will-wtf Posted May 2, 2010 Share Posted May 2, 2010 I recently set up my own SSH server, which was a wonderfully simple way to secure my internet. There are 3 or 4 people who I now share it with (roomates), and all they have to do is chip in a few pounds a month for their unrestricted internet. At the moment I do not log anything other than signin's and disconnects, and having asked them all they agreed that I can pretty much do what I want with regards to sniffing out passwords, and logging visited websites as long as they continue to have access to facebook :) So I initially thought about ettercap and wireshark, but didn't have a clue how they worked. Would they be ideal for this situation, or are there other program's I should look into for this? Thanks, Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 3, 2010 Share Posted May 3, 2010 I recently set up my own SSH server, which was a wonderfully simple way to secure my internet. There are 3 or 4 people who I now share it with (roomates), and all they have to do is chip in a few pounds a month for their unrestricted internet. At the moment I do not log anything other than signin's and disconnects, and having asked them all they agreed that I can pretty much do what I want with regards to sniffing out passwords, and logging visited websites as long as they continue to have access to facebook :) So I initially thought about ettercap and wireshark, but didn't have a clue how they worked. Would they be ideal for this situation, or are there other program's I should look into for this? Thanks, As long as these tools are installed on the computer, where SSH is running you should be able to capture any information that is passing along. Wireshark may not be able to look at https traffic itself, but ethercap is capable of since its a suite for man in the middle attacks. You should also do a bit of reading on sslstrip, I think it may come handy at some stage. Ethercap: http://ettercap.sourceforge.net/ Wireshark: http://www.wireshark.org/ Quote Link to comment Share on other sites More sharing options...
will-wtf Posted May 3, 2010 Author Share Posted May 3, 2010 Thanks for the fast reply, I thought that SSLstrip was only linux based though? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 3, 2010 Share Posted May 3, 2010 Thanks for the fast reply, I thought that SSLstrip was only linux based though? You are right, SSLStrip only works with Linux. But there has been some discussions on running SSLStrip on windows. http://www.hak5.org/forums/index.php?showtopic=15291 Quote Link to comment Share on other sites More sharing options...
Inked Posted May 3, 2010 Share Posted May 3, 2010 You can also check out Moxie Marlinspike's site for more info and other possibly useful tools http://www.thoughtcrime.org/software/sslstrip/ Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted May 4, 2010 Share Posted May 4, 2010 (edited) As long as these tools are installed on the computer, where SSH is running you should be able to capture any information that is passing along. Wireshark may not be able to look at https traffic itself, but ethercap is capable of since its a suite for man in the middle attacks. You should also do a bit of reading on sslstrip, I think it may come handy at some stage. Ethercap: http://ettercap.sourceforge.net/ Wireshark: http://www.wireshark.org/ Wireshark would be able to see all traffic because it is no longer encrypted (unless it's HTTPS, another SSH server, etc) when the communication is between the server you are running and the server your friends are connecting to. Friends PC ---encrypted---> SSH server ---normal traffic---> Internet ---normal traffic---> SSH server ---encrypted---> Friends PC Edited May 4, 2010 by H@L0_F00 Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 4, 2010 Share Posted May 4, 2010 Wireshark would be able to see all traffic because it is no longer encrypted (unless it's HTTPS, another SSH server, etc) when the communication is between the server you are running and the server your friends are connecting to. Friends PC ---encrypted---> SSH server ---normal traffic---> Internet ---normal traffic---> SSH server ---encrypted---> Friends PC That's what I thought and was right on, wireshark would be able to see all traffic from the SSH server to the internet, but not what's in between the client and the SSH server. Thanks for sharing that. Quote Link to comment Share on other sites More sharing options...
will-wtf Posted May 4, 2010 Author Share Posted May 4, 2010 Ah thanks for all that info, on a completely different question, how would you go about just knowing how much has been downloaded? This seems to be a solution ->> http://www.broadbandchoices.co.uk/article....ownload-monitor Thanks again :) Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 4, 2010 Share Posted May 4, 2010 Ah thanks for all that info, on a completely different question, how would you go about just knowing how much has been downloaded? This seems to be a solution ->> http://www.broadbandchoices.co.uk/article....ownload-monitor Thanks again :) Hi Will-WTF, BitMeter 2 and Bandwidth Monitor Lite are both freeware bandwidth monitoring tools. I have used it in the past and works pretty well, in determining how much bandwidth has been consumed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.