Re: Script for sniffing traffic.
Thanks for the continued updates. I haven't had a chance to run it again yet, but am poking through the code. Couple of things:
1. The add_target function doesn't seem to use the target IP in the title. This is done now in the initially created arpspoof commands, just not the ones from the add_target call.
2. I couldn't get the demo video to play. May have just been me. I'll try it again later. I hit the "Demo Video" button and it poped up the viewer, but it just never started. The progress bar kept spinning.
3. In the loop parse, I still don't have any great ideas. It may be better to have a button to request refresh rather than auto refreshing every 5 seconds. At least this way you'd have the chance to scroll through or copy paste if needed. Of course if you can figure out a way to request a pause while it auto refreshes that would be even better. What about if you wrote to a file and then ran the tail command to continually monitor that file for new data and display the tail output in the window: "tail -f filename"
Re: Script for sniffing traffic.
Hi all!
That's I see in the file yamas.pass.txt - but... And where are passwords!? Thanks!
Login = 3Y%2DQD8M5NERYLLMCCL4EIFRYFVVB4BT9
Login = '+encodeURIComponent(document.getElementById('emai l_toemail').value)+'
Password = ' + document.getElementById('edit_password').value;
Login = kimble
Login = "http://nht-2.extreme-dm.com/n2.g?login
Login = kimble
Login = "http://nht-2.extreme-dm.com/n2.g?login
Login = '+encodeURIComponent(document.getElementById('emai l_toemail').value)+'
Password = ' + document.getElementById('edit_password').value;
Login = kimble
Login = "http://nht-2.extreme-dm.com/n2.g?login
Login = '+encodeURIComponent(document.getElementById('emai l_toemail').value)+'
Password = ' + document.getElementById('edit_password').value;
Login = kimble
Login = "http://nht-2.extreme-dm.com/n2.g?login
Login = 3Y-QD8M5NERYLLMCCL4EIFRYFVVB4BT9
Login = "+a(h):"",google.j
Re: Script for sniffing traffic.
im testing the lastest version v0.8 and doesnt seems to show the logins and passwords
Re: Script for sniffing traffic.
Quote:
Originally Posted by
ShortBuss
Thanks for the continued updates. I haven't had a chance to run it again yet, but am poking through the code. Couple of things:
1. The add_target function doesn't seem to use the target IP in the title. This is done now in the initially created arpspoof commands, just not the ones from the add_target call.
2. I couldn't get the demo video to play. May have just been me. I'll try it again later. I hit the "Demo Video" button and it poped up the viewer, but it just never started. The progress bar kept spinning.
3. [looping, parsing, tailing stuff]
1. DONE
2. Works for me ! Maybe a codec problem ? Try again ;) (also might take some time to load, even if the vid is only 2Mo...)
3. cf end of post.
Quote:
Originally Posted by
portos
Hi all!
That's I see in the file yamas.pass.txt - but... And where are passwords!? Thanks!
Login = 3Y%2DQD8M5NERYLLMCCL4EIFRYFVVB4BT9
Login = '+encodeURIComponent(document.getElementById('emai l_toemail').value)+'
Password = ' + document.getElementById('edit_password').value;
That's just junk, but you should know it since you were the one to type in the password, right ? You are using it on your own personal network, targeting yout own machine right ?
Anyway, that's output from the old parsing method, so I suggest you update : there is now a lot less junk, and the website from which credentials were sniffed are displayed !
I also added an option to tail the log file, in order to make sure we are sniffing traffic.
Those last two feature must be tested though, since I couldn't much, lacking of time, and having had a horrible connection when I tried.
So, update, report, enjoy !
[Current version as of 03/06/11 : v0.8.1]
Re: Script for sniffing traffic.
The new install and update work perfectly for me now. I'll try out the new version soon.
Re: Script for sniffing traffic.
I like what you did with the realtime password detection. I have that as a todo in easy-creds. I am just wondering if things don't get missed with so many "custom" values for usernames & passwords. Seems like that egrep line of code would just continue to grow.
It might make sense to have a defs file and then let your scrip run against that. Just call a script to parse the sslstrip log against a def file every 10 secs or so.
I have noticed as I continue to use the script I find values that are not currently caught by the defs file in easy-creds and add them as I go.
