Page 15 of 23 FirstFirst ... 51314151617 ... LastLast
Results 141 to 150 of 222

Thread: Script for sniffing traffic.

  1. #141
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    It's always interesting to demonstrate that an attacker can study your browsing habits and use that knowledge to exploit a computer/steal passwords (dns poisoning/phising/etc...).
    I certainly agree with you but you'll find urlsnarf informations in sslstrip's logs... So it doesn't bring anything new, imo.

    Xplico is an interesting (and powerful) tool. It's best run on a dump (live capture mode is not as useful). It's easiest used through its web GUI so I agree wouldn't integrate well with yamas - just mentioned it while we were discussing image extraction.
    All right, thanks, I thought you mentionned it for yamas, not as general knwoledge. But it makes more sense this way and it sure seems to be a nice tool ! I'll try to have a go at it when I figured how to launch it
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  2. #142
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by comaX View Post
    I certainly agree with you but you'll find urlsnarf informations in sslstrip's logs... So it doesn't bring anything new, imo.
    I'll be honest, I never looked inside a sslstrip log, so I don't know what's inside it. Have you compared the results from both tools, to check if they match?

  3. #143
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Sslstrip logs contains pretty much everything that happens on the network. You'll get a load of crap, headers, requests, etc. In urlsnarf, you only get the requests like GET. So, it's a little more readable than sslstrip logs, but to obtain the same result the parsing would be easy.
    urlsnarf :
    192.168.1.3 - - [23/Jul/2008:15:41:52 -0700] "GET http://suggestqueries.google.com/com...=en-US&q=sguil HTTP/1.1" - - "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1"
    sslstrip
    011-11-17 15:27:50,528 Resolved host successfully: clients2.google.com -> 209.85.147.113
    2011-11-17 15:27:50,529 Sending request via HTTP...
    2011-11-17 15:27:50,573 HTTP connection made.
    2011-11-17 15:27:50,573 Sending Request: GET /service/update2/crx?
    2011-11-17 15:27:50,574 Sending header: accept-charset : windows-1252,utf-8;q=0.7,*;q=0.3
    2011-11-17 15:27:50,574 Sending header: connection : keep-alive
    2011-11-17 15:27:50,574 Sending header: accept-language : fr,en-US;q=0.8,en;q=0.6
    2011-11-17 15:27:50,574 Sending header: host : clients2.google.com
    2011-11-17 15:27:50,574 Sending header: user-agent : Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2
    Ok, sslstrip logs are more verbose, but if you do something like cat sslstrip.log | grep "Resolved host successfully:", you should get the browsed websites...

    Example on one of my logs with egrep -i -a -e "Resolved host successfully:" /root/sslstrip.log
    2011-11-17 15:27:22,486 Resolved host successfully: safebrowsing.clients.google.com -> 173.194.67.101
    2011-11-17 15:27:22,731 Resolved host successfully: safebrowsing-cache.google.com -> 209.85.227.139
    2011-11-17 15:27:26,931 Resolved host successfully: whos.amung.us -> 67.202.94.93
    2011-11-17 15:27:28,606 Resolved host successfully: www.facebook.com -> 69.171.242.14
    2011-11-17 15:27:31,875 Resolved host successfully: 0-74.channel.facebook.com -> 66.220.145.41
    2011-11-17 15:27:47,956 Resolved host successfully: whos.amung.us -> 67.202.94.93
    And it wouldn't be too hard to keep only certain columns with awk or cut...
    Last edited by comaX; 02-12-2012 at 08:24 AM.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  4. #144
    Just burned his ISO
    Join Date
    Sep 2011
    Posts
    5

    Default Re: Script for sniffing traffic.

    Make the Xplico run into BackTrack 5 is a real pain in the ass. When I wanted to try it, after losing some hours in vain, I only downloaded the VM from Xplico's website.

  5. #145
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Hi guys ! Quick post to tell you there were updates made ! It should be easier to run it on other linux platforms, and some stuff here and there.

    As stated in the "message of the day" feature, I'm dropping urlsnarf since I didn't get much positive feedback about it.
    With that said, if you guys really want something that'll show the browsed websites, I can do it just like I showed you two posts before this one. Tell me what you'd like !
    Cheers !
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  6. #146
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by comaX View Post
    Hi guys ! Quick post to tell you there were updates made ! It should be easier to run it on other linux platforms, and some stuff here and there.

    As stated in the "message of the day" feature, I'm dropping urlsnarf since I didn't get much positive feedback about it.
    With that said, if you guys really want something that'll show the browsed websites, I can do it just like I showed you two posts before this one. Tell me what you'd like !
    Cheers !
    It may be a prob with my script, but when like I always do: by typing in yamas in the term, I get "No update available Script is installed", but the message of the day changes to the url snarf thing. I'm assuming that's not normal...
    Also, you may want to add a -u feature in the script, because when I only want to update, not run it, I still have to go through the whole rigmarole of settings options, and cleaning up. -u would be so much more convenient. Thanks.
    Last edited by ShadowMaster; 02-15-2012 at 01:09 PM.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  7. #147
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Noted for the -u option, I'll work on that !
    With that said, I myself have to update the same way you guys do. And when I just need to update it, I wait for the message to be displayed and then ctrl+c.
    But yeah, an update option would be better
    And yeahp, it's normal that the message of the day changes without an update. It's curled from my website on launch. You can deactivate that with the silent mode (-s).
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  8. #148
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by comaX View Post
    Noted for the -u option, I'll work on that !
    With that said, I myself have to update the same way you guys do. And when I just need to update it, I wait for the message to be displayed and then ctrl+c.
    But yeah, an update option would be better
    And yeahp, it's normal that the message of the day changes without an update. It's curled from my website on launch. You can deactivate that with the silent mode (-s).
    I get the message, that's fine. What I meant was: I got the NEW message, but NOT the NEW script...
    Isn't it supposed to update?... I'm still using the last revision, and it says no update is available. feb 2.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  9. #149
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Ouch... I must have **** up somewhere along the way. I'll look into it, thanks for reporting !
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  10. #150
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    Of course I report. I love this tool, I want the newest version.
    That being said I'm not clear on the syntax to use fakessl? I see the option to add the favicon, I see the option to use ettercap, but where do I add in the fake ssl? Perhaps, if -e has been selected, you could make that one of the additional options. To use sslstrip for most, but for some websites/browsers, allow for fakessl?
    World Domination is such an ugly phrase. I prefer the term World Optimization.

Page 15 of 23 FirstFirst ... 51314151617 ... LastLast

Similar Threads

  1. Sniffing SSL Traffic on any application?
    By mortalz in forum Beginners Forum
    Replies: 3
    Last Post: 01-02-2011, 03:36 AM
  2. Replies: 10
    Last Post: 07-12-2010, 03:04 PM
  3. sniffing traffic
    By samer in forum OLD Pentesting
    Replies: 3
    Last Post: 03-27-2009, 01:39 PM
  4. Sniffing traffic between AP and Client.
    By cool_recep in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-11-2008, 09:33 AM
  5. Sniffing Webcam traffic? How to do it?
    By Back|Track_user in forum OLD BackTrack v2.0 Final
    Replies: 2
    Last Post: 12-06-2007, 06:30 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •