|
发表于 2022-1-17 22:19:52
|
显示全部楼层
- @rem 安装文件一般在 C:\Program Files\EVE-NG
- @ECHO OFF
- SET USERNAME="root"
- SET PASSWORD="eve"
- SET S=%1
- SET S=%S:capture://=%
- FOR /f "tokens=1,2 delims=/ " %%a IN ("%S%") DO SET HOST=%%a&SET INT=%%b
- IF "%INT%" == "pnet0" SET FILTER=" not port 22"
- ECHO "Connecting to %USERNAME%@%HOST%..."
- "C:\Program Files\EVE-NG\plink.exe" -ssh -batch -pw %PASSWORD% %USERNAME%@%HOST% "tcpdump -U -i %INT% -s 0 -w -%FILTER%" | "这里是Wireshark.exe的路径" -k -i -
复制代码
原理说白了其实很简单,ssh 到eve ,dump流量,给wireshark
1、安装完eve-ng的客户端后,默认在"C:\Program Files\EVE-NG" 会有一个 "win7_64bit_wireshark.reg",它用来注册浏览器中以 "capture://" 打头的链接,注册完成后,当点击"capture://"链接就会调用它默认注册的bat文件:"wireshark_wrapper.bat"
2、这个文件主要是开头的那段代码,头两行是设置环境变量,就是eve的ssh登录的账号密码,后续就是把传递进来的"capture://"格式化,最后用plink.exe去登录并dump流量,用管道给wireshark,plink登录的前要用putty保存下host的密钥 |
|