Why not pick up a keystroke logger and install it on the employee's computer? That will log all keystrokes he makes. If you know the name of the virtual hard drive site, then just search for that and you'll be in the right section of the log file the logger creates. If the user has the site bookmarked with a saved password/url then it would be just as easy to access the PC and have access to the bookmark/favorite and find out the password that way too.
Chris -----Original Message----- From: Luca Marchiori [mailto:[EMAIL PROTECTED] Sent: Friday, January 07, 2005 6:49 AM To: Henrik Nordstrom Cc: [email protected] Subject: Re: [squid-users] grab password from url Hi Henrik. > So your real question is if it is possible to determine with the help > of Squid if this employee is uploading confidential information to a > third party web site. No ! My REAL (and original) question is if it is possible to grab user and password from an url. Sorry, but I heat when one change my question because "I'm sure you intend this question and not the original one you made". I am a consultant, my customer wanna know user and password for the virtual hard drive and I have to give it him. Stop. We already know the employee is uploading confidential information to the internet. > >From the Squid logs you can easily tell what web sites the user is > visiting, and how often. Already done! This is the way I discovered the abnormal traffic. > If you think this is being done and is done in good faith then the > best action is to simply ask the employee if he is doing this or if he > is aware what the implications of doing so would be. Not technical and/or squid matters. I'm not payed for asking employees, I'm payed for discover the password. > Generally speaking, if the web site is https based then all you can > see is the amount of traffic going in both directions, but if it is > http based then everything can be seen (just dump the network traffic > and analyze it). This is not directly related to Squid but any Internet usage. Already done! HTTPS. Traffic confirm our suspect. We need user/password, remember ? :-) > In an ethical point of view stealing the users personal login details > to this third party web site by analyzing his traffic is very dubious > in my view, and probably illegal in many countries. My customer knows all. He pays me for technical things and he will pay lawers for them things. >You surely should be able to > make up better approaches in proving/disproving the claims of >Internet connection abuse. Already done with a HW keylogger (fantastic toy !). Sorry again If i was acid in this mail. Bye from Italy and Happy 2005 !!! LM
