Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

kreep: Keystroke Recognition and Entropy Elimination Program

kreep identifies search queries in encrypted network traffic using information leaked through autocomplete suggestions. There are several sources of information leakage in client outbound traffic. These include:

  1. Autocomplete packet sizes are monotonically increasing compared to background traffic. Each packet contains only a single new character appended to the query.
  2. Percent-encoded URL characters occupy 3 bytes, characters occupy 1 byte.
  3. HTTP2 header compression leaks some information about each character in the query.
  4. Packet timings reveal keydown events in the browser.

See these papers for more details:

For background on keylogging side channels, see:

Setup

The kreep python package provides a command kreep.

$ pip install https://github.com/vmonaco/kreep/archive/master.zip

Usage

kreep takes a pcap as input. The pcap should contain network traffic to a search engine with autocomplete (only Google and Baidu are currently supported). It prints a list of search query hypothesis. To use the default parameters, provide only the name of the pcap file:

$ kreep [pcap]

Full usage

usage: kreep [-h] [--language LANGUAGE] [--bigrams BIGRAMS]
         [--website WEBSITE] [--k K] [--alpha ALPHA]
         pcap

Keystroke recognition and entropy elimination program

positional arguments:
  pcap                 filename of the pcap

optional arguments:
  -h, --help           show this help message and exit
  --language LANGUAGE  filename of the language model (.arpa format)
  --bigrams BIGRAMS    filename of the keystroke timing model (.csv format)
  --website WEBSITE    name of the website. Currently supported are: google,
                       baidu. If not specified, try to guess.
  --k K                number of hypotheses to generate
  --alpha ALPHA        weight of the language model

Example

$ kreep examples/google.pcap --k=10
you know the
the very top
the work the
you know all
the very the
the work has
can work out
was very the
the very ill
can work for

Limitations

  • Currently supported search engines are Google and Baidu
  • Queries must contain only lowercase alphabetic characters and the space key
  • Query words must appear in the language model
  • Victim cannot copy/paste a query, press Delete or Arrow keys, or move the caret in any other way
  • Works only up to the point the victim selects a query from the autocomplete suggestions

About

Keystroke Recognition and Entropy Elimination Program

Resources

License

Releases

No releases published

Packages

No packages published

Languages