hacktricks/forensics/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md
2024-12-12 11:39:29 +01:00

3.1 KiB

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

If you have a pcap containing the communication via USB of a keyboard like the following one:

You can use the tool ctf-usb-keyboard-parser to get what was written in the communication:

tshark -r ./usb.pcap -Y 'usb.capdata && usb.data_len == 8' -T fields -e usb.capdata | sed 's/../:&/g2' > keystrokes.txt
python3 usbkeyboard.py ./keystrokes.txt

You can read more information and find some scripts about how to analyse this in:

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}