Monday, May 2, 2016

sniff for http, pop3, telnet, ftp,etc password on networks

dsniff is a tool that that sniff for username and password for protocol such as  FTP,  Telnet,  SMTP,  HTTP, POP,  poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting  Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols.

when dsniff delect the protocols listed above will it minimally parses only the interesting bits. they are usually the username and passwords.


*** network structure setup ***
client --> eth0. dsniff pc .eth1 <-- server (running http, ftp and pop3)
to enable ip forwarding on dsniff you need to execute the following command
$ sudo python -c "import os;os.system('echo 1 > /proc/sys/net/ipv4/ip_forward')"

1- install dsniff on the dsniff pc
$ sudo apt-get install dsniff

2- so we can run dsniff on either interface eth0 or eth1 because the traffic will go through both of them.
$ sudo dsniff -i eth1 -m -n -c

you can try to authenticate against the server for each protocol, http, ftp and pop3 you will see something similar to the screen below


*** note ***
if you can not see the username/password after authenticating, try to close web browser for example for http, because when you close the browser the tcp connection is closed.

No comments:

Post a Comment