Skip to content

5h4rrk/CTF-Usb_Keyboard_Parser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
assets
assets
 
 
core
core
 
 
tests
tests
 
 
README.md
README.md
 
 
Usb_Keyboard_Parser.py
Usb_Keyboard_Parser.py
 
 
main.py
main.py
 
 

Repository files navigation

USB Keyboard Parser

USB Keyboard Parser The USB Keyboard Parser is an automated tool designed to extract and decode Human Interface Device (HID) data from pcap files. It works with two types of USB link types:

  • LinkTypeUsbLinuxMmapped: Captured USB traffic from Linux systems using memory-mapped I/O.

  • LinkTypeUsbPcap: Standard USB link type used in regular pcap files for capturing USB traffic.

Features

Two scripts are currently available:

  • main.py: Displays output based on Device Id, providing accurate results compared to Usb_Keyboard_Parser.py. It directly parses USB structures without relying on external dependencies and supports both pcap and pcapng formats.

  • Usb_Keyboard_Parser.py: Relies on tshark to extract the HID payload from packet captures and then decodes the data.

TODO

  • Add support for Darwin USB link types.

Bugs

  • Feel free to create issues.

Usage :

New Script

  python3 main.py <pcap-file/pcapng-file>

alt text

Old Script

  python3 Usb_Keyboard_Parser.py <pcap-file/pcapng-file>

image

About

USB Keyboard Parser Tool is an automated script that can extract HID data from.pcap or.pcapng files.

Topics

ctf usb-hid usb-keyboard

Resources

Readme
Activity

Stars

24 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages