Re: Script for sniffing traffic.
I'm installing BT in a VM so I don't have to reboot each time an idea pops into my head, forcing me to... yes, stop my music. So, I should from now on be more reactive. I then shall start with what you just posted. I'll see what I can make of it.
There will probably be an update in the next few days since some people are experiencing trouble with looping the parsing. It had been a while I didn't test it and it seems Facebook sends way too much crap. Am I the only one to get that ? Yes it's still cleaner than looking at sslstrip's logs, but hell, it looks awful. I'll see if I can manage something.
Edit : Updated ! I'm feeling quite good about the modifications made to the parser. Tell me what you think ! It still works with every site I tested.
Edit2 : Shadow Master, wait a bit before I give feedback to you ideas ;)
Re: Script for sniffing traffic.
I shall wait. :)
BTW, the idea itself can be incorporated with an absolute minimum of fuss from the filter I gave, the only issue would be that it can never replace the original filter template, and that even if the script was started with arpspoof, it must be continued with ettercap. I look forward to when this is added to your script. :)
Also, if you go on IRC at all, you should come to #offtopicsec where we can talk more in depth and more responsively about these things.
Re: Script for sniffing traffic.
Ok, so I read the article. It's very interesting indeed. I think I might implement something similar but not to the full extent. I mean, I could implement html code modifications on the fly, which would allow someone who knows what he's doing to do what you intended. I'll do tests and stuff, and get back to you.
Re: Script for sniffing traffic.
I've been obsessing over this for the past few days, and the algo I came up with was this:
Start the script the way it normally starts.
Add an option in additional tools for iframe injection.
If the user runs it, warn him that it will turn off arpspoof and run ettercap.
If the user clicks yes, kill arpspoof, then:
Ask the user for the redirection URL to inject.
Echo the contents of that filter with the redirection URL into a file.
Use ettercap to compile that file.
Run ettercap with the previous port, ip, and netmask to spoof settings, and add the filter to the command.
(At this point everything is the same as if the user had run "yamas -e" but there is the added benefit of the filter.)
Warn the user that the only thing he has accomplished was that the victim will somehow send HTTP requests to the redirection UR, and that the user must supply his own listener to respond to those requests. (This prevents sk1dd13s from seeing your tool as a one-stop pwn tool.)
Move on with the script as normal, with a seperate window logging the ettercap replacement messages.
Tell me what you think...
Re: Script for sniffing traffic.
Yep! Works with my setup!
Thank you!!
Re: Script for sniffing traffic.
Perrrffeccttt :D
working well!
Re: Script for sniffing traffic.
Hey, SM (no pun intended)! I just saw your post (or I forgot I saw it). I have very little time on my hands, but I started working on a more-to-the-point version on Yamas, that will include that. Can't say when I'll be done with it, I'm really over booked by studies.
It's on the way though...
Re: Script for sniffing traffic.
hi man,
firs of all i have to congratulate u for this work, its really awesome.
i have it on my n900 for some time now, works flawlessly.
I just downloaded the last script on your site though "20120827" and tried to run it on BT5R3 VM, and it seems not to work as it is intended..
did you had any kind of issue on this ?
running the scripts seems to do nothing..
if you ^C it, it will output the intended output..
but it wont show any kind of options/menu or anything if you let the script run...
it seems its not getting out of the Update_process.. (just debugging with echo "test" around.. lol )
any insights ?
BTW its a recently downloaded VM with nothing modified on it..
Re: Script for sniffing traffic.
Comax, I have never have any problem with with script, no matter what version, I think its wonderful and as long as you keep updating it, I'll keep on using.
Many of us have not thanks you enough for it, there are many people afraid to write a few letters in the post. because they get "----" by others, so I think most people are very cautious about, what to ask and how to phase it. (ref: Why is this forum dying or something like it)
I think you have done a wonderful job and we are lucky to have share it.
I will shut up before somebody may have a different say about expressing thanks to you
Thanks Comax
Re: Script for sniffing traffic.
Quote:
Originally Posted by
airwolf3000
Comax, I have never have any problem with with script, no matter what version, I think its wonderful and as long as you keep updating it, I'll keep on using.
Many of us have not thanks you enough for it, there are many people afraid to write a few letters in the post. because they get "----" by others, so I think most people are very cautious about, what to ask and how to phase it. (ref: Why is this forum dying or something like it)
I think you have done a wonderful job and we are lucky to have share it.
I will shut up before somebody may have a different say about expressing thanks to you
Thanks Comax
i used this script against my smart phone and laptop win 7 with the latest security software and did not let me down. i have said thank you thank you before and here i am again saying big thanks to comax :-)
