Jamo Posted April 8, 2010 Share Posted April 8, 2010 Hi when Im already man in the middle I can use a lot of applications to capture traffick. Wireshark captures everything, but theres too much data. What applications do you use? Quote Link to comment Share on other sites More sharing options...
digininja Posted April 8, 2010 Share Posted April 8, 2010 Depends what you want to do, for sniffing passwords dsniff is good, to see what images are being looked at try driftnet and to see who is talking to who etterape. And with Wireshark, if you learn to use the filters well then you can quickly get through the forest of data to see the juicy bits, it takes a lot of practise though and it helps if you know what you want to look for in the first place. Quote Link to comment Share on other sites More sharing options...
Jamo Posted April 9, 2010 Author Share Posted April 9, 2010 Thanks, Iv used driftnet, but actually I would like to see websites and Iv used a lot wireshark, but it still gives a lot data, its good. The only problem is that I see fon+ as one device, so all data seems to come from one ip. Quote Link to comment Share on other sites More sharing options...
digininja Posted April 9, 2010 Share Posted April 9, 2010 If you are sat on that side of the router then everything will be nat'ed so you won't see individual client IPs. Nothing you can do about that. Quote Link to comment Share on other sites More sharing options...
hDy Posted April 9, 2010 Share Posted April 9, 2010 Hamster and Ferret is also pretty useful when your mitm. Although I usually just stick to SSL Strip since it gets you the most data and you don't need to use any other programs to log data it gets. Also filtering wireshark for http POST's works well if your looking for passwords. Quote Link to comment Share on other sites More sharing options...
Jamo Posted April 9, 2010 Author Share Posted April 9, 2010 If you are sat on that side of the router then everything will be nat'ed so you won't see individual client IPs. Nothing you can do about that. What if im also connected to pineapple should I then aprspoof me to man in the middle? Quote Link to comment Share on other sites More sharing options...
digininja Posted April 9, 2010 Share Posted April 9, 2010 If you have the pineapple going into your machine then you are in the middle already, no need for arpspoof. A nice trick if you have a pcap, say you collected it with tcpdump, is to do strings x.pcap |grep -i -C 3 password It will show you any mentions of the word password and give 3 lines of context on both sides. Quote Link to comment Share on other sites More sharing options...
operat0r_001 Posted April 13, 2010 Share Posted April 13, 2010 for M$ I use Network Miner 0.89 for *nix I use just ettercap theres also wifizoo for open aps networks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.