Script for sniffing traffic.

**comaX** · 11-25-2012, 06:33 AM

Originally Posted by airwolf3000

Comax, I have never have any problem with with script, no matter what version, I think its wonderful and as long as you keep updating it, I'll keep on using.[...]

Thanks Comax

Originally Posted by wewe73

i used this script against my smart phone and laptop win 7 with the latest security software and did not let me down. i have said thank you thank you before and here i am again saying big thanks to comax :-)

Gentlemen, I am humbled. Thanks for the positive feedback !

**ShadowMaster** · 11-27-2012, 04:31 PM

I'm still not giving up on my dream of seeing ettercap filters as one of the options comaX. How's that coming along?

**comaX** · 11-27-2012, 06:17 PM

Oh man... I am so f'ing swamped right now... I started writing a new version (and not update) of Yamas a while back but haven't had the time to do much on it... This year was supposed to be easier study-wise, but guess what? It absolutely is not. It's worse. If I get the time during the holidays I'll try to work on it, but I'm supposed to be preparing exams for early January.

I'll keep you guys posted.

**aronian** · 12-06-2012, 04:04 PM

Hi, first of all... awesome script !! Now, I was just wondering, is there is a way to know exactly from which IP address the logs are coming if you are poisoning a whole network? And is it possible to stop the ARP poisoning on just the selected IP, but continuing poisoning the whole network?

I am asking this because there a lots of SSL pages (like facebook or hotmail) that after running the script, they send to us the username and password information but the user is not able to correctly access them, for example in hotmail the user returns to the login page again and again, and in facebook the user can access to his account but it doesn't load properly.

So my idea was to stop the ARP poisoning on just the selected IP address once I got his credentials, so he will now be able to correctly access to all pages.

Of course I am not intending to do this for the wrong purposes, I just think that if you are going to test your network doing a MITM, you should do it right without anyone noticing what you are doing, even you have their authorization to do so.

**FettMaster** · 12-23-2012, 08:32 PM

Hi. The Script itś great, but since I use BT5R3 the scripts doesnt works fine.

Itś run smooth, but the password windows doesnt show anything. I'm triying facebook, twitter, gmail, etc. and nothing. anyone can help me? Thanks a lot.

**comaX** · 12-24-2012, 04:45 AM

Originally Posted by aronian

Hi, first of all... awesome script !! Now, I was just wondering, is there is a way to know exactly from which IP address the logs are coming if you are poisoning a whole network? And is it possible to stop the ARP poisoning on just the selected IP, but continuing poisoning the whole network?

That is not possible, unfortunately. What you can do is attack all connected equipment independently, and then stop them separately. And, nope, sslstrip doesn't log lan IP. You could run wireshark aside to check for matching packets.

Originally Posted by aronian

I am asking this because there a lots of SSL pages (like facebook or hotmail) that after running the script, they send to us the username and password information but the user is not able to correctly access them, for example in hotmail the user returns to the login page again and again, and in facebook the user can access to his account but it doesn't load properly.

Yeahp, that's because of sslstrip I think. Have you tried with ettercap ? (yamas -e)

Originally Posted by aronian

So my idea was to stop the ARP poisoning on just the selected IP address once I got his credentials, so he will now be able to correctly access to all pages.
Of course I am not intending to do this for the wrong purposes, I just think that if you are going to test your network doing a MITM, you should do it right without anyone noticing what you are doing, even you have their authorization to do so.

I hear you, but nope, that's just not possible, afaik. Sorry!

**wewe73** · 12-24-2012, 06:10 PM

Originally Posted by FettMaster

Hi. The Script itś great, but since I use BT5R3 the scripts doesnt works fine.

Itś run smooth, but the password windows doesnt show anything. I'm triying facebook, twitter, gmail, etc. and nothing. anyone can help me? Thanks a lot.

it works just fine over here using BT5-R3

**bahaeddine4** · 12-25-2012, 08:58 PM

i haven't tried this yet but does it work in the secure mode (https) ?

**KillerKenny** · 01-07-2013, 01:44 AM

The "password" window is only saying

"Parsing /tmp/yamas.txt for credentials."

What does it mean?

**comaX** · 01-07-2013, 01:39 PM

Originally Posted by bahaeddine4

i haven't tried this yet but does it work in the secure mode (https) ?

You should know more about how it works. Hint : sslstrip.

Originally Posted by KillerKenny

The "password" window is only saying

"Parsing /tmp/yamas.txt for credentials."

What does it mean?

Means it hasn't found anything yet.

BackTrack Linux - Penetration Testing Distribution

Thread: Script for sniffing traffic.

Thread Tools

Search Thread

Display

Re: Script for sniffing traffic.

Re: Script for sniffing traffic.

Re: Script for sniffing traffic.

Re: Script for sniffing traffic.

Respuesta: Script for sniffing traffic.

Re: Script for sniffing traffic.

Re: Respuesta: Script for sniffing traffic.

Re: Script for sniffing traffic.

Re: Script for sniffing traffic.

Re: Script for sniffing traffic.

Similar Threads

Sniffing SSL Traffic on any application?

CAG-Script - Bash script to automate MITM's, deauth's, passive sniffing, etc

sniffing traffic

Sniffing traffic between AP and Client.

Sniffing Webcam traffic? How to do it?

Tags for this Thread

Posting Permissions