Man In The Middle, What Next

[Jamo]

Hi when Im already man in the middle I can use a lot of applications to capture traffick. Wireshark captures everything, but theres too much data. What applications do you use?

[digininja]

Depends what you want to do, for sniffing passwords dsniff is good, to see what images are being looked at try driftnet and to see who is talking to who etterape.

And with Wireshark, if you learn to use the filters well then you can quickly get through the forest of data to see the juicy bits, it takes a lot of practise though and it helps if you know what you want to look for in the first place.

[Jamo]

Thanks, Iv used driftnet, but actually I would like to see websites and Iv used a lot wireshark, but it still gives a lot data, its good.

The only problem is that I see fon+ as one device, so all data seems to come from one ip.

[digininja]

If you are sat on that side of the router then everything will be nat'ed so you won't see individual client IPs. Nothing you can do about that.

[hDy]

Hamster and Ferret is also pretty useful when your mitm. Although I usually just stick to SSL Strip since it gets you the most data and you don't need to use any other programs to log data it gets.

Also filtering wireshark for http POST's works well if your looking for passwords.

[Jamo]

If you are sat on that side of the router then everything will be nat'ed so you won't see individual client IPs. Nothing you can do about that.

What if im also connected to pineapple should I then aprspoof me to man in the middle?

[digininja]

If you have the pineapple going into your machine then you are in the middle already, no need for arpspoof.

A nice trick if you have a pcap, say you collected it with tcpdump, is to do

strings x.pcap |grep -i -C 3 password

It will show you any mentions of the word password and give 3 lines of context on both sides.

[operat0r_001]

for M$ I use Network Miner 0.89

for *nix I use just ettercap

theres also wifizoo for open aps networks