Razzlerock Posted August 6, 2012 Share Posted August 6, 2012 Hey guys, I was wondering if you all knew of a tool that could play a pwned clients HTTP sessions in REAL-TIME (that are being sniffed)? The idea here is that the HTTP traffic is flowing across your laptop and the tool re-builds the HTTP packets to effectively play a live view of what the client is viewing (only HTTP clear text at this stage). I'm happy with a Linux or Windows tool to do this. The only thing I can find so far is 'EffeTech HTTP Sniffer' (Windows tool) but you have to manually select the captured HTTP packet and re-build the packet one at a time, which is painful and not very 'live' or real-time. Surely there is a tool out there? Sadly driftnet only captures images but I'd like to think a Linux tool does what I want. Thanks for any pointers, I have researched myself but came to a dead end *sigh* Razzlerock Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted August 6, 2012 Share Posted August 6, 2012 http://monkey.org/~dugsong/dsniff/ Give webspy a look. I think that is what you are looking for. Quote Link to comment Share on other sites More sharing options...
Razzlerock Posted August 6, 2012 Author Share Posted August 6, 2012 Thanks for the reply! I just tried this using BT5 and it looks pretty close to what I want. However, this tool opens a new tab for each screen the user visits instead of a single screen whereby the content is updated in real-time. In addition, it seems a little tempramental and some sites don't display properly (this seems a common complaint having watched some YouTube videos....). The reason I ask about this in the first place is because I saw a demo a few weeks ago where the HTTP MITM was playing the users HTTP traffic in what looked like a real-time stream of the pwned client. I can't remember exactly where I saw this demo though :( ARGH!! Any other pointers will be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
PineDominator Posted August 6, 2012 Share Posted August 6, 2012 if you get this to a science please share your findings:-D I think unless you have access to the users screen you can never be garanteed that all the packets can be peiced back together properly and how the useres computer/software is using/compiling it Quote Link to comment Share on other sites More sharing options...
sober Posted August 7, 2012 Share Posted August 7, 2012 you also shouldn't be able to view the scrolling up and down/typing of the browser in real time as they don't have an actual connection to a fully loaded site until they execute another action on it. other then that you may effectively be able to "see" pages they load Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.