Results 1 to 5 of 5

Thread: Extracting files & Info from network captures

  1. #1
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Extracting files & Info from network captures

    • Based on being fully connected to the wireless network
    • Using a MiTM attack with ettercap
    • Saving network data as pcap file
    • Running pcap file through chosen tools for data examination


    video ;
    Extracting files & Info from network captures

  2. #2
    Junior Member skidmarq's Avatar
    Join Date
    Jan 2010
    Posts
    88

    Default Re: Extracting files & Info from network captures

    Great video, thanks for posting.

    I haven't used URLSNARF before but this looks like a handy tool for quickly ripping out all accessed URLs from a network capture!

  3. #3
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    23

    Default Re: Extracting files & Info from network captures

    Tape, thanks for the video. After watching, I decided to try to make the process faster and more automated,, Threw together a script give it a whirl and let me know what you think!

    Code:
    #!/bin/bash
    filename=`echo $0 |tr -d .sh |tr -d /`
    
    fna=$filename"_log"
    
    echo "Enter your '.cap' file location/name"
    echo "Ex: /root/media/packets/lab/packets.cap"
    echo -n "-> "
    read fn
    
    mkdir $fna
    mkdir $fna/`date +%m%d%y%H%M`
    
    while :
    do
    echo ">>>>>>>>MENU<<<<<<<<"
    echo "1) Run URLSNARF (Grabs URLS)"
    echo "2) Run DriftNet (Grabs Images)"
    echo "3) Run ForeMost (Grabs Files and Images)"
    echo "4) Run URLSnarf and ForeMost"
    echo "5) Exit"
    echo "Please enter an option 1-5"
    echo -n "-> "
    read opt
    case $opt in
            1) echo "+++++++++URLSNARF+++++++++";
    		mkdir $fna/`date +%m%d%y%H%M`/urlsnarf
            	urlsnarf -p $fn > $fna/`date +%m%d%y%H%M`/urlsnarf/urls.txt;
    		echo "UrlSnarf Complete";;
    	2) echo "+++++++++DriftNet+++++++++";
    		mkdir $fna/`date +%m%d%y%H%M`/driftnet;
    		tcpreplay -i lo $fn &1;
    		driftnet -i lo -a -d $fna/driftnet/;
    		echo "DiftNet Complete";;
    	3) echo "+++++++++ForeMost++++++++++";
    		mkdir $fna/`date +%m%d%y%H%M`/foremost;
    		foremost -i $fn -v -o $fna/foremost/;
    		echo "ForeMost Complete";;
    	4) echo "+++Running Multiple Methods+++";
    		mkdir $fna/`date +%m%d%y%H%M`/urlsnarf;
    		mkdir $fna/`date +%m%d%y%H%M`/foremost;
    		urlsnarf -p $fn > $fna/`date +%m%d%y%H%M`/urlsnarf/urls.txt;
    		foremost -i $fn -v -o $fna/`date +%m%d%y%H%M`/foremost/;
    		echo "All Extractions Completed";;
            5) echo "Later!";
            	exit;;
            *) echo "$opt is an invalid option.  Please select option 1-5 only";
               	echo "Press enter to continue...";
               	read enterKey;;
    esac
    done
    P.s. I know this script is very simple, it was something I threw together in a few minutes but I will admit Im new to this, any comments, suggestions, tips, ideas are GREATLY apreciated.

  4. #4
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Extracting files & Info from network captures

    I haven't tried to run it, but from reading it, I like it !!

    Only suggestion I would have is to actually have the driftnet images first downloaded to a temp directory, and then moved from the temp
    directory to the driftnet directory (when driftnet is stopped, all the images will be deleted and lost otherwise).

  5. #5
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    23

    Default Re: Extracting files & Info from network captures

    Thanks for the idea! I was actually thinking of doing something like that with it, but my problem was that whenever I ran driftnet, the driftnet script wouldnt terminate, and I dont know how to force it to be killed when it stops outputting data.

Similar Threads

  1. ARP Poisoning 101 (Not sniffing info...)
    By Whiskey in forum Beginners Forum
    Replies: 12
    Last Post: 07-15-2010, 02:12 AM
  2. Saving Files to USb
    By jimmyd in forum Beginners Forum
    Replies: 4
    Last Post: 03-11-2010, 05:43 PM
  3. Can't Find my Card Info
    By ginx10k in forum Beginners Forum
    Replies: 3
    Last Post: 02-07-2010, 06:52 PM
  4. i need info and help on setting up a wpa crack cluster
    By djurban in forum Beginners Forum
    Replies: 1
    Last Post: 01-25-2010, 09:52 PM
  5. temp files
    By Mr-Protocol in forum Beginners Forum
    Replies: 1
    Last Post: 01-21-2010, 03:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •