Page 11 of 23 FirstFirst ... 91011121321 ... LastLast
Results 101 to 110 of 222

Thread: Script for sniffing traffic.

  1. #101
    Just burned his ISO
    Join Date
    Nov 2011
    Posts
    3

    Default Re: Script for sniffing traffic.

    Hello comaX,

    First of all, thanks for sharing your script... I was testing it and noticed the victims can't play youtube while the script is running. I tested with Chrome and Safari with the same results. The videos seems to be loading but doesn't load and so, doesn't play. The script works great, but the stealth factor starts to fail when the victims guess something is weird. Is there a fix for it? Thanks in advanced.

  2. #102
    Member
    Join Date
    Apr 2010
    Posts
    51

    Default Re: Script for sniffing traffic.

    Nice script. It works in my BT5R1 KDE 32 like a charm. I have some problems in ssl, cause I can't get passwords from SSL sites.
    Maybe it's my problem I don't know. The settings seems to be ok

    @JUUJUU: If you want to see what sites the clients visit try: urlsnarf -i wlan0 (In wlan0 enter your interface, e.g. eth0, wlan0, wlan1 etc)

  3. #103
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by khaos View Post
    Nice script. It works in my BT5R1 KDE 32 like a charm. I have some problems in ssl, cause I can't get passwords from SSL sites.
    Maybe it's my problem I don't know. The settings seems to be ok
    Are you sure you're not logging on in the test case in https://... If you are then being the MiTM won't help, because all traffic is encrypted anyway. You need to make sure SSlStrip is taking away the HTTPS and making it HTTP only. If it's not, then try using the ettercap option and spoofing the ssl connection. Although that might take some social engineering to work in the wild... If the options that I suggested to ComaX (Allowing user input for the decision of either fake ssl, sslstrip, padlock icon, fake certificate etc...) get put in place, then it'll be easier. But until then good luck.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  4. #104
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    If the options that I suggested to ComaX (Allowing user input for the decision of either fake ssl, sslstrip, padlock icon, fake certificate etc...) get put in place
    Damn, I forgot about those. Sorry.
    It's been a while I didn't write anything new.
    About the padlock icon, don't you think it's better to leave it the way it is ? Do you think some people might not want it ? If so, I will make that an option.
    I'll try to work on the other stuff you mentioned to, if I have the time.

    Cheers !
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  5. #105
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    I think that the initiation of the script should look like this
    ./yamas
    (a)rpspoof or (e)ttercap?
    if a then keep all the defaults the way they are

    if e then
    do you want to (s)trip the ssl connection or to s(p)oof it?
    if s then keep defaults and do you want to add the (p)adlock icon in the users browser?

    if p then
    do you want to use a fake certificate or not?Y/n?

    the flow of this will allow the user to define all his own options and still provide the functionality of the other options to those who want them. Let me know. Thanks. Still looking forward to the update.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  6. #106
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    AHH double post sorry!! Screwed up browser on a slow computer....
    Last edited by ShadowMaster; 11-24-2011 at 10:46 PM. Reason: Moderators, please delete...
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  7. #107
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    (a)rpspoof or (e)ttercap?
    if a then keep all the defaults the way they are

    if e then
    do you want to (s)trip the ssl connection or to s(p)oof it?
    if s then keep defaults and do you want to add the (p)adlock icon in the users browser?

    if p then
    do you want to use a fake certificate or not?Y/n?

    the flow of this will allow the user to define all his own options and still provide the functionality of the other options to those who want them. Let me know. Thanks. Still looking forward to the update.
    I'll leave the ettercap option as a parameter passed to the script, but I think I'll use this kind of menu, it's a good idea ! By the way, if you have an idea of how to script this, you can submit it to me and you'll get the proper credits

    My main problem is that I never much used ettercap for the ssl stuff because I think it's bad SE, but surely I understand why someone would want that, so it makes sense to add it.

    Cheers

    Btw, is it me or is the site going really slow those last couple of weeks ?
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  8. #108
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by comaX View Post
    I'll leave the ettercap option as a parameter passed to the script, but I think I'll use this kind of menu, it's a good idea ! By the way, if you have an idea of how to script this, you can submit it to me and you'll get the proper credits

    My main problem is that I never much used ettercap for the ssl stuff because I think it's bad SE, but surely I understand why someone would want that, so it makes sense to add it.

    Cheers

    Btw, is it me or is the site going really slow those last couple of weeks ?
    It might be just the two of us, its been sluggish for me as well.

    So. The "new" flow looks like this.
    ./yamas - same old, same old.
    ./yamas -e
    Do you want.... (all the previous menu options.)

    BTW, I'm not sure what you mean Bad SE?
    Any way, I've never really scripted anything in bash, but I've got years of experience with c and .net, so it might be ported. That being said, if I knew what I was doing in bash, I would write it like so:
    All vars would be booleans

    var=(strip or spoof?)
    if strip then var1=(padlock?)
    if var1 then
    run command w/ padlock, exit function/loop
    if not var1 then
    run command w/o padlock, exit function/loop

    if spoof then var1=(add cert?)
    if var1 then
    run command w/ cert, exit function/loop
    if not var1 then
    run command w/o cert, exit function/loop


    This psuedocode could be ported to bash fairly easily, I just don't know how... But I leave that to the experts like you.
    Let me know. Thanks.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  9. #109
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    I wouldn't call myself an expert at all, but thanks ! I guess I'll have to do some reading on ettercap's functionnalities.
    By "bad SE", I mean that any decent browser these days would say "bad cert, don't go there", I can't imagine someone thinking "You know what browser ? F*ck you, imma going' there !"

    I guess I still want to believe in humanity after all

    EDIT :
    I came across a MAJOR problem while working on this... Unless I understood something the wrong way, you either spoof ssl connection with ettercap's fakessl (which includes fakecert), and you WILL have https etc or you use sslstrip to get rid of the ssl.

    But you can't do both at the same time.

    So including fakessl would mean disable sslstrip, which will mean that the password parsing won't work, which pretty much defeats the whole goal of the script.

    Correct me if I'm wrong !

    Meanwhile, I'll keep digging.

    EDIT :
    @AnimusDomini
    Hello comaX,

    First of all, thanks for sharing your script... I was testing it and noticed the victims can't play youtube while the script is running. I tested with Chrome and Safari with the same results. The videos seems to be loading but doesn't load and so, doesn't play. The script works great, but the stealth factor starts to fail when the victims guess something is weird. Is there a fix for it? Thanks in advanced.
    I believe, it was posted retroactively... So, as I told you, I never experienced such a thing, but it would make sense if the videos were slow to load. I'll ask people to provide feedback in the "message of the day" in the script, hoping people actually read it ^^
    Last edited by comaX; 11-26-2011 at 09:15 AM.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  10. #110
    Member
    Join Date
    Apr 2010
    Posts
    51

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by ShadowMaster View Post
    Are you sure you're not logging on in the test case in https://... If you are then being the MiTM won't help, because all traffic is encrypted anyway. You need to make sure SSlStrip is taking away the HTTPS and making it HTTP only. If it's not, then try using the ettercap option and spoofing the ssl connection. Although that might take some social engineering to work in the wild... If the options that I suggested to ComaX (Allowing user input for the decision of either fake ssl, sslstrip, padlock icon, fake certificate etc...) get put in place, then it'll be easier. But until then good luck.
    thanks for your reply but I didnt understand what you mean. I have run yamas and when I tried to login in my test pc ("victim") in gmail via: https://gmail.com doens't strip the ssl.

    Maybe I have not understand how sslstrip works. I think that sslstrip removes the ssl and the site will be http://gmail.com and not givint a fake ssl certificate to the victim (as cain and abel). So what I have wrong?

Page 11 of 23 FirstFirst ... 91011121321 ... LastLast

Similar Threads

  1. Sniffing SSL Traffic on any application?
    By mortalz in forum Beginners Forum
    Replies: 3
    Last Post: 01-02-2011, 03:36 AM
  2. Replies: 10
    Last Post: 07-12-2010, 03:04 PM
  3. sniffing traffic
    By samer in forum OLD Pentesting
    Replies: 3
    Last Post: 03-27-2009, 01:39 PM
  4. Sniffing traffic between AP and Client.
    By cool_recep in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-11-2008, 09:33 AM
  5. Sniffing Webcam traffic? How to do it?
    By Back|Track_user in forum OLD BackTrack v2.0 Final
    Replies: 2
    Last Post: 12-06-2007, 06:30 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •