git clone https://github.com/TryCatchHCF/PacketWhisper.git
Then I need to point the target machine (Ubuntu Server 20.04) to my pentest machine for any DNS queries, for this I just edited the netplan .yaml config file located in /etc/netplan/something.yaml. Highlighted in red are the changes I made (don't forget to run sudo netplan apply after you make the change):
After that I ran Wireshark on my pentest machine, with Wireshark running I fired up PacketWhisper on the target machine, I chose the first option at each step as it doesn't really matter how visible the traffic is in my test. It's important you remember the options picked as you need to use the same options when extracting the content on the other side.
I did have to copy the file I was transmitting (/etc/passwd) to the PacketWhisper folder as for some reason it would not generate the random subdomains when using a full path to an alternative location. Once I started the transmission Wireshark begins to display the relevant traffic:
Very much worth noting, it took around 1 hour to transmit the passwd file. Once done I saved the Wireshark capture file in the tcpdump pcap format. Then I fired up PacketWhisper on my pentest machine and chose the option: "2) Extract File from PCAP" selecting the same options picked during the transmission phase.
