Page 4 of 23 FirstFirst ... 2345614 ... LastLast
Results 31 to 40 of 222

Thread: Script for sniffing traffic.

  1. #31
    Just burned his ISO
    Join Date
    May 2011
    Posts
    15

    Default Re: Script for sniffing traffic.

    Thanks for the continued updates. I haven't had a chance to run it again yet, but am poking through the code. Couple of things:

    1. The add_target function doesn't seem to use the target IP in the title. This is done now in the initially created arpspoof commands, just not the ones from the add_target call.

    2. I couldn't get the demo video to play. May have just been me. I'll try it again later. I hit the "Demo Video" button and it poped up the viewer, but it just never started. The progress bar kept spinning.

    3. In the loop parse, I still don't have any great ideas. It may be better to have a button to request refresh rather than auto refreshing every 5 seconds. At least this way you'd have the chance to scroll through or copy paste if needed. Of course if you can figure out a way to request a pause while it auto refreshes that would be even better. What about if you wrote to a file and then ran the tail command to continually monitor that file for new data and display the tail output in the window: "tail -f filename"

  2. #32
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    3

    Default Re: Script for sniffing traffic.

    Hi all!
    That's I see in the file yamas.pass.txt - but... And where are passwords!? Thanks!

    Login = 3Y%2DQD8M5NERYLLMCCL4EIFRYFVVB4BT9
    Login = '+encodeURIComponent(document.getElementById('emai l_toemail').value)+'
    Password = ' + document.getElementById('edit_password').value;

    Login = kimble
    Login = "http://nht-2.extreme-dm.com/n2.g?login
    Login = kimble
    Login = "http://nht-2.extreme-dm.com/n2.g?login
    Login = '+encodeURIComponent(document.getElementById('emai l_toemail').value)+'
    Password = ' + document.getElementById('edit_password').value;

    Login = kimble
    Login = "http://nht-2.extreme-dm.com/n2.g?login
    Login = '+encodeURIComponent(document.getElementById('emai l_toemail').value)+'
    Password = ' + document.getElementById('edit_password').value;

    Login = kimble
    Login = "http://nht-2.extreme-dm.com/n2.g?login
    Login = 3Y-QD8M5NERYLLMCCL4EIFRYFVVB4BT9
    Login = "+a(h):"",google.j

  3. #33
    Just burned his ISO
    Join Date
    May 2011
    Posts
    1

    Default Re: Script for sniffing traffic.

    im testing the lastest version v0.8 and doesnt seems to show the logins and passwords

  4. #34
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by ShortBuss View Post
    Thanks for the continued updates. I haven't had a chance to run it again yet, but am poking through the code. Couple of things:

    1. The add_target function doesn't seem to use the target IP in the title. This is done now in the initially created arpspoof commands, just not the ones from the add_target call.

    2. I couldn't get the demo video to play. May have just been me. I'll try it again later. I hit the "Demo Video" button and it poped up the viewer, but it just never started. The progress bar kept spinning.

    3. [looping, parsing, tailing stuff]
    1. DONE
    2. Works for me ! Maybe a codec problem ? Try again (also might take some time to load, even if the vid is only 2Mo...)
    3. cf end of post.

    Quote Originally Posted by portos View Post
    Hi all!
    That's I see in the file yamas.pass.txt - but... And where are passwords!? Thanks!

    Login = 3Y%2DQD8M5NERYLLMCCL4EIFRYFVVB4BT9
    Login = '+encodeURIComponent(document.getElementById('emai l_toemail').value)+'
    Password = ' + document.getElementById('edit_password').value;
    That's just junk, but you should know it since you were the one to type in the password, right ? You are using it on your own personal network, targeting yout own machine right ?

    Anyway, that's output from the old parsing method, so I suggest you update : there is now a lot less junk, and the website from which credentials were sniffed are displayed !

    I also added an option to tail the log file, in order to make sure we are sniffing traffic.

    Those last two feature must be tested though, since I couldn't much, lacking of time, and having had a horrible connection when I tried.

    So, update, report, enjoy !

    [Current version as of 03/06/11 : v0.8.1]
    Last edited by comaX; 06-04-2011 at 10:14 AM.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  5. #35
    Just burned his ISO
    Join Date
    May 2011
    Posts
    15

    Default Re: Script for sniffing traffic.

    The new install and update work perfectly for me now. I'll try out the new version soon.

  6. #36
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: Script for sniffing traffic.

    I like what you did with the realtime password detection. I have that as a todo in easy-creds. I am just wondering if things don't get missed with so many "custom" values for usernames & passwords. Seems like that egrep line of code would just continue to grow.

    It might make sense to have a defs file and then let your scrip run against that. Just call a script to parse the sslstrip log against a def file every 10 secs or so.

    I have noticed as I continue to use the script I find values that are not currently caught by the defs file in easy-creds and add them as I go.

    Great script. With ettercap behaving badly in BT5 ARP spoof may have to be the way to go. Kind of hard though when you are trying to poison 100 systems or so.

