SSH Decryption

Reply
L1 Bithead

SSH Decryption

Hi. If my FW is doing SSH decryption and sending all decrypted traffic out of a mirror port where my Kali machine is, what tools would be able to "read" the username/password from the decrypted SSH traffic?

 

I was looking for something similar to what "dsniff" does for telnet;

 

TELNET : 10.1.1.1:23 -> USER: myuser PASS: mypassword

 

So basically, something similar to the above but for SSH. I was thinking this would be easy, as the traffic is already decrypted but I have spent a while Googling this with no joy.

 

Can anyone point me in the right direction?

 

DJ

Tags (1)
L0 Member

Re: SSH Decryption

You could just run Wireshark on your Kali machine and filter for SSH traffic. You should be able to see the decrypted information.

L1 Bithead

Re: SSH Decryption

Thanks, I already know this. I was hoping for a more automated tool to extract username/passwords without manually going through packets in Wireshark.....

L7 Applicator

Re: SSH Decryption

Hello,

Not sure about Kali, however have you looked into SecurityOnion? Its a Ubuntu build that does packet capture and IDS. You might be able to setup a rule that looks for this and alerts. However not entirely sure. They have a KB and forum you can ask about this on.

 

Regards,

L1 Bithead

Re: SSH Decryption

Interesting. I won't spend time setting this up and testing, unless I know whether it would work or not. I may check the KB and forums though, as you suggested.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!