Jump to content

Networking Sniffing: Usernames/Passwords/Chat/Mail/etc.


The Coding Team
 Share

Recommended Posts

Hypothetically, let's say I'm a network administrator running a Debian 5.0 linux box for my Internet router/gateway. Is there such a software package that exists that will automatically grab any interesting information going thru my gateway (obviously, I'd run the logging software -on- the gateway machine).

I'd like to do this without the client machines having to be modified in any way (Ie: no socks/proxies/etc).

Now if this was possible, I suppose I'd be interested in logging as much information as I can about each individual MAC address, such as websites visited, POP/IMAP email sent/read, usernames/passwords, Instant Messaging transcripts, etc.

I know I could whip something up using ngrep, etc... I'm just looking to see if there is already an all-in-one type solution, perhaps it would log information to a MySQL database or something.

Link to comment
Share on other sites

  • 4 weeks later...

Ya, there's not really any 'all-in-one' the issue with that type of thing, is its really only 'all-in-one' for a few people in the situation.. Think about adobe products.. They are amazing in parts because they all are so damn powerful, but if you have them all you can do anything. So ya, I would agree with:

ettercap, sslstrip, wireshark

one thing I can say might help, is NetWitness it reconstruct the packets into a nice GUI for more or less your "Network IT" use.. There is a free version they includes demo data to see how it works/sorts things.. One nice thing is that it will rebuild emails including images if you grab them too.

http://download.netwitness.com/download.php?src=DIRECT

Link to comment
Share on other sites

wireshark and tcpdump will literally capture everything.

Right, I understand that.. I was looking for a program that organizes all of the captured data into a nice little browser interface or something. Like a tab for email captures, a tab for IM captures, a tab for websites visited, etc.

Like I said, I know I could write something myself, I just figured there was something out there already. I know there are commercial solutions to do just that already.

Link to comment
Share on other sites

Well, there are probably tools out there that can filter per need, but for th emost part, set capture files for each desired search. You can define pre-capture filters so it only grabs specific results, such as pop, snmp, http auth basic, post, ftp, etc, etc... Then just archive the logs each day, and start new captures, analyze at your convenience.

There is a program called ace password sniffer for windows, im sure there are *nix alternatives out there, and probably even some other ones for hardware setups, like routers and firewalls. Im not 100% positive, but I think cisco's MARS can do a bit of this as well.

Link to comment
Share on other sites

Right, I understand that.. I was looking for a program that organizes all of the captured data into a nice little browser interface or something. Like a tab for email captures, a tab for IM captures, a tab for websites visited, etc.

I would look into NetWitness, It does all that and has all the protocols built into it so it knows how to handle everything from email to IM

Link to comment
Share on other sites

I would look into NetWitness, It does all that and has all the protocols built into it so it knows how to handle everything from email to IM

I ph33r any program that embeds IE into it to function, while trying to get you to register to even use it. If you wanted to filter traffic, learn to use Wireshark, does the same thing, no registration required to use it, and does not embed Internet Explorer as its built in browser(becaue Wireshark isnt a browser).

Link to comment
Share on other sites

Right, I understand that.. I was looking for a program that organizes all of the captured data into a nice little browser interface or something. Like a tab for email captures, a tab for IM captures, a tab for websites visited, etc.

Like I said, I know I could write something myself, I just figured there was something out there already. I know there are commercial solutions to do just that already.

try Xplico.

Link to comment
Share on other sites

  • 10 months later...

can some please help me im test different websites with sslstrip with opera,explorer 8 and firefox 3.6

the site paypal sslstrip goes through on opera explorer 8 but not firefox it detects it

comes up untrusted network

im using bt4

sslstrip -l 10000

prerouting and ipv4 forwarding tried all differnt varinats sslstrip -a -k -f and others cant get passed it has firefox patched this

Link to comment
Share on other sites

can some please help me im test different websites with sslstrip with opera,explorer 8 and firefox 3.6

the site paypal sslstrip goes through on opera explorer 8 but not firefox it detects it

comes up untrusted network

im using bt4

sslstrip -l 10000

prerouting and ipv4 forwarding tried all differnt varinats sslstrip -a -k -f and others cant get passed it has firefox patched this

You will experience that warning whenever using SSLStrip, there are certainly ways to overcome that, one of them would be getting hold of the original certificate.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...