You all have seen the Wall of Shame/Wall of Sheep that they run at various hacker cons right? What they do is set up a box on the gateway that sniffs for plaintext passwords and displays them. Well, I could not find any code to do this, so I made my own. You feed it with the output from Ettercap (ettercap -Tq -d -m ettertest.txt), read the comments in the code for details. Can anyone else test this out an see how it works for them? I hope to release it on my website on the 1st.

PHP Code:
<?
/*
 Irongeek's Wall Of Shame Code ver. 0.5
Irongeek -at- irongeek.com
[url]http://www.irongeek.com[/url]
Just a fugly script I wrote to tage a logfile from Etthercap ad display 
passwords to a webpage.

Ettercap supports:
TELNET, FTP,  POP,  RLOGIN,  SSH1,  ICQ,  SMB,
       MySQL,  HTTP,  NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC,
       LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols  coming
       soon...)
 Some help from:
    [url]http://www.php.net/[/url]
    [url]http://www.theukwebdesigncompany.com/articles/article.php?article=165[/url]

Consider this code GPLed, but it would be sweet of you to link back to 
Irongeek.com if you use it.
 */
?>
<HTML>
<!-- Take out the line below if you dont want it to refesh every 30 sec. -->
<META HTTP-EQUIV="Refresh" Content "30; URL=shame.php"
<TITLE>Irongeek's Wall Of Shame</TITLE>
<BODY bgcolor="#FFFFCC">
<?

function between($somestring, $ss1, $ss2){
    if ($ss2 != "\0"){
        return trim(substr($somestring, strpos($somestring, $ss1)+strlen($ss1),
        strpos($somestring, $ss2)-strpos($somestring, $ss1)-+strlen($ss1) ) );
    } else {
        return trim(substr($somestring, strpos($somestring, $ss1)+strlen($ss1),
        strlen($somestring)-strpos($somestring, $ss1)));
    }        
}
function showfirst($somestring, $chrnum ){
    if ($chrnum != "all"){
    //Swtich comments on the two lines below if you wan an * for every character in the password.
    //return str_pad(substr($somestring, 0, $chrnum), strlen($somestring), "*");
    return str_pad(substr($somestring, 0, $chrnum), 10, "*");
    } else {
    return $somestring;
    }
}
function PrintCapItem($fontcolor, $proto, $target, $user, $password, $info ){
        echo "<TR><TD><B><FONT COLOR=$fontcolor>$proto</FONT></TD><TD>
        <FONT COLOR=$fontcolor>$target</FONT></TD><TD><FONT COLOR=$fontcolor>
        $user</FONT></TD><TD><FONT COLOR=$fontcolor>$password</FONT></TD></TR>
        <TR><TD></TD><TD COLSPAN=\"3\"><FONT SIZE=\"1\"><I>More Info: </I>$info
        </FONT></TD></TR>\n";
}
/*Point the line below to the log file you are creating with "ettercap -Tq -D  -m ettertest.txt" 
if you get an error like:
    BUG at [ec_ui.c:ui_register:339]
    ops->input == NULL
 then try just "ettercap -Tq  -m ettertest.txt" without the daemon option. 
 Also, you could ARP poison the gateway if you like with a command like:
 ettercap -Tq  -m /var/ettertest.txt -M arp /gateway-IP/ // 
*/
$filename = "/var/ettertest.txt";
$fd = fopen ($filename, "r");
$contents = fread ($fd,filesize ($filename));
fclose ($fd);
$delimiter = "\n";
//If you want only unique lines make sure the line below is uncommented.
$splitcontents =array_reverse(array_unique(explode($delimiter, $contents)));
//If you want all lines make sure the line below is uncommented.
//$splitcontents = array_reverse(explode($delimiter, $contents));

