Hi. If my FW is doing SSH decryption and sending all decrypted traffic out of a mirror port where my Kali machine is, what tools would be able to "read" the username/password from the decrypted SSH traffic?
I was looking for something similar to what "dsniff" does for telnet;
TELNET : 10.1.1.1:23 -> USER: myuser PASS: mypassword
So basically, something similar to the above but for SSH. I was thinking this would be easy, as the traffic is already decrypted but I have spent a while Googling this with no joy.
Can anyone point me in the right direction?
Not sure about Kali, however have you looked into SecurityOnion? Its a Ubuntu build that does packet capture and IDS. You might be able to setup a rule that looks for this and alerts. However not entirely sure. They have a KB and forum you can ask about this on.
Interesting. I won't spend time setting this up and testing, unless I know whether it would work or not. I may check the KB and forums though, as you suggested.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!