Sniffing

Viewing 9 reply threads
  • Author
    Posts
    • #4015
      Gmoraes
      Participant

      I read the Hacking Online Banking and Credit Card Transactions, but instead of getting banking password, i just want to sniff msn passwords, any webpage input the user sends. I turn fragroute, arpspoof and dnsspoof and i could see some information going thru my machine, and most of the things i couldn’t understand. are the information on dnsspoof encrypted?
      What else do i have to do to see the information that the user is sending and receiving to the net?
      Thanks!

      ps: I found this site yesterday and i’m loving it. lots of interesting things to read.
      Good job!

    • #25574
      timmedin
      Participant

      First, Welcome to Ethical Hacker

      Second, make sure you have permission otherwise it is most likely illegal and can get you thrown in jail.

      Third, arpspoof will only work if the target is on the same network.

      Fourth, dnsspoof also requires the target is on the same network since it requires sniffing.

      Fifth, Fragroute isn’t going to help much here, it is more designed for bypassing an IPS or firewall.

      Sixth, I think the MSN credentials are encrypted, but I’m not totally sure. If it is encrypted then sniffing it won’t do you much good.

      If you are going to sniff traffic use something like WireShark so you can get a good visual representation of what is happening. It will decode all the packets nicely and give you a pretty output.

      Other than that, if you have any questions feel free to ask.

    • #25575
      Gmoraes
      Participant

      First, thank you!

      Second, I know it’s illegal, thats why i’m testing in my own network.

      Third, the target is in the same network

      Fourth, the target is in the same network

      Fifth, isn’t fragroute the program that fowards the packets coming to your computer out? i guess i was wrong =/

      Sixth, MSN was just an example, i wanted to see all data input the source sends to the internet. i didn’t know msn convertations were encrypted.

      I’ll take a look at this WireShark, i read about it but never used.

      So, All i need is arpspoof and WireShark?

    • #25576
      hayabusa
      Participant

      Depends on what all you want to see.  As timmedin mentioned, Wireshark is one of your best friends, for capturing the traffic, and getting it all.  Another tool you MIGHT find useful, since you’re doing it all on the same network segment, would be Ettercap.  It captures things like usernames and passwords quite nicely, and can do the arp man-in-the-middle for you.

      Good luck, and happy learning.

      Tim (Hayabusa0194)

    • #25577
      Ketchup
      Participant

      I also use NetWitness when I need to reassemble data into readable format.  Wireshark has some incredible tools for piecing together and interpreting readable data from various protocols.  I think that NetWitness takes that to a new level.

    • #25578
      Gmoraes
      Participant

      Thanks guys,
      i’m going to test WireShark, Ettercap and NetWitness, and i’ll let you know how it went.
      Just so i don’t get confused, isn’t fragroute used to forward the packets from the source computer?

    • #25579
      UNIX
      Participant

      If I am not wrong Cain & Abel might be interesting for you too.

    • #25580
      Gmoraes
      Participant

      Thanks awesec, i’ll take a look at this one when i get out of work.
      Ok, i did some test yesterday, and the source computer only works when i turn webmitm on, if i dont, they lose internet connection.
      The problem is many sites doesn’t accept the credential created by Webmitm.
      Am I doing something wrong or that’s how it suppost to work? is there anything i have to put in the credential so make it bypass some sites?
      ex: i try doing to hotmail.com and they didn’t let me because of the credential.
      Another thing, i tested WireShark yesterday, is there any kind of filter i would be looking for? there’s way to much information coming thru.
      Thanks guys, i’m really appreciating your help.

    • #25581
      hayabusa
      Participant

      Well, depending on what you’re trying to see…  if it’s ssl encrypted, you won’t find much, without first either having the certs to decrypt the traffic, or doing an arp man-in-the-middle for the ssl session.

      If it’s not SSL, then it depends, again, on what you want to narrow it down to.  Do you have one IP address in mind, to grab traffic from, and want to eliminate others?  You can filter on ip.addr == ipaddress (where ipaddress is the target IP you want traffic to and from)  or if you know both ends, you can do the same thing twice, with && in between, to catch all traffic between the two IP’s.  You can also experiment with port filters, if you KNOW everything you want is on 80, or another port.

      It’s all stuff you’ll need to practice and play with.  If you’re not used to doing traffic analysis with Wireshark, there are numerous books, online tutorials, and even paid CBT and video learning courses for it.  Laura Chappell’s stuff is excellent to learn from.  Well worth the time and money, if you can afford them.

      Tim (Hayabusa0194)

    • #25582
      timmedin
      Participant

      My comment about FragRoute was incorrect. I got it confused with another tool, the name of which I can’t remember.

Viewing 9 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?