Jump to content

Driftnet and snapchat


newbi3
 Share

Recommended Posts

To anyone who hasn't heard of snapchat its an app where you can take a picture send it to someone and it lasts for up to 10 seconds then is gone. Last night I was doing an arp poison of my ipod as well as ran sslstrip and preformed a wireshark capture. When ever I pass the pcap file to driftnet I get no images! To see if it was just snapchat using AES or something I went to google images and browsed for about 5 minutes and loaded up random pages. Driftnet still returned nothing. Has anyone had any luck with this? I'm using kali btw.

Link to comment
Share on other sites

The app may be using end to end encryption, even without SSL already. SSl may be what they sent it over, but the file itself may be encrypted in another manner, or not even encrypted, just sent with delimiters, and they add headers and footers on the back end when it see the "attachment" maybe. I never heard of it or used it so don't know much about it but its possible to still send secure data over non-secure transports as well. You could try loading the pcap in network miner though just to see if it will recognize any images. If it is AES encrypted, not sure you're going to be able to undo that short of pulling the file out of memory, and not off the wire during mitm. Like RTSP, files are streamed in transport, which if you've messed with the protocol, you know its a bitch to reconstruct from a pcap even, which requires something that listens in on the RTSP layer, which is usually more on the application side vs transport side. They do have a filter I believe in wireshark for rtsp data, but not sure for snapchat. Short of knowing how it encodes the data being sent, how do you know what to look for or read.

Can you post the pcap though so others can look at it? Advise just to do another one with only the traffic you want from snapchat, like from a VM to VM so we don't also see any other traffic from your own network that you don't want us seeing, or filtering and saving only the conversation of traffic from snapchat.

Link to comment
Share on other sites

yeah I'll do another pcap because this one has a lot of other stuff in it I was doing to debug my issues.

Link to comment
Share on other sites

To anyone who hasn't heard of snapchat its an app where you can take a picture send it to someone and it lasts for up to 10 seconds then is gone. Last night I was doing an arp poison of my ipod as well as ran sslstrip and preformed a wireshark capture. When ever I pass the pcap file to driftnet I get no images! To see if it was just snapchat using AES or something I went to google images and browsed for about 5 minutes and loaded up random pages. Driftnet still returned nothing. Has anyone had any luck with this? I'm using kali btw.

yes driftnet has always worked great for me. first of all you cant expect to get any help with that question you asked. you didnt list any details on your setup, or any thing. ok so your running arpspoof and sslstrip and driftnet???? AND each one of those has tons of arguments commands and options that need to be setup properly. how about listing your exact commands from the terminal from the very start. and then maybe we can start working on fine tuning it. as of right now i dont even know where to start. also if you want to strip data like pictures and other specific data from your pcap files theres a couple of good ones i like. one is tcpxtract and the other one is chaosreader, now post up all the settings and options that youre entering in the terminal and lets figure dis out

https://www.box.com/s/1wncxfzuwz415tnup44t

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...