Page 3 of 23 FirstFirst 1234513 ... LastLast
Results 21 to 30 of 222

Thread: Script for sniffing traffic.

  1. #21
    Just burned his ISO
    Join Date
    May 2007
    Location
    West Sussex, England
    Posts
    8

    Default Re: Script for sniffing traffic.

    Thank you for the script.


    SRT.

  2. #22
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    14

    Default Re: Script for sniffing traffic.

    Yup, those are sslstrip/python errors, they're not from my script, and I can't do anything about that. Did you update to sslstrip 0.9 ? It's less buggy.
    All I can try to do is to shut verbosity of error output... I didn't think about that, I'll do that too !

    [Edit] Status : DONE
    Yup, now it's all quiet ! I just had to add "2> /dev/null". But errors still happen. Anyway, since they are not fatal, nor disrupt anything... It's all good !
    Ok thx comaX. I have the 0.9v but the errors still exists. I dont currently have any BT4 install to check if they exists there also, so we can see if its the sslstrip problem or something else.

  3. #23
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    A day later than expected, v0.7.4 is out ! I will also probably do a demo video in the next few days. Stay tuned, and as always, please give feedback !

    (About urlsnarff, and url parsing, I didn't have much time to look into it... Maybe later !)
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  4. #24
    Just burned his ISO
    Join Date
    May 2011
    Posts
    15

    Default Re: Script for sniffing traffic.

    I don't think I mentioned it yet, but great script and I appreciate the work you are putting into it.

    Problem with Line 88: "chmod +x /usr/bin/mitm #make newly installed script executable" mitm is missing the ".sh" and is throwing an error when running the update option.

    Also, at the end of the script, after the parser is launched, the script is just waiting to be killed. Could you make a loop at the end to accept several options instead?
    1. Re-scan network. This would be to find new targets that may have joined.
    2. Add a new target for arpspoof (e.g. "a 192.168.1.106")
    3. Quit

    A new single target doesn't make much since if you are already spoofing the whole subnet. I don't know that it's possible to have an option to kill an existing single arpspoof instance, but as long as you can get to the window you can ctrl+c any existing instance to shut it down without the scripts help. Can the title of the arpspoof windows include the IP address?

    With a chose list like this it may make more since to start sslstrip and parsing first and then just drop the user into the choice list.

    Sorry if I'm suggesting something too complex. I'm not familiar at all with the scripting.

  5. #25
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Those are pretty good ideas !
    the problem at line 88 might already have been corrected, but I'll check, thanks for reporting
    EDIT : I tried updating, and I had no problem... But I changed it to $0 anyway, just to make sure !

    At the end, no need for a "loop". I think, waiting for something to do is fine ! And instead of waiting for "quit" it could wait for different things
    Scanning the network could become a function like scan() [by the way, I should really get a better way of scanning... That was early quick-fix, but I find it a little bit barbarian !].
    Adding a target to arpspoof shouldn't be a problem either, another function to be called, that would launch another xterm arpspoof window. Killing them from the script (apart from final cleanup) would be too complex I think, and since there is no automation to be done here (I won't read arpspoof's output to know if target is still reachable... You still have to do two-three things, on purpose !), I don't see any purpose in doing that :P

    With that said, if you are already targeting the whole network, the later option would be useless... But, that's doable !

    And then, quitting, of course !

    Yeah, I like it ! I'll work on that when I have time (this is much bigger than anything else I was suggested !).

    I also have been suggested to make default option for the ports for instance. What do you think I should do about that ? It makes sense since it's an automation tool, but it's also a learning tool, so typing in a few ports, knowing why you choose them is to me a good thing. I'm really hesitating here, so just tell me what you people would rather like !

    Thanks again for the feedback !
    Last edited by comaX; 05-24-2011 at 06:26 PM.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  6. #26
    Just burned his ISO
    Join Date
    May 2011
    Posts
    15

    Default Re: Script for sniffing traffic.

    The script is already hiding a lot of the complexity of the process. I don't think that people will be missing out on much more knowledge by defaulting ports. Also you can implement it in a way where the user will at least see what the default port is. For example "Choose a port for sslstrip (Enter = 10000)".

    The suggestion of the loop was so that you wouldn't have to write a limited number of prompts for the user to respond to. In the existing script its 4 occurrences of mostly the same prompt at the end. If you put a big decision prompt with all options in a loop you could write it once and the user wouldn't be limited to the number of times they could choose one of the options. Again if you are coming from the stance of spoofing the entire network, there's not much use. If you are instead isolating to just a few targets and looking for others to add then it makes more since.

