The Coding Team Posted December 11, 2009 Share Posted December 11, 2009 Hypothetically, let's say I'm a network administrator running a Debian 5.0 linux box for my Internet router/gateway. Is there such a software package that exists that will automatically grab any interesting information going thru my gateway (obviously, I'd run the logging software -on- the gateway machine). I'd like to do this without the client machines having to be modified in any way (Ie: no socks/proxies/etc). Now if this was possible, I suppose I'd be interested in logging as much information as I can about each individual MAC address, such as websites visited, POP/IMAP email sent/read, usernames/passwords, Instant Messaging transcripts, etc. I know I could whip something up using ngrep, etc... I'm just looking to see if there is already an all-in-one type solution, perhaps it would log information to a MySQL database or something. Quote Link to comment Share on other sites More sharing options...
d4rkfe4r Posted December 11, 2009 Share Posted December 11, 2009 ettercap, sslstrip, wireshark Quote Link to comment Share on other sites More sharing options...
c0r Posted December 11, 2009 Share Posted December 11, 2009 Take a look at Irongeeks website and look for his wireless security class. Very helpfull for what you are looking for. Linux:wireshark, ettercap... Windows:cain&abel,... Happy reading..learning.. c Quote Link to comment Share on other sites More sharing options...
The Coding Team Posted January 4, 2010 Author Share Posted January 4, 2010 ettercap, sslstrip, wireshark So I'll assume that means NO, there is no all-in-one solution to grab interesting information off the wire. I can't believe that. I know there are commercial packages available, there must be something open source somewhere. Quote Link to comment Share on other sites More sharing options...
SirWolfgang Posted January 4, 2010 Share Posted January 4, 2010 Ya, there's not really any 'all-in-one' the issue with that type of thing, is its really only 'all-in-one' for a few people in the situation.. Think about adobe products.. They are amazing in parts because they all are so damn powerful, but if you have them all you can do anything. So ya, I would agree with: ettercap, sslstrip, wireshark one thing I can say might help, is NetWitness it reconstruct the packets into a nice GUI for more or less your "Network IT" use.. There is a free version they includes demo data to see how it works/sorts things.. One nice thing is that it will rebuild emails including images if you grab them too. http://download.netwitness.com/download.php?src=DIRECT Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 5, 2010 Share Posted January 5, 2010 wireshark and tcpdump will literally capture everything. Quote Link to comment Share on other sites More sharing options...
The Coding Team Posted January 5, 2010 Author Share Posted January 5, 2010 wireshark and tcpdump will literally capture everything. Right, I understand that.. I was looking for a program that organizes all of the captured data into a nice little browser interface or something. Like a tab for email captures, a tab for IM captures, a tab for websites visited, etc. Like I said, I know I could write something myself, I just figured there was something out there already. I know there are commercial solutions to do just that already. Quote Link to comment Share on other sites More sharing options...
digip Posted January 5, 2010 Share Posted January 5, 2010 Well, there are probably tools out there that can filter per need, but for th emost part, set capture files for each desired search. You can define pre-capture filters so it only grabs specific results, such as pop, snmp, http auth basic, post, ftp, etc, etc... Then just archive the logs each day, and start new captures, analyze at your convenience. There is a program called ace password sniffer for windows, im sure there are *nix alternatives out there, and probably even some other ones for hardware setups, like routers and firewalls. Im not 100% positive, but I think cisco's MARS can do a bit of this as well. Quote Link to comment Share on other sites More sharing options...
SirWolfgang Posted January 7, 2010 Share Posted January 7, 2010 Right, I understand that.. I was looking for a program that organizes all of the captured data into a nice little browser interface or something. Like a tab for email captures, a tab for IM captures, a tab for websites visited, etc. I would look into NetWitness, It does all that and has all the protocols built into it so it knows how to handle everything from email to IM Quote Link to comment Share on other sites More sharing options...
digip Posted January 7, 2010 Share Posted January 7, 2010 I would look into NetWitness, It does all that and has all the protocols built into it so it knows how to handle everything from email to IM I ph33r any program that embeds IE into it to function, while trying to get you to register to even use it. If you wanted to filter traffic, learn to use Wireshark, does the same thing, no registration required to use it, and does not embed Internet Explorer as its built in browser(becaue Wireshark isnt a browser). Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted January 7, 2010 Share Posted January 7, 2010 Right, I understand that.. I was looking for a program that organizes all of the captured data into a nice little browser interface or something. Like a tab for email captures, a tab for IM captures, a tab for websites visited, etc. Like I said, I know I could write something myself, I just figured there was something out there already. I know there are commercial solutions to do just that already. try Xplico. Quote Link to comment Share on other sites More sharing options...
beakmyn Posted January 7, 2010 Share Posted January 7, 2010 Network Miner Tamos NetResident Wireshark then open the capture in Cain&Abel and it will find the passwords. Quote Link to comment Share on other sites More sharing options...
r083rt Posted November 19, 2010 Share Posted November 19, 2010 can some please help me im test different websites with sslstrip with opera,explorer 8 and firefox 3.6 the site paypal sslstrip goes through on opera explorer 8 but not firefox it detects it comes up untrusted network im using bt4 sslstrip -l 10000 prerouting and ipv4 forwarding tried all differnt varinats sslstrip -a -k -f and others cant get passed it has firefox patched this Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 20, 2010 Share Posted November 20, 2010 Most people click through warnings. You probably should have made a new topic. And if you are trying to use this to steal people's paypal, you will not get any help here. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted November 20, 2010 Share Posted November 20, 2010 can some please help me im test different websites with sslstrip with opera,explorer 8 and firefox 3.6 the site paypal sslstrip goes through on opera explorer 8 but not firefox it detects it comes up untrusted network im using bt4 sslstrip -l 10000 prerouting and ipv4 forwarding tried all differnt varinats sslstrip -a -k -f and others cant get passed it has firefox patched this You will experience that warning whenever using SSLStrip, there are certainly ways to overcome that, one of them would be getting hold of the original certificate. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.