LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Wireshark Question
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-25-2021, 10:42 AM   #1
mb1994
LQ Newbie
 
Registered: Dec 2020
Posts: 10

Rep: Reputation: Disabled
Wireshark Question

Good morning all,

I was wondering if anyone may be able to provide me with some assistance in Wireshark. I believe my host was a victim of an EK attack. I used Wireshark and was able to locate the payload (using Export Objects -> HTTPS). I confirmed my suspicious by using VirusTotal and had 21 / 60 engines detect. Now that I located the payload... how can I locate the URL of the compromised website? When I highlight the payload packet in Wireshark, I can see that there is a host name (the website that downloaded the payload) and a referer website. Is the referer website the compromised website that acted as the landing page? I have included a screenshot of my Wireshark which shows the referer and host name of the payload.

Thanks in advance!
Attached Thumbnails
Click image for larger version Name: 1.PNG Views: 33 Size: 219.2 KB ID: 35919  
 
Old 03-26-2021, 03:06 PM   #2
Gad
Member
 
Registered: May 2013
Distribution: FreeBSD
Posts: 566

Rep: Reputation: 114Reputation: 114
I am no expert on Wireshark but I presume compare the IP address with the website against the "compromised" website. As far as getting the URL is concerned some DNS tools might be able to help you out. You will probably have to do some digging.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wireshark Question mb1994 Linux - Newbie 3 03-22-2021 05:05 PM
A question about Wireshark rokyo Linux - Security 5 04-03-2017 02:15 PM
Question on using Wireshark to troubleshoot vlan traffic JockVSJock Linux - Networking 6 09-30-2016 12:40 PM
Wireshark sniff msn question Sick_Boy Linux - Security 4 11-08-2007 12:12 PM
quick wireshark question nomb Linux - Security 4 10-16-2007 10:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:21 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration