Page 19 of 23 FirstFirst ... 91718192021 ... LastLast
Results 181 to 190 of 222

Thread: Script for sniffing traffic.

  1. #181
    Senior Member
    Join Date
    Feb 2012
    Location
    Cyberspace
    Posts
    174

    Default Re: Script for sniffing traffic.

    Hi comaX. many thanks for this wonderful script. I have read through all 18 pages of comments and also had watched the video. I have downloaded and installed the script in my machine. Everything seems to run smooth however when I login to twitter / hotmail (I am manually typing the login / password) I do not get these captured. Please note that I have also use yamas -e option too. I am sure there is some settings in my machine which needs to be fixed but I just do not know which needs fixing.

    My Machine:
    BackTrack 5 R2 Gnome 64 bit : Linux bt 3.2.6 x86_64 GNU/Linux : HDD installed.

    Note the messages as I launch yamas

    Code:
     [+] Cleaning iptables 
    [-] Cleaned.
    
     [+] Activating IP forwarding... 
    [-] Activated.
    
     [+] Configuring iptables... 
     To what port should the traffic be redirected to? (default = 8080)
    
    Port 8080 selected as default.
    
     From what port should the traffic be redirected to? (default = 80)
    
    Port 80 selected as default.
    
    
     Traffic from port 80 will be redirected to port 8080 
    [-] Traffic rerouted
    
     [+] Activating sslstrip... 
    Choose filename to output : (default = yamas)
    
     Sslstrip will be listening on port 8080 and outputting log in /tmp/yamas.txt
    
    sslstrip 0.9 by Moxie Marlinspike running...
    
     [-] Sslstrip is running.
    
    
     [+] Activating ARP cache poisoning... 
    
    Gateway : 192.168.1.1      Interface : wlan0
    
    Enter IP gateway adress or press enter to use 192.168.1.1.
    
    192.168.1.1 selected as default.
    
    
    What interface would you like to use? It should match IP gateway as shown above. Press enter to use wlan0.
    
    wlan0 selected as default.
    
    
    We will target the whole network as default. You can discover hosts and enter IP(s) manually by entering D.
    Press enter to default.
    
    
     Targeting the whole network on 192.168.1.1 on wlan0 with ARPspoof
    [-] Arp cache poisoning is launched.  Keep new window(s) running. 
    
     Attack should be running smooth, enjoy.
    
    
    
    Attack is running. You can :
    1. Rescan network.
    2. Add a target (useless if targeting whole network).
    3. Display ASCII correspondence table.
    4. Real-time parsing...
    5. Misc features.
    6. Quit properly.
    
    Enter the number of the desired option.
    Please note the interface and gateway ip are correct.

    Many thanks again.

  2. #182
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    Try using mon0 after setting up wlan0 to run in monitor mode with airmon-ng.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  3. #183
    Senior Member
    Join Date
    Feb 2012
    Location
    Cyberspace
    Posts
    174

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by ShadowMaster View Post
    Try using mon0 after setting up wlan0 to run in monitor mode with airmon-ng.
    Hey thanks but how would being mon0 work. mon0 is to sniff traffic and it cannot associate with an AP. In order to sniff logins/passwords you need to be MITM and mon0 cannot do that.

  4. #184
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    Since when can mon0 not associate with an AP? All monitor mode does is enable the ability to sniff raw packet frames from the ether. This is the first I ever heard about monitor mode decreasing functionality...
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  5. #185
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by hannah View Post
    Hi comaX. many thanks for this wonderful script. I have read through all 18 pages of comments and also had watched the video. I have downloaded and installed the script in my machine. Everything seems to run smooth however when I login to twitter / hotmail (I am manually typing the login / password) I do not get these captured. Please note that I have also use yamas -e option too. I am sure there is some settings in my machine which needs to be fixed but I just do not know which needs fixing.

    My Machine:
    BackTrack 5 R2 Gnome 64 bit : Linux bt 3.2.6 x86_64 GNU/Linux : HDD installed.

    Please note the interface and gateway ip are correct.

    Many thanks again.
    Hi, thanks for reading it all before posting, even I wouldn't go this far. You say it doesn't work for hotmail / twitter. Does it work for others ? Have you tried in private browsing mode to avoid anything being transmitted via cookies for instance ? Did you make sure you were not on an https connection ? Some sites like gmail enforce this type of connection, rendering sslstrip/ettercap useless.
    Since you're using ettercap, have you tried using sslstrip ?

    As for the mon0/wlan0, it's not really relevant here. Indeed I don't think you can associate with an AP in monitor mode, but what you can do is being connected with wlan0 to an AP, and have a pseudo-interface mon0 in monitor mode. In a nutshell, mon0 itself doesn't connect, but the wireless interface can be connected, and in monitor mode.
    But once again, I don't really see how that is relevant here, so unless you guys explain in more details, let's just forget that.

