A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Cain RDP (Remote Desktop Protocol) Sniffer Parser

Cain RDP (Remote Desktop Protocol) Sniffer Parser 

As some of you may know, Cain has the ability to ARP poison, sniff and pull off a man in the middle attack against the RDP/Remote Desktop/Terminal Services protocol.  It's kind of hit a miss depending on the network layout and what version of RDP is in use. Pulling out keystrokes from the decrypted log file made by Cain can be quite a chore, so I coded up this quick little parser. Normally you would have to look through the RDP logs Cain makes by hand, searching for entries like "Key pressed client-side: 0x5 - 'a'". Using my script you can interpret those logs and save the keystrokes sent by the client to the server. This is very useful for finding passwords that may have been sent over the RDP session. I plan to use this script in a future video, but for now it can be downloaded from the following link:

Download Cain RDP Sniffing Log Parser

Just choose the file you want to parse, then choose a name for the output text file.

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast