Hi Robin, NetworkMiner parses MS-SQL from PCAP files and extracts all SQL queries etc to the "Parameters" tab. Login credentials are also extracted and displayed on the Credentials tab.
Btw. you do know that NetworkMiner runs fine in Linux as well, right? http://www.netresec.com/?page=Blog&month=2011-12&post=No-more-Wine---NetworkMiner-in-Linux-with-Mono /erik 2013/11/26 Robin Wood <[email protected]>: > > On 26 Nov 2013 18:58, "c1b3rh4ck" <[email protected]> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> El 25/11/2013 06:09 p.m., Robin Wood escribió: >> > I've got a pcap which contains unencrypted MSSQL traffic, can >> > anyone recommend an app which will extract all the SQL? >> > >> > I can see it in Wireshark but it isn't decoding it for some reason, >> > if I save the packets as text I can manipulate it into mostly >> > readable form by some simple replaces but would rather a nice clean >> > extraction, especially as I know this has usernames and passwords >> > in. >> > >> > Robin _______________________________________________ Pauldotcom >> > mailing list [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main >> > Web Site: http://pauldotcom.com >> > >> >> Hi, >> You can use python libraries to parse the content,take a look at scapy :) >> Best regards . > > Does Scapy have a dissector for MSSQL/TDS? > > Robin > >> >> - ------------------------------ >> Debian User >> Penetration Testing >> Colombian Security Enthusiast >> Paranoid Security Addict >> LinuxUser #506301 >> - ------------------------------------ >> Quien se infiltra en la oscuridad,es Quien encuentra la verdad .Lao Tse >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2.0.22 (MingW32) >> >> iQEcBAEBAgAGBQJSlOVJAAoJEH744K9jmDitVSEH+weDHbDNoNoJ3hgLrFPYvVuV >> ZLymjMxLVaJH5OJRlQi+wIBhnJ1s5pmWXPAva57nGspO36rROIEylUCmYL/GAFvO >> rj8QL/EvsWJaAMyo+kLeTwvVQ6l6q0GjStluaicOMT7SwOc8lRyjJ+LByUaCSM5I >> nOXlKffvwOj3Y1WzA8Qviy3RAHCmWGDN7vI8mrTvb1tdXjt4ui+aDpcRwuysbLR2 >> BAoCMPtQMzr0Dq+Scw/suIfTVnP1JkHjL9XZlwuZLQHL5pRZ7bNu9jT1v2M9/zBH >> vxgddslFYYsaXvht1C9AhaJNZMk4TcCOQY/57HfC+0VPi5UbFqwYRLzObZ3IbUU= >> =OW3f >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com -- blog: http://www.netresec.com/?page=Blog twitter: http://twitter.com/netresec _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
