live ftp output of tcpdump and urlsnarf to a remote computer

[badscr]

How do I ftp from pineapple tcpdump to my webserver in realtime?

Tcpdump -I wlan0 -vv -q | curl -u username:password ftp://172.16.42.150/var/www/tcpdump/dump.pcap -T

I get error can't find curl or can't find ftp.

And ftp for urlsnarf too.

Thanks,

[Dazzle]

You could try to mount the ftp server so you can access it like any other directory.

You should be able to to that using something like http://curlftpfs.sourceforge.net/

I haven't tested this with the Pineapple Kernel so I have no idea whether it actually works, but it's worth a try

Maybe I'm overthinking it and your command might work just as well

For your error about curl missing, have you tried installing it? (apt-get install curl)

Regards,

Edited December 2, 2013 by Dazzle

[Sailor]

I use the following which is at least more secure than the ftp solution:

tail -f file-on-pineapple.log | ssh username@remoteshell "cat >> file-on-ssh-server.log"

If you have setup your ssh connection right you will not be prompted for a password.

Other options to look at are rsync and nc (netcat). The latter has a nice tutorial in the Hak5 channel on Youtube.

[badscr]

Is there a way to make urlsnarf to cycle the output file based on time or size?

Like the -G in tcpdump does

[Sailor]

Nope, urlsnarf doesn't provide that option. You can schedule the following script to run for instance every 15 minutes:

#!/bin/sh
logger "Clean-up Script Executed"

# q = threshold in bytes
q=52428800
w=`ls -la /sd/urlsnarf.log | awk '{print $5}'`
if [ $w -ge $q ]; then
	logger "Log over threshold, zip and truncate"
	DATE=$(date +"%Y%m%d%H%M")
	gzip -f /sd/urlsnarf.log
	mv /sd/urlsnarf.log.gz /sd/$DATE.urlsnarf.log.gz
	echo "Log truncated" > /sd/urlsnarf.log
else
	logger "Log looking good"
fi

Edited December 3, 2013 by Sailor