/*Set the below to just show the first X characters of the password, "all" to
show all. If you are going to set this, also change the location/name of the
ettercap log tokeep folks from finding it. */
define("SHOWXCHR", "2");
?>
<CENTER><font color="BLACK" face="arial" size="7">Irongeek's<BR>
Wall Of Shame</font></CENTER>
<hr>
<hr>
<?
echo "<TABLE BORDER=\"1\" ALIGN=\"CENTER\" bgcolor=\"#FFFFFF\" 
bordercolorlight=\"#0000FF\" bordercolordark=\"#330099\" >";
echo "<TR><TD><B>Protocol</B></TD><TD><B>Target</B></TD><TD><B>User</B></TD>
<TD><B>Password</B></TD></TR>";
foreach ( $splitcontents as $line )
{
$line=str_replace(">",">",str_replace("<","<",$line));
$proto =trim(substr($line0strpos($line":")));
switch ($proto):
    case "SNMP":
        $fontcolor="\"#009900\"";
        $targetbetween($line" : "" -> COMMUNITY:"); 
        $user"N/A";
        $password=showfirst(between($line" -> COMMUNITY: ""  INFO:"), SHOWXCHR);
        $info=between($line"INFO:""\0");
        PrintCapItem($fontcolor$proto$target,$user,$password$info );
        break;
    case "HTTP":
        $fontcolor="\"#330099\"";
        $targetbetween($line" : "" -> USER: "); 
        $userbetween($line"USER: ""  PASS:");
        $password=showfirst(between($line"PASS: ""  INFO:"), SHOWXCHR);
        $info=between($line"INFO:""\0");
        PrintCapItem($fontcolor$proto$target,$user,$password$info );
        break;
    case "TELNET":
        $fontcolor="\"#CC33CC\"";
        $targetbetween($line" : "" -> USER:"); 
        $userbetween($line"USER: ""  PASS:");
        $password=showfirst(between($line"PASS:""\0"), SHOWXCHR);
        $info="N/A";
        PrintCapItem($fontcolor$proto$target,$user,$password$info );
        break;
    case "POP":
        $fontcolor="\"#8888FF\"";
        $targetbetween($line" : "" -> USER:"); 
        $userbetween($line"USER: ""  PASS:");
        $password=showfirst(between($line"PASS:""\0"), SHOWXCHR);
        $info="N/A";
        PrintCapItem($fontcolor$proto$target,$user,$password$info );
        break;        
    case "FTP":
        $fontcolor="\"#004400\"";
        $targetbetween($line" : "" -> USER:"); 
        $userbetween($line"USER: ""  PASS:");
        $password=showfirst(between($line"PASS:""\0"), SHOWXCHR);
        $info="N/A";
        PrintCapItem($fontcolor$proto$target,$user,$password$info );
        break;    
    case "VNC":
        $fontcolor="\"#00708\"";
        $targetbetween($line" : "" ->"); 
        $user="Challenge:"." ".between($line" -> Challenge:"" Response:");
        $password="Response:"." ".between($line" Response:""\0");
        $info="N/A";
        PrintCapItem($fontcolor$proto$target,$user,$password$info );
        break;
    case "IRC":
        $fontcolor="\"#FF3333\"";
        $targetbetween($line" : "" -> USER: "); 
        $userbetween($line"USER: ""  PASS:");
        $password=showfirst(between($line"PASS: ""  INFO:"), SHOWXCHR);
        $info=between($line"INFO:""\0");
        PrintCapItem($fontcolor$proto$target,$user,$password$info );
        break;
    case "YMSG":
        $fontcolor="\"#BBBB00\"";
        $targetbetween($line" : "" -> USER: "); 
        $userbetween($line"USER: ""  HASH:");
        $password=showfirst(between($line"HASH: ""  - "), SHOWXCHR);
        $info=between($line"  - ""\0");
        PrintCapItem($fontcolor$proto$target,$user,$password$info );
        break;
    case "DHCP":
        break;
    default:
        if (strpos($line" : ") != && strpos($line"PASS") != 0){
         $fontcolor="\"#FF00FF\"";
         $targetbetween($line" : "" -> USER:"); 
         $userbetween($line"USER: ""  PASS:");
         $password=showfirst(between($line"PASS:""\0"), SHOWXCHR);
         $info="N/A";
         PrintCapItem($fontcolor$proto$target,$user,$password$info );
         break;    
        }else{
            $trash=$trash."<TR><TD COLSPAN=\"4\">$proto<font color=\"#ff0000\">
            $line</font></TD></TR>";
        }
    endswitch ;
}
//Call the PHP script with a ?debug=1 on the end to see the trash lines.
if ($_GET[debug]==1) echo $trash;
echo "</TABLE>";
?>
<HR>
<CENTER>Source code for this “Wall of Shame” script can be found at 
<A HREF="http://www.irongeek.com">[url]http://www.irongeek.com[/url]</A></CENTER>
</BODY>
</HTML&gt