Onion Information

Page Clicks: 0

First Seen: 03/12/2024

Last Indexed: 10/23/2024

Domain Index Total: 98

PAS: PCAP Analysis Script Projects PAS This script was originally created to help identify the extent to which my downstream traffic was observable, in part to aid in the writing of this analysis of what the draft IPB will allow It's purpose is to crawl a PCAP and extract all potentially useful information about observed browsing behaviour/connections. At time of moving into a dedicated project, the script currently supports Extraction of Host / Path /Cookie from Port 80 traffic Extraction of FQDN from SNI handshake for port 443 traffic Correlation of HTTP referrer headers to known HTTPS hosts to identify (some) paths viewed on HTTPS sites Generation of unique list of cookies seen (for potential credential/session theft) List of XMPP servers observed Port 80 and 443 traffic information is combined into a chronologically ordered CSV to aid further analysis The codebase can be found On Github Initial Estimate: 26.17 hours Time Logged: 7 hours Issues Key Type Pty Summary Status Resolution Created Assigned To PAS-1 Task Major Create Repo Closed Done 2015-11-22 09:07:17 Ben Tasker PAS-2 Bug Major HTTPS paths are only extracted if a TLS handshake has been observed Closed Fixed 2015-11-22 09:10:25 Ben Tasker PAS-3 New Feature Major Allow configuration of "interesting" Referrers Open 2015-11-22 09:31:15 Ben Tasker PAS-4 Bug Major HTTPS Referrer Search should only match on the Referrer field Closed Fixed 2015-11-22 09:46:13 Ben Tasker PAS-5 New Feature Major Replace observed Cipher Suites with Human Readable versions Closed Done 2015-11-22 10:38:41 Ben Tasker PAS-6 New Feature Minor Reading of multiple PCAPs Open 2015-11-22 11:20:06 Ben Tasker PAS-7 Task Major Document Report Files Closed Done 2015-11-22 11:21:17 Ben Tasker PAS-8 New Feature Major Rationalise fields in webtraffic.csv Closed Done 2015-11-22 11:33:11 Ben Tasker PAS-9 New Feature Major Unique list of IP/Ports Open 2015-11-22 13:10:55 Ben Tasker PAS-10 New Feature Major Take encapsulated IPv6 Traffic into account Closed Done 2015-11-24 16:45:07 Ben Tasker PAS-11 New Feature Major Call TShark only if a relevant port has been observed Open 2015-11-25 16:47:58 Ben Tasker PAS-12 New Feature Major Implement processing of HTTP output Closed Done 2015-11-25 22:37:01 Ben Tasker PAS-13 New Feature Major Extract DNS Traffic Open 2015-11-26 00:40:00 Ben Tasker PAS-14 Task Major Tidy Up Open 2015-11-26 00:41:28 Ben Tasker PAS-15 Task Major SMTP Credential Handling Open 2015-11-26 16:11:39 Ben Tasker PAS-16 New Feature Major Browser Fingerprinting Open 2015-11-26 18:12:06 Ben Tasker PAS-17 New Feature Major Configuration Option for Passive Only Checks Closed Done 2015-11-26 18:14:33 Ben Tasker PAS-18 New Feature Major Extract interesting paths from Cookies Open 2015-11-26 18:18:17 Ben Tasker PAS-19 Bug Major ssltraffic.txt should be a CSV Closed Fixed 2015-11-27 00:40:09 Ben Tasker PAS-20 New Feature Major Mail Handling Open 2015-11-27 12:41:55 Ben Tasker PAS-21 New Feature Major Correlate Encrypted Traffic against DNS to obtain hostname Open 2015-11-27 13:26:35 Ben Tasker PAS-22 New Feature Major TCP Transaction Log Closed Done 2015-11-28 17:23:55 Ben Tasker PAS-23 New Feature Major Allow per directory override of configuration Closed Done 2015-11-28 22:52:18 Ben Tasker PAS-24 New Feature Major Allow Manual Disabling of Certain Checks Open 2015-11-28 23:04:55 Ben Tasker PAS-25 Sub-task Major Document run dependancies Open 2015-11-28 23:08:04 Ben Tasker PAS-26 New Feature Major Generate list of observed unresolvable FQDNs Open 2016-02-03 11:04:59 Ben Tasker PAS-27 New Feature Major Allow Configuration of SSL Ports Closed Done 2016-02-03 12:54:18 Ben Tasker PAS-28 New Feature Major Detect likely Tor Handshakes Open 2016-02-03 14:23:01 Ben Tasker Components Configuration Options Data Correlation and Extraction DNS Documentation Fingerprinting HTTP Instant Messaging Mail PCAP Handling Processing Logic Reports SSL/TLS Versions 0.1 Un-released 0.2 Un-released