Networking Sniffing: Usernames/Passwords/Chat/Mail/etc.

[The Coding Team]

Hypothetically, let's say I'm a network administrator running a Debian 5.0 linux box for my Internet router/gateway. Is there such a software package that exists that will automatically grab any interesting information going thru my gateway (obviously, I'd run the logging software -on- the gateway machine).

I'd like to do this without the client machines having to be modified in any way (Ie: no socks/proxies/etc).

Now if this was possible, I suppose I'd be interested in logging as much information as I can about each individual MAC address, such as websites visited, POP/IMAP email sent/read, usernames/passwords, Instant Messaging transcripts, etc.

I know I could whip something up using ngrep, etc... I'm just looking to see if there is already an all-in-one type solution, perhaps it would log information to a MySQL database or something.

[d4rkfe4r]

ettercap, sslstrip, wireshark

[c0r]

Take a look at Irongeeks

website and look for his wireless security class.

Very helpfull for what you are looking for.

Linux:wireshark, ettercap...

Windows:cain&abel,...

Happy reading..learning..

c

[The Coding Team]

ettercap, sslstrip, wireshark

So I'll assume that means NO, there is no all-in-one solution to grab interesting information off the wire. I can't believe that. I know there are commercial packages available, there must be something open source somewhere.

[SirWolfgang]

Ya, there's not really any 'all-in-one' the issue with that type of thing, is its really only 'all-in-one' for a few people in the situation.. Think about adobe products.. They are amazing in parts because they all are so damn powerful, but if you have them all you can do anything. So ya, I would agree with:

ettercap, sslstrip, wireshark

one thing I can say might help, is NetWitness it reconstruct the packets into a nice GUI for more or less your "Network IT" use.. There is a free version they includes demo data to see how it works/sorts things.. One nice thing is that it will rebuild emails including images if you grab them too.

http://download.netwitness.com/download.php?src=DIRECT

[Sparda]

wireshark and tcpdump will literally capture everything.

[The Coding Team]

wireshark and tcpdump will literally capture everything.

Right, I understand that.. I was looking for a program that organizes all of the captured data into a nice little browser interface or something. Like a tab for email captures, a tab for IM captures, a tab for websites visited, etc.

Like I said, I know I could write something myself, I just figured there was something out there already. I know there are commercial solutions to do just that already.

[digip]

Well, there are probably tools out there that can filter per need, but for th emost part, set capture files for each desired search. You can define pre-capture filters so it only grabs specific results, such as pop, snmp, http auth basic, post, ftp, etc, etc... Then just archive the logs each day, and start new captures, analyze at your convenience.

There is a program called ace password sniffer for windows, im sure there are *nix alternatives out there, and probably even some other ones for hardware setups, like routers and firewalls. Im not 100% positive, but I think cisco's MARS can do a bit of this as well.

[SirWolfgang]

Right, I understand that.. I was looking for a program that organizes all of the captured data into a nice little browser interface or something. Like a tab for email captures, a tab for IM captures, a tab for websites visited, etc.

I would look into NetWitness, It does all that and has all the protocols built into it so it knows how to handle everything from email to IM

[digip]

I would look into NetWitness, It does all that and has all the protocols built into it so it knows how to handle everything from email to IM

I ph33r any program that embeds IE into it to function, while trying to get you to register to even use it. If you wanted to filter traffic, learn to use Wireshark, does the same thing, no registration required to use it, and does not embed Internet Explorer as its built in browser(becaue Wireshark isnt a browser).

[taiyed14]

Right, I understand that.. I was looking for a program that organizes all of the captured data into a nice little browser interface or something. Like a tab for email captures, a tab for IM captures, a tab for websites visited, etc.

Like I said, I know I could write something myself, I just figured there was something out there already. I know there are commercial solutions to do just that already.

try Xplico.

[beakmyn]

Network Miner

Tamos NetResident

Wireshark then open the capture in Cain&Abel and it will find the passwords.

[r083rt]

can some please help me im test different websites with sslstrip with opera,explorer 8 and firefox 3.6

the site paypal sslstrip goes through on opera explorer 8 but not firefox it detects it

comes up untrusted network

im using bt4

sslstrip -l 10000

prerouting and ipv4 forwarding tried all differnt varinats sslstrip -a -k -f and others cant get passed it has firefox patched this

[Mr-Protocol]

Most people click through warnings. You probably should have made a new topic. And if you are trying to use this to steal people's paypal, you will not get any help here.

[Infiltrator]

can some please help me im test different websites with sslstrip with opera,explorer 8 and firefox 3.6

the site paypal sslstrip goes through on opera explorer 8 but not firefox it detects it

comes up untrusted network

im using bt4

sslstrip -l 10000

prerouting and ipv4 forwarding tried all differnt varinats sslstrip -a -k -f and others cant get passed it has firefox patched this

You will experience that warning whenever using SSLStrip, there are certainly ways to overcome that, one of them would be getting hold of the original certificate.