Great script. With ettercap behaving badly in BT5 ARP spoof may have to be the way to go. Kind of hard though when you are trying to poison 100 systems or so.
Caught a cred with easy-creds that cain didn't pick up. (port 389 traffic) Was able to crack the corp with it. Always great to have another tool in the bag like this script, thanks for sharing.
Happy hunting!
P.s. I'm gonna "borrow" your real-time detection if that's ok with you.... :cool:
Re: Script for sniffing traffic.
Quote:
Originally Posted by
ericmilam
I like what you did with the realtime password detection. I have that as a todo in easy-creds. I am just wondering if things don't get missed with so many "custom" values for usernames & passwords. Seems like that egrep line of code would just continue to grow.
It might make sense to have a defs file and then let your scrip run against that. Just call a script to parse the sslstrip log against a def file every 10 secs or so.
I don't think anything gets missed ; in all my test, i never missed anything, and nobody ever reported about not finding anything, so I believe it's efficient ! The egrep line is not very pretty, for sure but I can't seem to do that in awk... In which case I'd just do a parser.awk script...
Before doing this script, I found yours, and as I posted before (in BT4 forums) I didn't like the definition file thing, for the simple reason it's restricitive, and it requires a second file (btw, why not generating it instead of downloading it as a separate thing ?). I never got to add things to your defs file so I thought "fcuk it, i'll do my own", and that's how I started !
Quote:
Originally Posted by
ericmilam
Great script. With ettercap behaving badly in BT5 ARP spoof may have to be the way to go. Kind of hard though when you are trying to poison 100 systems or so.
Thanks ! I'll trust you about attacking a 100 systems with arpspoof, since I never got to do more than about a ten at a time !
Quote:
Originally Posted by
ericmilam
Caught a cred with easy-creds that cain didn't pick up. (port 389 traffic) Was able to crack the corp with it. Always great to have another tool in the bag like this script, thanks for sharing.
Once again, thank you ! I hope this helps !
Happy hunting!
Quote:
Originally Posted by
ericmilam
P.s. I'm gonna "borrow" your real-time detection if that's ok with you.... :cool:
That would be an honour, please do ! If you can add some credits, that would be perfect, if not, I won't sue you nor hold any grudge against you ;)
Re: Script for sniffing traffic.
Quote:
Originally Posted by
comaX
I don't think anything gets missed ; in all my test, i never missed anything, and nobody ever reported about not finding anything, so I believe it's efficient !
Well, I would just say it hasn't been tested enough places yet ;) You'll find that different sites have diff values and though you've done a great job grabbing the most common, you'll find you'll need to continue to add to that egrep statement. How do you think Cain does it? It has a large set of values for username & password that it compares against.
You may not have the same defs file as easy-creds, but you are trying to do the same "magic" in your egrep/awk line of code. I know because I tried too and the best way, or what I found for me the most accurate way was to build a specific defs file. The defs file can and should be added to. I recently made a post on how to do it.
I've got a red team pt in a few weeks, I'll give your script a run and provide feedback. In the end though, I think you may end up succumbing to a defs file...perhaps one just more elegant than mine ;)
Re: Script for sniffing traffic.
Quote:
Originally Posted by
ericmilam
Well, I would just say it hasn't been tested enough places yet ;) You'll find that different sites have diff values and though you've done a great job grabbing the most common, you'll find you'll need to continue to add to that egrep statement. How do you think Cain does it? It has a large set of values for username & password that it compares against.
You may not have the same defs file as easy-creds, but you are trying to do the same "magic" in your egrep/awk line of code. I know because I tried too and the best way, or what I found for me the most accurate way was to build a specific defs file. The defs file can and should be added to. I recently made a post on how to do it.
I've got a red team pt in a few weeks, I'll give your script a run and provide feedback. In the end though, I think you may end up succumbing to a defs file...perhaps one just more elegant than mine ;)
Yeah, I found your post about how adding them just yesterday, and it seemed pretty obvious... I don't know what I did wrong ! It's a great script you have there though, and my only problem with it really was that defs file ! But that's just a personal preference, I'm not saying it's bad ;)
Your feedback will be very welcomed, I'm looking forward to reading it ;) I'll give again a try to yours to, since I tested it a while ago.
Thanks again, cheers !
Re: Script for sniffing traffic.
