Re: Keystroke logging
From: ChayoteMu (chayotemu_at_gmail.com)
Date: Fri, 1 Jul 2005 17:52:49 -0700 To: Guillaume Vissian <firstname.lastname@example.org>
This is mostly a question of curiosity. For the option of using a
proxy would it be possible to SSH to the proxy then generate a new SSH
from the proxy to the PC your getting into, and have the proxy log all
info that way? It may not be doable for all situations because I
figure you'd need to setup a hardend proxy on the network for that,
but as I said, I'm mainly curious if that would work.
On 7/1/05, Guillaume Vissian <email@example.com> wrote:
> The proxy will not see everything, if the connection is encrypted with SSL,
> or for some other connection like ssh , and more : ssh tunneling the user
> will make the proxy logs unusable...
> -----Message d'origine-----
> De: Kurt Keys [mailto:KKeys@sddpc.org]
> Envoyé: vendredi 1 juillet 2005 16:45
> À: firstname.lastname@example.org; email@example.com
> Objet: Re: Keystroke logging
> Instead of a Keystroke logger, setup a proxy for your pen-test systems to
> on their outbound connection to the target. Then have the proxy log
> and although you may not have all the mouse clicks and commands typed, you
> will have a log of the traffic to and from the target network. To me that is
> more valuable. But that's just me.
> Good Luck,
> Kurt Keys
> Information Security Specialist
> Information Security Department
> San Diego DPC
> >>> "JB" <firstname.lastname@example.org> 6/30/2005 12:36:24 PM >>>
> I'm wondering if anyone has either a kernel level keystroke logger for the
> Linux 2.6, or a userspace keystroke logger for Linux. As part of our
> penetration testing, we are required to give the client a log of all
> actions performed - so this would be a good way of logging all linux
> commands. Also - if you know of the same sort of tool for windows - that
> would also be appreciated.
-- "To catch a thief, think like a thief. To catch a master thief, be a master thief."