SSH Decryption

Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSH Decryption

L1 Bithead

Hi. If my FW is doing SSH decryption and sending all decrypted traffic out of a mirror port where my Kali machine is, what tools would be able to "read" the username/password from the decrypted SSH traffic?


I was looking for something similar to what "dsniff" does for telnet;


TELNET : -> USER: myuser PASS: mypassword


So basically, something similar to the above but for SSH. I was thinking this would be easy, as the traffic is already decrypted but I have spent a while Googling this with no joy.


Can anyone point me in the right direction?




L1 Bithead

You could just run Wireshark on your Kali machine and filter for SSH traffic. You should be able to see the decrypted information.

Thanks, I already know this. I was hoping for a more automated tool to extract username/passwords without manually going through packets in Wireshark.....


Not sure about Kali, however have you looked into SecurityOnion? Its a Ubuntu build that does packet capture and IDS. You might be able to setup a rule that looks for this and alerts. However not entirely sure. They have a KB and forum you can ask about this on.



Interesting. I won't spend time setting this up and testing, unless I know whether it would work or not. I may check the KB and forums though, as you suggested.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!