    Of course the user can have the exact same functionality by just opening another terminal and running the additional arpspoof commands there. All logs still go to the same sslstrip log and still get parsed by the same process.

    Also for target discovery I see a lot of suggestions for nmap. I usually use "nmap -sn 192.168.1.*" for a very quick discovery of hosts in the subnet. I'm sure there are much better methods.

  7. #27
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: Script for sniffing traffic.

    OPTIMUS! script !thanks a lot! work perfect in bt5!!!

  8. #28
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by ShortBuss View Post
    The script is already hiding a lot of the complexity of the process. I don't think that people will be missing out on much more knowledge by defaulting ports. Also you can implement it in a way where the user will at least see what the default port is. For example "Choose a port for sslstrip (Enter = 10000)".

    The suggestion of the loop was so that you wouldn't have to write a limited number of prompts for the user to respond to. In the existing script its 4 occurrences of mostly the same prompt at the end. If you put a big decision prompt with all options in a loop you could write it once and the user wouldn't be limited to the number of times they could choose one of the options. Again if you are coming from the stance of spoofing the entire network, there's not much use. If you are instead isolating to just a few targets and looking for others to add then it makes more since.

    Of course the user can have the exact same functionality by just opening another terminal and running the additional arpspoof commands there. All logs still go to the same sslstrip log and still get parsed by the same process.

    Also for target discovery I see a lot of suggestions for nmap. I usually use "nmap -sn 192.168.1.*" for a very quick discovery of hosts in the subnet. I'm sure there are much better methods.
    The default thing was suggested by "Binx", and is already ready to use, thanks to him. And it's just as you said. [edited]

    Edit : finally it was pretty simple, and I like the result ! There are the 3 choices you proposed, which seem enough, but if anyone has more suggestion, let them come ! I also changed the host discovery feature too something way better. It should have been done a long time ago too, I guess more people using it and giving feedback helps rethinking things

    Thanks again

    Ps : current version is v0.7.5 !
    Last edited by comaX; 05-26-2011 at 08:39 PM.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  9. #29
    Just burned his ISO
    Join Date
    May 2011
    Posts
    15

    Default Re: Script for sniffing traffic.

    I've never tried to write bash, so please forgive any formatting errors or any misunderstandings of what limitations you are working under. Here is a rough flow I was thinking of:

    1. IP Tables Cleanup
    2. Start sslstrip
    3. Start loop parse
    4. Decision loop:
    Code:
    while :
    do
            echo "What now? (q = quit, s = scan for hosts, a = arpspoof full network, t <ip> = arpsoof single ip)
            read -e decision
            if [[decision = "q"]] ; then
                    cleanup
            elif [[decision = "s"]] ; then
                    call to scan method here
            elif [[decision = "a"]] ; then
                    call to arpspoof full network here
            elif [[decision = "t"]] ; then
                    call to arpspoof single ip here
            else 
                    statement about bad command entry here
            fi
            done
    The idea is to setup and kick off all the necessary stuff first. Then execute the more detailed work based on user input. I do understand this may be going beyond your intentions for the script.

  10. #30
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by ShortBuss View Post
    I've never tried to write bash, so please forgive any formatting errors or any misunderstandings of what limitations you are working under. Here is a rough flow I was thinking of:[edited].
    Seems like your post appeared after mine in the end...

    I did a pretty major update this morning, so if you are using the script on a regular basis, I suggest you check it !
    I also did a demonstration video, but it's fast and short. I will maybe try to make a better one when I have more time, with music and all.
    (How about some portal 2 song ? Or maybe I'll stick to death metal. Tell me what you'd rather like !)


    Keep the feedback coming !

    [version on 29/05/11 : 0.7.7]
    Running both KDE and GNOME BT5 flawlessly. Thank you !

Page 3 of 23 FirstFirst 1234513 ... LastLast

Similar Threads

  1. Sniffing SSL Traffic on any application?
    By mortalz in forum Beginners Forum
    Replies: 3
    Last Post: 01-02-2011, 03:36 AM
  2. Replies: 10
    Last Post: 07-12-2010, 03:04 PM
  3. sniffing traffic
    By samer in forum OLD Pentesting
    Replies: 3
    Last Post: 03-27-2009, 01:39 PM
  4. Sniffing traffic between AP and Client.
    By cool_recep in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-11-2008, 09:33 AM
  5. Sniffing Webcam traffic? How to do it?
    By Back|Track_user in forum OLD BackTrack v2.0 Final
    Replies: 2
    Last Post: 12-06-2007, 06:30 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •