WallE Posted April 27, 2013 Share Posted April 27, 2013 Well actually I wanted to use TCPdump to sniff http credential but I never used tcpdump so I find that command all over the web: tcpdump port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line-buffered -B20 But it's not working on the pineapple so I was wondering what command are you using to run TCPdump and catch credential? Thanks Quote Link to comment Share on other sites More sharing options...
Lordx18 Posted April 27, 2013 Share Posted April 27, 2013 Sslstrip sniffs credentials straight after install without using the terminal or anything. That's what I use on the pineapple Quote Link to comment Share on other sites More sharing options...
no42 Posted April 27, 2013 Share Posted April 27, 2013 i installed dsniff, and used that instead. Quote Link to comment Share on other sites More sharing options...
TwistedPacket Posted April 27, 2013 Share Posted April 27, 2013 What does the raw tcpdump show? -Tp Quote Link to comment Share on other sites More sharing options...
WallE Posted April 28, 2013 Author Share Posted April 28, 2013 Sslstrip sniffs credentials straight after install without using the terminal or anything. That's what I use on the pineapple SSLstrip work for https not for http credential Quote Link to comment Share on other sites More sharing options...
WallE Posted April 28, 2013 Author Share Posted April 28, 2013 What does the raw tcpdump show? -Tp A lot of verbose i installed dsniff, and used that instead. How did you installed dsniff? Quote Link to comment Share on other sites More sharing options...
no42 Posted April 28, 2013 Share Posted April 28, 2013 Im sure I used opkg, from an ssh session type: opkg install dsniff Quote Link to comment Share on other sites More sharing options...
telot Posted April 28, 2013 Share Posted April 28, 2013 How I do it is use tcpdump to cap every packet (as outlined in my tcpdump guide on the wiki). From there you can open the pcap file in wireshark and filter for POST. Not only do you get any and all plain-text passwords, but you can also see everything else. A full picture, instead of just the username/password. http.request.method == "POST" telot Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.