PenTestFlightRecording

From Rory.wiki

Jump to: navigation, search

Penetration Testing "Flight Recording"

One of the aspects of pen. testing is being able to log all activity during the test. This can be useful for a number of reasons (main one being confirming that a production problem was not caused by the test!). There's a number of different types of logging/monitoring that might be appropriate to various different test types.

At a base level tcpdump/wireshark can be used to capture all traffic from the penetration testing host. However can product huge volumes of data and also capture a load of data not related to the test (the second problem is solvable with destination address filtering on the capture)

For web application testing it can be achieved by using a proxy for all traffic during the test. Burp/Webscarab can save log files of all data sent/received.

Another option I've started to look into is netflow.

iptables module for capturing netflow data flow-tools software

Retrieved from "http://wiki.mccune.org.uk/index.php/PenTestFlightRecording"
Personal tools