Quick and dirty ngrep credential (username/password) sniffer

Some time ago I’ve posted a quick (and dirty too!) command-liner using tcpdump to sniff plaintext credentials over the wire.

Now I’ve acomplished the same thing with a shorter regex and ngrep tool.

Where -i is for case-insensitive and -q for more precise output. See man ngrep for additional information.

And the output is as follows:

Hope that helps!

Quick and dirty tcpdump credential (username/password) sniffer

I’ve been playing the last months with mobile pentesting within the Android platform. As I’ve been able to setup tcpdump-arm on my android phone, I began fooling around with it. I was trying to cross-compile Dug Song’s dsniff into armle architechture but it was only giving me headaches within the libnet/libnids dependencies and stuff.

So I wrote a quick one-liner to dump potential credentials (username/password) flowing in plaintext over the line:

And it works quite sufficiently:

Its not BY FAR efficient as dsniff, but can help out sometimes!