-
Notifications
You must be signed in to change notification settings - Fork 83
/
README
144 lines (108 loc) · 4.36 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
dsniff-2.4b1
------------
This is a fork of Dug Song's dsniff tools, updated to compile and run on OS X.
Installation on OS X:
1. Install dependencies:
brew install berkeley-db libnet libnids libpcap openssl
2. Configure with correct paths:
./configure \
--with-libpcap=/usr/local/opt/libpcap \
--with-openssl=/usr/local/opt/openssl \
--with-libnet=/usr/local/opt/libnet \
--with-libnids=/usr/local/opt/libnids \
--without-x
3. Compile:
make
4. Install:
make install
------------
Original README follows
------------
i wrote these tools with honest intentions - to audit my own network,
and to demonstrate the insecurity of cleartext / weakly-encrypted
network protocols and ad-hoc PKI. please do not abuse this software.
these programs require:
Berkeley DB - http://www.sleepycat.com/
OpenSSL - http://www.openssl.org/
libpcap - http://www.tcpdump.org/
libnids - http://www.packetfactory.net/Projects/Libnids/
libnet - http://www.packetfactory.net/Projects/Libnet/
built and tested on OpenBSD, Linux, and Solaris. YMMV.
what's here:
arpspoof
redirect packets from a target host (or all hosts) on the LAN
intended for another local host by forging ARP replies. this
is an extremely effective way of sniffing traffic on a switch.
kernel IP forwarding (or a userland program which accomplishes
the same, e.g. fragrouter :-) must be turned on ahead of time.
dnsspoof
forge replies to arbitrary DNS address / pointer queries on
the LAN. this is useful in bypassing hostname-based access
controls, or in implementing a variety of man-in-the-middle
attacks (HTTP, HTTPS, SSH, Kerberos, etc).
dsniff
password sniffer. handles FTP, Telnet, SMTP, HTTP, POP,
poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP
MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ,
Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec
pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase
and Microsoft SQL auth info.
dsniff automatically detects and minimally parses each
application protocol, only saving the interesting bits, and
uses Berkeley DB as its output file format, only logging
unique authentication attempts. full TCP/IP reassembly is
provided by libnids(3) (likewise for the following tools as
well).
filesnarf
saves selected files sniffed from NFS traffic in the current
working directory.
macof
flood the local network with random MAC addresses (causing
some switches to fail open in repeating mode, facilitating
sniffing). a straight C port of the original Perl Net::RawIP
macof program.
mailsnarf
a fast and easy way to violate the Electronic Communications
Privacy Act of 1986 (18 USC 2701-2711), be careful. outputs
selected messages sniffed from SMTP and POP traffic in Berkeley
mbox format, suitable for offline browsing with your favorite
mail reader (mail -f, pine, etc.).
msgsnarf
record selected messages from sniffed AOL Instant Messenger,
ICQ 2000, IRC, and Yahoo! Messenger chat sessions.
sshmitm
SSH monkey-in-the-middle. proxies and sniffs SSH traffic
redirected by dnsspoof(8), capturing SSH password logins, and
optionally hijacking interactive sessions. only SSH protocol
version 1 is (or ever will be) supported - this program is far
too evil already.
sshow
SSH traffic analysis tool. analyzes encrypted SSH-1 and SSH-2
traffic, identifying authentication attempts, the lengths of
passwords entered in interactive sessions, and command line
lengths.
tcpkill
kills specified in-progress TCP connections (useful for
libnids-based applications which require a full TCP 3-whs for
TCB creation).
tcpnice
slow down specified TCP connections via "active" traffic
shaping. forges tiny TCP window advertisements, and optionally
ICMP source quench replies.
urlsnarf
output selected URLs sniffed from HTTP traffic in CLF
(Common Log Format, used by almost all web servers), suitable
for offline post-processing with your favorite web log
analysis tool (analog, wwwstat, etc.).
webmitm
HTTP / HTTPS monkey-in-the-middle. transparently proxies and
sniffs web traffic redirected by dnsspoof(8), capturing most
"secure" SSL-encrypted webmail logins and form submissions.
webspy
sends URLs sniffed from a client to your local Netscape
browser for display, updated in real-time (as the target
surfs, your browser surfs along with them, automagically).
a fun party trick. :-)
-d.
---
http://www.monkey.org/~dugsong/