.py [-h] [-f FILE] [-n NSTREAM] [-m] [-k] [-p] [-z ZOOM] [-d DIRECTION] [-o OUTPUT_DIR] [-w WINDOW] [-s STRIDE] packetStrider-ssh is a packet forensics tool for SSH. It creates a rich feature set from packet metadata such SSH Protocol message content, direction, size, latency and sequencing. It performs pattern matching on these features, using statistical analysis, and sliding windows to predict session initiation, keystrokes, human/script behavior, password length, use of client certificates, context into the historic nature of client/server contact and exfil/infil data movement characteristics in both Forward and Reverse sessions optional arguments: -h, --help show this help message and exit -f FILE, --file FILE pcap file to analyze -n NSTREAM, --nstream NSTREAM Perform analysis only on stream n -m, --metaonly Display stream metadata only -k, --keystrokes Perform keystroke prediction -p, --predict_plot Plot data movement and keystrokes -z ZOOM, --zoom ZOOM Narrow down/zoom the analysis and plotting to only packets "x-y" -d DIRECTION, --direction DIRECTION Perform analysis on SSH direction : "forward", "reverse" OR "both" -o OUTPUT_DIR, --output_dir OUTPUT_DIR Directory to output plots -w WINDOW, --window WINDOW Sliding window size, # of packets to side of window center packet, default is 2 -s STRIDE, --stride STRIDE Stride between sliding windows, default is 1 ``` 解密ssh流量与时间会话: ```bash python3 packetStrider-ssh.py -f tcpdump.pcap -k -p -o out ``` 基本上全出来了 ![](https://key08.com/usr/uploads/2021/04/3355700718.png) github: https://github.com/benjeems/packetStrider 本文由 huoji 创作,采用 知识共享署名 3.0,可自由转载、引用,但需署名作者且注明文章出处。 点赞 0
还不快抢沙发