Arcadion Posted April 10, 2016 Posted April 10, 2016 Hi folks, I've been playing around with my new Tetra and I can get the target clients to hop onto the access point - What I'd like to do is log any unencrypted HTTP POST and FTP credentials. It wouldn't hurt if POP3 and others where in there too, but basically I'm interested in logging non-SSL. What's a good module to do this? Responder? SSLSplit with some options? Ettercap? Arcadion Quote
bored369 Posted April 10, 2016 Posted April 10, 2016 Dwall, but I don't think it logs. Haven't really checked that much into it. Quote
dustbyter Posted April 10, 2016 Posted April 10, 2016 You can also route with iptables to another machine and use wireshark. Otherwise you can use tcpdump to save the pcap... and analyze it later. 1 Quote
Arcadion Posted April 11, 2016 Author Posted April 11, 2016 So far I tried Dwall but like Bored369 says, it doesn't log as far as I could tell. It does grab things, but doesn't log. With the amount of data going by, I don't think I can use tcpdump... Maybe like dustbyter says Wireshark and some real-time filtering? I tried using Responder for two hours last night and I honestly couldn't get it to grab anything from my target even though I was on the target opening FTP connections silly-nilly. My hunch is Responder is what I need, but its not cooperating. You'd think something as basic as unencrypted forms and plaintext credentials would be something this platform could do out of the box. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.