CLEARTEXT SUBMISSION OF PWDS

this package creates alerts for cleartext passwords found in HTTP traffic

root@dco:~$ zkg install zeek/cybera/zeek-sniffpass
 The following packages will be INSTALLED:
 zeek/cybera/zeek-sniffpass (master)
 Proceed? [Y/n] Y
 Installing "zeek/cybera/zeek-sniffpass"
 Installed "zeek/cybera/zeek-sniffpass" (master)
 Loaded "zeek/cybera/zeek-sniffpass"

root@dco:~$ zkg list
 zeek/cybera/zeek-sniffpass (installed: master) - Sniffpass will alert on cleartext passwords discovered in HTTP POST requests
 
#usage
root@dco:~$ cat sniff-demo.zeek 
 @load /opt/zeek/share/zeek/site/zeek-sniffpass
root@dco:~$ zeek -Cr http.pcap sniff-demo.zeek

root@dco:~$ cat notice.log | zeek-cut id.orig_h id.resp_h proto note msg
 10.10.57.178	44.228.249.3	tcp	SNIFFPASS::HTTP_POST_Password_Seen	Password found for user BroZeek
 10.10.57.178	44.228.249.3	tcp	SNIFFPASS::HTTP_POST_Password_Seen	Password found for user ZeekBro

PreviousNOTICE FRAMEWORK | INTELLIGENCE NextGEO-LOCATION DATA

Last updated 6 months ago