Wireshark and Encrypted Traffic

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:00
Why are shark in encrypted traffic?
00:03
We only have one learning objective here is to understand the difference between encrypted traffic and unencrypted traffic when using wire shark or while using wire shark. So why is this important? Well, as an attacker, we want to know again what our tools do. And if I'm using Net Cat and a pen test and I am exfil trading data. Um I'm doing everything in the clear. A defender can see exactly what data I'm exfil trading, which
00:26
of course is bad. So it's important to know what our tools do and a tool that's like Net Cat is so Cat. So in the new P. W. K. Material that came out last year, they are now introducing the so Cat. So Cats been out longer of course than that. But the the tool is like that cat is a bit more versatile
00:45
And it's a little bit harder to learn how to use. Now we can see here, I'm creating a reverse shell on port 22
00:53
from my windows box connecting to my Cali box. And here is the syntax again not as easy to learn as Net cat.
01:02
So if we look at our packet capture in wire shark we can see the commands that have been issued so we can see that. Who am I command? The I. P. Config command in the output from those commands. And if we look at the actual terminal Windows on my Cali box we see we have that listener set up on port 22 that connection and then of course I'm issuing those commands
01:21
and on my windows box you know I'm using so cat dot E X C two then you know to connect to my Cali box. So that's to say
01:29
we're busted because port 22 is supposed to be ssh it's supposed to be encrypted traffic. So a defender would very quickly pick up what we're doing
01:38
now as far as oh SCP is concerned you know I wouldn't really worry about that but that's to say you know if if we are connecting to um H. T. P. S. We're not gonna be able to see the traffic that we're generating because it's going to be encrypted. So trying to debug something where encryptions involved is gonna be a lot harder for us.
01:57
Now. We can also use so cat to encrypt our traffic as well.
02:01
Um So here is the syntax here again if you have the P. W. K. Or pen 200 materials they kind of walk you through this.
02:09
But again here's our packet capture this time using encryption and again we have no idea what's going on here because we're using encryption.
02:19
So we have our listener uh set up here um on our Cali box. And
02:27
we have we're now connecting to it from uh from my host. So I'm issuing the I. D. Command the I. F. Config command and I'm not seeing any of that output.
02:38
So I want to show you this uh hands on. So let's say let's just use our local host here. So what I'm gonna do is create a Net Cat listener
02:47
and
02:50
Net Cat and see.
02:52
And I'm going to do that on port
02:57
12345.
03:00
Now here I'm going to use Net Cat
03:05
and I am going to
03:07
connect locally
03:10
12345.
03:15
And I'm just going to say hi
03:17
how how are you?
03:24
And we will stop here And let's let's take a look at wire shark.
03:30
So I right click and I follow the TCP stream.
03:34
I can see everything in the clear here. Hi how are you?
03:38
So that's to say when using Net Cat I can see exactly what is going on. Let's try this again.
03:46
But this time let's use we're not gonna use so cat we're gonna use
03:51
and Cat which is made by our friends at the map.
03:57
So we'll do now is we will
04:00
capture again
04:01
and I'll do N. Cat.
04:06
That's where we'll connect to. And here I'll do in Cat again.
04:12
I'm gonna listen on port 12345 Using S. S. L.
04:16
And here I'm going to connect using ssl
04:20
so again. Hi
04:24
how are you?
04:29
So I'll stop this capture and I will do the same thing
04:33
and now I can't see anything. So using ssl here with in Cat
04:38
um We now can't see what's going on.
04:42
Hopefully that practical example makes sense for you.
04:48
So in summary now we should understand the difference between encrypted traffic and unencrypted traffic using wire Shark.
Up Next
Offensive Penetration Testing

The Offensive Penetration Testing course opens the doors to those wanting to begin a penetration testing career. This course will prepare learners to begin their pentesting career journey by understanding what tools, techniques, and resources are available for someone starting out in offensive penetration testing.

Instructed By