USB Keyboard capture parser

During a recent CTF I had to extract keys from a USB Keyboard capture, and (as usual) decided to create a simple Python 3 script to parse the original keys.

As shown on the Gist below, this script takes any .pcap file and optionally the path to the tshark executable, and:

1. extracts the relevant data from the capture file to a temporary .txt file, using tshark
2. parses each line from this file and extracts the relevant data, namely the key value and whether or not the Shift key was pressed
3. maps the key value and shift to the corresponding symbol on the keyboard
4. removes the temporary file
5. prints the resulting string

As an example:

~ python3 mousejack.py -f mousejack.pcapng -t /Applications/Wireshark.app/Contents/MacOS/tshark

> flag{usb_sniff_sniff}