Pa Toolkit - A Collection Of Traffic Analysis Plugins Focused On Security
PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool together with protocol dissector to the macro analyzer together with threat hunter. PA Toolkit contains plugins (both dissectors together with taps) roofing diverse scenarios for multiple protocols, including:
- WiFi (WiFi network summary, Detecting beacon, deauth floods etc.)
- HTTP (Listing all visited websites, downloaded files)
- HTTPS (Listing all websites opened on HTTPS)
- ARP (MAC-IP table, Detect MAC spoofing together with ARP poisoning)
- DNS (Listing DNS servers used together with DNS resolution, Detecting DNS Tunnels)
This cloth was created piece working on "Traffic Analysis: TSHARK Unleashed" course. Those interested tin banking concern gibe the course of pedagogy here: https://www.pentesteracademy.com/course?id=42
Installation
Steps:
- Copy the "plugins" directory to Wireshark plugins directory.
- Start wireshark. :)
Tool featured at
- Blackhat Arsenal 2018 <https://www.blackhat.com/us-18/arsenal/schedule/index.html#pa-toolkit-wireshark-plugins-for-pentesters-12035>
- DEF CON 26 Demolabs <https://defcon.org/html/defcon-26/dc-26-demolabs.html>
Author
- Nishant Sharma, Technical Manager, Pentester Academy <nishant@binarysecuritysolutions.com>
- Jeswin Mathai, Security Researcher, Pentester Academy <jeswin@binarysecuritysolutions.com>
Documentation
For to a greater extent than details refer to the "PA-Toolkit.pdf" PDF file. This file contains the slide deck used for presentations.
Screenshots
PA Toolkit subsequently installation
List of websites visited over HTTP
Search functionality
Domain to IP mappings