    I have some more ideas, but more troubling too, so I'll wait for your feedback before conjecturing horrid stuff

    //
    I'll risk getting my ass kicked because it's absolutely irrelevant to Backtrack, but there is this project I started that needs help growing : http://msimdb.comax.fr It's a database of movie quotes in music. It suffers greatly from content and anything non-metal. So if you guys are willing to help in anyway you can think of, I'll be super glad ! Mods, sorry for doing this.
    Last edited by comaX; 06-29-2012 at 04:59 AM.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  6. #186
    Senior Member
    Join Date
    Feb 2012
    Location
    Cyberspace
    Posts
    174

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by comaX View Post
    Hi, thanks for reading it all before posting, even I wouldn't go this far. You say it doesn't work for hotmail / twitter. Does it work for others ? Have you tried in private browsing mode to avoid anything being transmitted via cookies for instance ? Did you make sure you were not on an https connection ? Some sites like gmail enforce this type of connection, rendering sslstrip/ettercap useless.
    Since you're using ettercap, have you tried using sslstrip ?
    BTW: I am running version 20120213

    First of all I have tried both option with yamas, I mean the default is with sslstrip and with yamas -e (which activates ettercap). I now have used a browser with all cookies cleared. Have tried https and http authentication site.

    Password box does not show me anything.

    I am sure this script works as it's working with everyone else as it seems. Is there a debug option in this script. Help file does not say of there is any. Any idea will be appreciated.

    @ShadowMaster
    Now in regards to mon0 issue, what I meant that you cannot get ip address from an AP through mon0. Hence no gateway and this script is not going to work. Please correct me if I am wrong here.

    Always willing to learn.

    Regards

  7. #187
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    @comaX Ideas are always welcome, no matter how troubling they may be.

    @hannah Why not do what comaX said, which is what I meant, just in more detail. Basically associate with wlan0 and create a pseudo-interface mon0? Also, setting your own default gateway is really not hard... route gw {ip} or some thing very similar, don't remember off hand sorry. I'd be more worried about the no ip, which is also easy to set...
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  8. #188
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by ShadowMaster View Post
    @comaX Ideas are always welcome, no matter how troubling they may be.
    The troubling idea would be that they changed the authentication process and I might have to change the parser, which was a pain in the arse back then, and now that I don't have everything in mind, I fear it would be again, with the necessity to first understand what I wrote back then... So yeah, it's troubling

    @Hannah : you didn't tell me if it worked for other sites or not. Are you using a local connection page maybe ? (fr.msn.com ; us.msn.com... I just made them up, but you know what I mean)
    Last edited by comaX; 06-29-2012 at 11:11 AM.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  9. #189
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    comaX, I know that fell bro. I am writing a perl script to help with ASM ghostwriting automation, and since I don't really know perl, and refuse to write it in py, I basically lost track of the number of times I've had to rewrite portions and figure out what I wanted to do with them. Incidentaly, anyone who knows perl and is willing to help would be amazing. I don't want to post it in the forums until its done though.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  10. #190
    Senior Member
    Join Date
    Feb 2012
    Location
    Cyberspace
    Posts
    174

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by comaX View Post
    @Hannah : you didn't tell me if it worked for other sites or not. Are you using a local connection page maybe ? (fr.msn.com ; us.msn.com... I just made them up, but you know what I mean)
    No so far it did not work for any other sites either. Yes I have tried sites like http://www.backtrack-linux.org/ as well which is not https. Anyway is there any config file (e.g; etter.conf ) I need to manually change or does your script do that automatically.

    What I am thinking now to get sslstrip / ettercap manually working in my machine and then proceed.

    @ShadowMaster: Will heed your advice.

Page 19 of 23 FirstFirst ... 91718192021 ... LastLast

Similar Threads

  1. Sniffing SSL Traffic on any application?
    By mortalz in forum Beginners Forum
    Replies: 3
    Last Post: 01-02-2011, 03:36 AM
  2. Replies: 10
    Last Post: 07-12-2010, 03:04 PM
  3. sniffing traffic
    By samer in forum OLD Pentesting
    Replies: 3
    Last Post: 03-27-2009, 01:39 PM
  4. Sniffing traffic between AP and Client.
    By cool_recep in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-11-2008, 09:33 AM
  5. Sniffing Webcam traffic? How to do it?
    By Back|Track_user in forum OLD BackTrack v2.0 Final
    Replies: 2
    Last Post: 12-06-2007, 06:30 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •