.

Sniffing

<<

Gmoraes

Newbie
Newbie

Posts: 8

Joined: Mon Jul 13, 2009 2:21 pm

Post Tue Jul 14, 2009 2:23 pm

Sniffing

I read the Hacking Online Banking and Credit Card Transactions, but instead of getting banking password, i just want to sniff msn passwords, any webpage input the user sends. I turn fragroute, arpspoof and dnsspoof and i could see some information going thru my machine, and most of the things i couldn't understand. are the information on dnsspoof encrypted?
What else do i have to do to see the information that the user is sending and receiving to the net?
Thanks!

ps: I found this site yesterday and i'm loving it. lots of interesting things to read.
Good job!
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue Jul 14, 2009 8:55 pm

Re: Sniffing

First, Welcome to Ethical Hacker

Second, make sure you have permission otherwise it is most likely illegal and can get you thrown in jail.

Third, arpspoof will only work if the target is on the same network.

Fourth, dnsspoof also requires the target is on the same network since it requires sniffing.

Fifth, Fragroute isn't going to help much here, it is more designed for bypassing an IPS or firewall.

Sixth, I think the MSN credentials are encrypted, but I'm not totally sure. If it is encrypted then sniffing it won't do you much good.

If you are going to sniff traffic use something like WireShark so you can get a good visual representation of what is happening. It will decode all the packets nicely and give you a pretty output.

Other than that, if you have any questions feel free to ask.
twitter.com/timmedin | http://blog.securitywhole.com
<<

Gmoraes

Newbie
Newbie

Posts: 8

Joined: Mon Jul 13, 2009 2:21 pm

Post Wed Jul 15, 2009 11:31 am

Re: Sniffing

First, thank you!

Second, I know it's illegal, thats why i'm testing in my own network.

Third, the target is in the same network

Fourth, the target is in the same network

Fifth, isn't fragroute the program that fowards the packets coming to your computer out? i guess i was wrong =/

Sixth, MSN was just an example, i wanted to see all data input the source sends to the internet. i didn't know msn convertations were encrypted.

I'll take a look at this WireShark, i read about it but never used.

So, All i need is arpspoof and WireShark?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jul 15, 2009 12:53 pm

Re: Sniffing

Depends on what all you want to see.  As timmedin mentioned, Wireshark is one of your best friends, for capturing the traffic, and getting it all.  Another tool you MIGHT find useful, since you're doing it all on the same network segment, would be Ettercap.  It captures things like usernames and passwords quite nicely, and can do the arp man-in-the-middle for you.

Good luck, and happy learning.

Tim (Hayabusa0194)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Jul 15, 2009 2:28 pm

Re: Sniffing

I also use NetWitness when I need to reassemble data into readable format.  Wireshark has some incredible tools for piecing together and interpreting readable data from various protocols.  I think that NetWitness takes that to a new level.
~~~~~~~~~~~~~~
Ketchup
<<

Gmoraes

Newbie
Newbie

Posts: 8

Joined: Mon Jul 13, 2009 2:21 pm

Post Wed Jul 15, 2009 2:44 pm

Re: Sniffing

Thanks guys,
i'm going to test WireShark, Ettercap and NetWitness, and i'll let you know how it went.
Just so i don't get confused, isn't fragroute used to forward the packets from the source computer?
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Jul 16, 2009 12:17 am

Re: Sniffing

If I am not wrong Cain & Abel might be interesting for you too.
<<

Gmoraes

Newbie
Newbie

Posts: 8

Joined: Mon Jul 13, 2009 2:21 pm

Post Thu Jul 16, 2009 8:14 am

Re: Sniffing

Thanks awesec, i'll take a look at this one when i get out of work.
Ok, i did some test yesterday, and the source computer only works when i turn webmitm on, if i dont, they lose internet connection.
The problem is many sites doesn't accept the credential created by Webmitm.
Am I doing something wrong or that's how it suppost to work? is there anything i have to put in the credential so make it bypass some sites?
ex: i try doing to hotmail.com and they didn't let me because of the credential.
Another thing, i tested WireShark yesterday, is there any kind of filter i would be looking for? there's way to much information coming thru.
Thanks guys, i'm really appreciating your help.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Jul 16, 2009 9:54 am

Re: Sniffing

Well, depending on what you're trying to see...  if it's ssl encrypted, you won't find much, without first either having the certs to decrypt the traffic, or doing an arp man-in-the-middle for the ssl session.

If it's not SSL, then it depends, again, on what you want to narrow it down to.  Do you have one IP address in mind, to grab traffic from, and want to eliminate others?  You can filter on ip.addr == ipaddress (where ipaddress is the target IP you want traffic to and from)  or if you know both ends, you can do the same thing twice, with && in between, to catch all traffic between the two IP's.  You can also experiment with port filters, if you KNOW everything you want is on 80, or another port.

It's all stuff you'll need to practice and play with.  If you're not used to doing traffic analysis with Wireshark, there are numerous books, online tutorials, and even paid CBT and video learning courses for it.  Laura Chappell's stuff is excellent to learn from.  Well worth the time and money, if you can afford them.

Tim (Hayabusa0194)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sat Jul 18, 2009 9:55 am

Re: Sniffing

My comment about FragRoute was incorrect. I got it confused with another tool, the name of which I can't remember.
twitter.com/timmedin | http://blog.securitywhole.com

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software