0

I am designing a software to record only the URL visited by students while giving exam. So I somehow need to know which IP is visiting which site.

I will have a list of all the IPs of students. I just need a way to find out what sites they are visiting. For this I tried Kismet and was able to generate the .pcapdump file which has the details of all the packets. The network is open and unsecured so I was able to get the list of all the IPs but couldn't see the URL they visited.

Steps:

OS: Backtrack Linux 5

Start Kismet on wlan0

Run the following command to convert .pcapdump to .txt through tshark

$ tshark -r /path/Kismet.pcapdump >> log.txt

Read log.txt for IP -- This shows all the student IPs But need to get the URL visitd by those IP too.

Is kismet the right way to go? I have to automate this whole thing so I cannot use Wireshark and manually convert the files so I choose Kismet.

I need to be able to generate alert or some other activity as soon as a URL (like www.google.com) is visited by any of the IP in the database.

ldav1s
  • 15,885
  • 2
  • 53
  • 56
Sumitk
  • 1,485
  • 6
  • 19
  • 31
  • 1
    Before you spend lots of work on this: a) There are notebooks with build in 3G hardware. b) The students might use an encrypted tunnel which is a good idea anyway on a insecure network. c) The students might use chat software. My school had a simple but extremely effective solution for this issue: A huge mirror at the back wall, so that the teacher was able to see all screens. It did help against playing games during lectures, too. And it does not raise the legal issues because wire-trapping is illegal in many countries. – Hendrik Brummermann Oct 25 '11 at 06:25
  • What you are saying is totally correct but the idea here is to have an internal server inside campus for student to connected to college wifi so 3G wont be a problem. But I am not sure how `"encrypted tunnel"` works. Is it still possible to read the header for readable text as URL? For the legal issues I would be modifying Kismet to drop the message of each packet. This way I'll be able to track all the IPs visited by each student and still not see their data. I know they still can change the MAC/IP-address for which I can let them poll the server with their details & if changed - flag them. – Sumitk Oct 26 '11 at 07:25
  • @Sumitk - Students can connect to an encrypted VPN if they do this, then all their data is encrypted, and the only traffic you know about is between the student and the VPN itself. What purpose does it serve to know what websites a student visits? What business is it of yours to know this information? I never use a public WiFI connection without using a VPN connection. – Security Hound Oct 26 '11 at 12:52
  • "The network is open and unsecured so I was able to get the list of all the IPs but couldn't see the URL they visited." - This just makes me want to cry a little. Please do not provide an unencrypted open wireless network thats just horrible. – Security Hound Oct 26 '11 at 12:58
  • Well the open network was the decision of the college and I can't do anything about it. There is a proxy verification though so anyone can connect but not everyone can use internet. I also have the case for VPN in mind and I am trying to find a pattern which can tell me if there is a VPN session established from the ip giving the test. About the websites visited by students - well if they are giving an exam they can open only few white-listed sites and it is the main purpose of exam to not let students cheat by opening say google! – Sumitk Oct 28 '11 at 08:45

2 Answers2

1

I believe you would want to look like squid/squidguard type of setup if you want to let your students to access only certain "white-listed" sites during the exam duration. It can be done for the IP Addresses of the student's PC (If they are static) or you can create username/passwords and apply the rule on them.

Riazuddin
  • 11
  • 1
0

I think you want to use something more like dsniff's urlsnarf. There's some good tutorials on the internet on how to use it (check the backtrack forums)

ash
  • 1