    Caught a cred with easy-creds that cain didn't pick up. (port 389 traffic) Was able to crack the corp with it. Always great to have another tool in the bag like this script, thanks for sharing.

    Happy hunting!

    P.s. I'm gonna "borrow" your real-time detection if that's ok with you....

  7. #37
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by ericmilam View Post
    I like what you did with the realtime password detection. I have that as a todo in easy-creds. I am just wondering if things don't get missed with so many "custom" values for usernames & passwords. Seems like that egrep line of code would just continue to grow.

    It might make sense to have a defs file and then let your scrip run against that. Just call a script to parse the sslstrip log against a def file every 10 secs or so.
    I don't think anything gets missed ; in all my test, i never missed anything, and nobody ever reported about not finding anything, so I believe it's efficient ! The egrep line is not very pretty, for sure but I can't seem to do that in awk... In which case I'd just do a parser.awk script...
    Before doing this script, I found yours, and as I posted before (in BT4 forums) I didn't like the definition file thing, for the simple reason it's restricitive, and it requires a second file (btw, why not generating it instead of downloading it as a separate thing ?). I never got to add things to your defs file so I thought "fcuk it, i'll do my own", and that's how I started !

    Quote Originally Posted by ericmilam View Post
    Great script. With ettercap behaving badly in BT5 ARP spoof may have to be the way to go. Kind of hard though when you are trying to poison 100 systems or so.
    Thanks ! I'll trust you about attacking a 100 systems with arpspoof, since I never got to do more than about a ten at a time !

    Quote Originally Posted by ericmilam View Post
    Caught a cred with easy-creds that cain didn't pick up. (port 389 traffic) Was able to crack the corp with it. Always great to have another tool in the bag like this script, thanks for sharing.
    Once again, thank you ! I hope this helps !

    Happy hunting!

    Quote Originally Posted by ericmilam View Post
    P.s. I'm gonna "borrow" your real-time detection if that's ok with you....
    That would be an honour, please do ! If you can add some credits, that would be perfect, if not, I won't sue you nor hold any grudge against you
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  8. #38
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by comaX View Post
    I don't think anything gets missed ; in all my test, i never missed anything, and nobody ever reported about not finding anything, so I believe it's efficient !
    Well, I would just say it hasn't been tested enough places yet You'll find that different sites have diff values and though you've done a great job grabbing the most common, you'll find you'll need to continue to add to that egrep statement. How do you think Cain does it? It has a large set of values for username & password that it compares against.

    You may not have the same defs file as easy-creds, but you are trying to do the same "magic" in your egrep/awk line of code. I know because I tried too and the best way, or what I found for me the most accurate way was to build a specific defs file. The defs file can and should be added to. I recently made a post on how to do it.

    I've got a red team pt in a few weeks, I'll give your script a run and provide feedback. In the end though, I think you may end up succumbing to a defs file...perhaps one just more elegant than mine

  9. #39
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Quote Originally Posted by ericmilam View Post
    Well, I would just say it hasn't been tested enough places yet You'll find that different sites have diff values and though you've done a great job grabbing the most common, you'll find you'll need to continue to add to that egrep statement. How do you think Cain does it? It has a large set of values for username & password that it compares against.

    You may not have the same defs file as easy-creds, but you are trying to do the same "magic" in your egrep/awk line of code. I know because I tried too and the best way, or what I found for me the most accurate way was to build a specific defs file. The defs file can and should be added to. I recently made a post on how to do it.

    I've got a red team pt in a few weeks, I'll give your script a run and provide feedback. In the end though, I think you may end up succumbing to a defs file...perhaps one just more elegant than mine
    Yeah, I found your post about how adding them just yesterday, and it seemed pretty obvious... I don't know what I did wrong ! It's a great script you have there though, and my only problem with it really was that defs file ! But that's just a personal preference, I'm not saying it's bad

    Your feedback will be very welcomed, I'm looking forward to reading it I'll give again a try to yours to, since I tested it a while ago.

    Thanks again, cheers !
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  10. #40
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    10

    Default Re: Script for sniffing traffic.

    Liking the work you do.

Page 4 of 23 FirstFirst ... 2345614 ... LastLast

Similar Threads

  1. Sniffing SSL Traffic on any application?
    By mortalz in forum Beginners Forum
    Replies: 3
    Last Post: 01-02-2011, 03:36 AM
  2. Replies: 10
    Last Post: 07-12-2010, 03:04 PM
  3. sniffing traffic
    By samer in forum OLD Pentesting
    Replies: 3
    Last Post: 03-27-2009, 01:39 PM
  4. Sniffing traffic between AP and Client.
    By cool_recep in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-11-2008, 09:33 AM
  5. Sniffing Webcam traffic? How to do it?
    By Back|Track_user in forum OLD BackTrack v2.0 Final
    Replies: 2
    Last Post: 12-06-2007, 06:30 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •