hacktricks/forensics/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md
2023-04-07 10:52:01 +02:00

4 KiB

☁️ HackTricks Cloud ☁️🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥

If you have a pcap containing the communication via USB of a keyboard like the following one:

You can use the tool ctf-usb-keyboard-parser to get what was written in the communication:

tshark -r ./usb.pcap -Y 'usb.capdata && usb.data_len == 8' -T fields -e usb.capdata | sed 's/../:&/g2' > keystrokes.txt
python3 usbkeyboard.py ./keystrokes.txt

You can read more information and find some scripts about how to analyse this in:

☁️ HackTricks Cloud ☁️🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