-
Notifications
You must be signed in to change notification settings - Fork 5
Data Collection
- Current Timestamp
- Source IP address (attacker's IP)
- Authentication Method
- Username used for authentication
- Password OR public key
By default, this file is located in logs/authentication_attempts directory of your MITM repository directory (configurable with the --logging-authentication-attempts option).
- Current Timestamp
- Source IP address (attacker's IP)
- Session ID
By default, this file is located in logs/logins directory of your MITM repository directory (configurable with the --logging-logins option).
- Current Timestamp
- Session ID
- Linked to the "Session ID" in the logins file
- Source IP address (attacker's IP)
- Destination IP address (container's IP)
- Container/Honeypot ID
- Authentication Method
- Username supplied
- Password OR public key
By default, this file is located in logs/session_streams directory of your MITM repository directory (configurable with the --logging-attacker-streams option). Inside this folder are each of the session files named using the Session ID. You may assume that each session ID generated is unique.
- Current Timestamp
- Human readable keystroke name
- ASCII character code of the keystroke
- Parsed full line (when enter key is used) - this information can be reconstructed from the keystroke data, so this is essentially duplicate data)
By default, this file is located in logs/keystrokes directory of your MITM repository directory (configurable with the --logging-keystrokes option).