Page 1 of 23 12311 ... LastLast
Results 1 to 10 of 222

Thread: Script for sniffing traffic.

  1. #1
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Post Script for sniffing traffic.

    There are a lot of those scripts, hence the name : Yet Another Mitm Automation Script.
    It was originally made for BT4r2 but I "ported" it to BT5, corrected a few bugs and added a few features.

    I can't post the script here without raising some kind of warning due to massive use of certain words for parsing, but please review the source at http://yamas.comax.fr
    You will be able to view the source, download the script and view a demo video.

    It works just great for me, so I hope it will for you too.

    Current main features are :
    - Real-time output of creds without definition files : any credential, from any website should show up, as well as the site it was used on !
    - Log parsing for user-friendly output.
    - DNS spoofing once attack is launched
    - Network mapping for host discovery.
    - Can save dumped passwords to file as well as the whole log file.
    - Support for multiple targets on the network, as well as adding targets after attack is launched.
    - Sslstrip checking (existence, executable, directory, check version, update...)
    - Standalone script, updatable, interactive (new !).

    Please don't hesitate to give me your feedback, I'm always looking for new ideas, and ways to improve it !

    Check http://comax.fr/yamas.php for more infos, video, other platform versions and an article about how to protect you from it !

    [Current version as of 02/02/2012 : 20120202 ]
    Last edited by comaX; 06-22-2012 at 12:42 AM. Reason: Needed some updates !
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  2. #2
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    10

    Default Re: Script for sniffing traffic.

    Thanks.
    Have used this before, thanks for porting/updating.

    Is it possible that a modem is immune for ARP poisoning? Since I have this new modem I keep failing at doing a successful attack.
    Do you want to contact me?
    Thanks.

  3. #3
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Script for sniffing traffic.

    Try arp poisoning only one way
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  4. #4
    Member
    Join Date
    Sep 2010
    Location
    Eastern Island
    Posts
    96

    Default Re: Script for sniffing traffic.

    oops..... link error.... please review your link.. thank you.

  5. #5
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re : Re: Script for sniffing traffic.

    Quote Originally Posted by sostentado View Post
    oops..... link error.... please review your link.. thank you.
    Oops, corrected now, thank you !

    EDIT : disregard text in brackets ; I found a way to do that. It's home-made workaround, but it works !
    [Script-wise, I found a way to loop the parsing process every x seconds (wasn't that hard after all...) and it works just the way I wanted it to, but when I try to pass the function to xterm, it closes immediately. Maybe functions can't be executed in xterm ? That would be logical if xterm doesn't have access to the script*, hence it would not know the function. Any idea ?

    *I mean that xterm is like launching a new console, so the function is not defined for the xterm window. ]


    Bottom line : as attack is running, credentials are displayed as they are sniffed !

    Again, please give your feedback so I can improve it ! Anything really, even grammar.
    Last edited by comaX; 05-15-2011 at 05:46 PM. Reason: a bunch of stuff
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  6. #6
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    10

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by sickness View Post
    Try arp poisoning only one way
    Alright thanks, worked.

  7. #7
    Senior Member
    Join Date
    Apr 2006
    Posts
    154

    Default Re: Script for sniffing traffic.

    hey man...why should we "arp poison" ? doesn't the script do this job already? (please,explain...) many thanks!

  8. #8
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Yes, it does the arp poisoning, with arpspoof. I'll let someone else explain since I don't have much time, or I'll come back to edit

    Editing time it is ! So, I believe that when sickness speaks about one-way poisoning, he tells you to poison only the victims, and not the whole network, in which case you can also poison the router, and the router might detect the poisoning (please, anyone, correct me if I'm wrong !).

    Script-wise, this means you'd better use the feature to target only a few hosts rather than the whole network.

    Anyway, yes, the script "does" the arp poisoning !
    Last edited by comaX; 05-17-2011 at 12:16 PM.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  9. #9
    Just burned his ISO
    Join Date
    May 2011
    Posts
    1

    Default Re: Script for sniffing traffic.

    great little script

    I don't really know how you could make it better, maybe os detection?

  10. #10
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by oxycodine View Post
    great little script

    I don't really know how you could make it better, maybe os detection?
    Thanks
    Since I made it for BT4, and ported it to BT5, and both are still accessible, I don't feel it's very necessary... Maybe you are talking about different linux distros ?
    Could be something, provided I also include ways to download the needed applications. But that would be a little bit out of the "script thing".

    Maybe some bugs found ? More comments should be added ?
    Since I updated it a little bit, I didn't really paid attention to "UI"... Something to change on that ?

    Thanks again for you message, I'll keep the OS detection somewhere in my head, probably for when I will have succeeded porting it to python !
    Running both KDE and GNOME BT5 flawlessly. Thank you !

Page 1 of 23 12311 ... LastLast

Similar Threads

  1. Sniffing SSL Traffic on any application?
    By mortalz in forum Beginners Forum
    Replies: 3
    Last Post: 01-02-2011, 03:36 AM
  2. Replies: 10
    Last Post: 07-12-2010, 03:04 PM
  3. sniffing traffic
    By samer in forum OLD Pentesting
    Replies: 3
    Last Post: 03-27-2009, 01:39 PM
  4. Sniffing traffic between AP and Client.
    By cool_recep in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-11-2008, 09:33 AM
  5. Sniffing Webcam traffic? How to do it?
    By Back|Track_user in forum OLD BackTrack v2.0 Final
    Replies: 2
    Last Post: 12-06-2007, 06:30 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •