Results 1 to 2 of 2

Thread: IM sniffer

  1. #1
    Senior Member
    Join Date
    Jun 2003

    IM sniffer

    I ran into this in my travels and figured a few of you admins could make good use of it http://mathpost.la.asu.edu/~hai/hear/ it will sniff IM , Works on doze,linux/bsd ported
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Beverwijk Netherlands


    I don't think I'll use that one..

    Ettercap does it all for me..

    Cool Features:

    Characters injection in an established connection : you can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive !!

    SSH1 support : you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX

    HTTPS support : you can sniff http SSL secured data... and even if the connection is made through a PROXY

    Remote traffic through GRE tunnel: you can sniff remote traffic through a GRE tunnel from a remote cisco router and make mitm attack on it

    PPTP broker: you can perform man in the middle attack against PPTP tunnels

    Plug-ins support : You can create your own plugin using the ettercap's API.
    List of available plugins

    Password collector for : TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming soon...)

    Paket filtering/dropping: You can set up a filter that search for a particular string (even hex) in the TCP or UDP payload and replace it with yours or drop the entire packet.

    OS fingerprint: you can fingerprint the OS of the victim host and even its network adapter

    Kill a connection: from the connections list you can kill all the connections you want

    Passive scanning of the LAN: you can retrive infos about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and extimated distance in hop.

    Check for other poisoners: ettercap has the ability to actively or passively find other poisoners on the LAN

    Bind sniffed data to a local port: you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode)

    Port Stealing: a new method to sniff on switched LAN without ARP poisoning...
    Yeah, a BOFH's wet dream..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts