July 14, 2009 at 7:23 pm #4015
I read the Hacking Online Banking and Credit Card Transactions, but instead of getting banking password, i just want to sniff msn passwords, any webpage input the user sends. I turn fragroute, arpspoof and dnsspoof and i could see some information going thru my machine, and most of the things i couldn’t understand. are the information on dnsspoof encrypted?
What else do i have to do to see the information that the user is sending and receiving to the net?
ps: I found this site yesterday and i’m loving it. lots of interesting things to read.
July 15, 2009 at 1:55 am #25574timmedinParticipant
First, Welcome to Ethical Hacker
Second, make sure you have permission otherwise it is most likely illegal and can get you thrown in jail.
Third, arpspoof will only work if the target is on the same network.
Fourth, dnsspoof also requires the target is on the same network since it requires sniffing.
Fifth, Fragroute isn’t going to help much here, it is more designed for bypassing an IPS or firewall.
Sixth, I think the MSN credentials are encrypted, but I’m not totally sure. If it is encrypted then sniffing it won’t do you much good.
If you are going to sniff traffic use something like WireShark so you can get a good visual representation of what is happening. It will decode all the packets nicely and give you a pretty output.
Other than that, if you have any questions feel free to ask.
July 15, 2009 at 4:31 pm #25575
First, thank you!
Second, I know it’s illegal, thats why i’m testing in my own network.
Third, the target is in the same network
Fourth, the target is in the same network
Fifth, isn’t fragroute the program that fowards the packets coming to your computer out? i guess i was wrong =/
Sixth, MSN was just an example, i wanted to see all data input the source sends to the internet. i didn’t know msn convertations were encrypted.
I’ll take a look at this WireShark, i read about it but never used.
So, All i need is arpspoof and WireShark?
July 15, 2009 at 5:53 pm #25576hayabusaParticipant
Depends on what all you want to see. As timmedin mentioned, Wireshark is one of your best friends, for capturing the traffic, and getting it all. Another tool you MIGHT find useful, since you’re doing it all on the same network segment, would be Ettercap. It captures things like usernames and passwords quite nicely, and can do the arp man-in-the-middle for you.
Good luck, and happy learning.
July 15, 2009 at 7:28 pm #25577KetchupParticipant
I also use NetWitness when I need to reassemble data into readable format. Wireshark has some incredible tools for piecing together and interpreting readable data from various protocols. I think that NetWitness takes that to a new level.
July 15, 2009 at 7:44 pm #25578
i’m going to test WireShark, Ettercap and NetWitness, and i’ll let you know how it went.
Just so i don’t get confused, isn’t fragroute used to forward the packets from the source computer?
July 16, 2009 at 5:17 am #25579UNIXParticipant
If I am not wrong Cain & Abel might be interesting for you too.
July 16, 2009 at 1:14 pm #25580
Thanks awesec, i’ll take a look at this one when i get out of work.
Ok, i did some test yesterday, and the source computer only works when i turn webmitm on, if i dont, they lose internet connection.
The problem is many sites doesn’t accept the credential created by Webmitm.
Am I doing something wrong or that’s how it suppost to work? is there anything i have to put in the credential so make it bypass some sites?
ex: i try doing to hotmail.com and they didn’t let me because of the credential.
Another thing, i tested WireShark yesterday, is there any kind of filter i would be looking for? there’s way to much information coming thru.
Thanks guys, i’m really appreciating your help.
July 16, 2009 at 2:54 pm #25581hayabusaParticipant
Well, depending on what you’re trying to see… if it’s ssl encrypted, you won’t find much, without first either having the certs to decrypt the traffic, or doing an arp man-in-the-middle for the ssl session.
If it’s not SSL, then it depends, again, on what you want to narrow it down to. Do you have one IP address in mind, to grab traffic from, and want to eliminate others? You can filter on ip.addr == ipaddress (where ipaddress is the target IP you want traffic to and from) or if you know both ends, you can do the same thing twice, with && in between, to catch all traffic between the two IP’s. You can also experiment with port filters, if you KNOW everything you want is on 80, or another port.
It’s all stuff you’ll need to practice and play with. If you’re not used to doing traffic analysis with Wireshark, there are numerous books, online tutorials, and even paid CBT and video learning courses for it. Laura Chappell’s stuff is excellent to learn from. Well worth the time and money, if you can afford them.
July 18, 2009 at 2:55 pm #25582timmedinParticipant
My comment about FragRoute was incorrect. I got it confused with another tool, the name of which I can’t remember.
- You must be logged in to reply to this topic.