PC wifi session sniffer. The best pen tester tools: sniffers and working with packages

SmartSniff allows you to intercept network traffic and display its contents in ASCII. The program captures packets passing through network adapter and displays the contents of the packages in text form ( http protocols, pop3, smtp, ftp) and as a hexadecimal dump. To capture TCP/IP packets, SmartSniff uses the following techniques: raw sockets - RAW Sockets, WinCap Capture Driver and Microsoft Network Monitor Driver. The program supports the Russian language and is easy to use.

Sniffer program for capturing packets

SmartSniff displays the following information: protocol name, local and remote address, local and remote port, local node, service name, data volume, total size, capture time and last packet time, duration, local and remote MAC address, countries and data packet contents . The program has flexible settings, it implements the function of a capture filter, unpacking http responses, converting IP addresses, the utility is minimized to the system tray. SmartSniff generates a report on packet flows in the form HTML pages. The program can export TCP/IP streams.

Each member of the ][ team has their own preferences regarding software and utilities for
pen test. After consulting, we found out that the choice varies so much that it is possible
create a real gentleman's set of proven programs. That's it
decided. In order not to make a hodgepodge, we divided the entire list into topics - and in
This time we’ll touch on utilities for sniffing and manipulating packets. Use it on
health.

Wireshark

Netcat

If we talk about data interception, then Network Miner will be taken off the air
(or from a pre-prepared dump in PCAP format) files, certificates,
images and other media, as well as passwords and other information for authorization.
A useful feature is to search for those sections of data that contain keywords
(for example, user login).

Scapy

Website:
www.secdev.org/projects/scapy

A must-have for any hacker, it is a powerful tool for
interactive packet manipulation. Receive and decode packets of the most
different protocols, respond to the request, inject the modified and
a package created by yourself - everything is easy! With its help you can perform a whole
a number of classic tasks such as scanning, tracorute, attacks and detection
network infrastructure. In one bottle we get a replacement for such popular utilities,
like: hping, nmap, arpspoof, arp-sk, arping, tcpdump, tetheral, p0f, etc. At that
it's about time Scapy allows you to perform any task, even the most specific
a task that can never be done by another developer already created
means. Instead of writing a whole mountain of lines in C to, for example,
generating the wrong packet and fuzzing some daemon is enough
throw in a couple of lines of code using Scapy! The program does not have
graphical interface, and interactivity is achieved through the interpreter
Python. Once you get the hang of it, it won’t cost you anything to create incorrect
packets, inject the necessary 802.11 frames, combine different approaches in attacks
(say, ARP cache poisoning and VLAN hopping), etc. The developers themselves insist
to ensure that Scapy's capabilities are used in other projects. Connecting it
as a module, it’s easy to create a utility for various types of local area research,
searching for vulnerabilities, Wi-Fi injection, automatic execution specific
tasks, etc.

packeth

Website:
Platform: *nix, there is a port for Windows

An interesting development that allows, on the one hand, to generate any
ethernet packet, and, on the other hand, send sequences of packets with the purpose
bandwidth checks. Unlike other similar tools, packeth
has GUI, allowing you to create packages as easily as possible
form. Further - more. The creation and sending are especially elaborated
sequences of packets. You can set delays between sending,
send packets at maximum speed to test throughput
section of the network (yep, this is where they’ll be filing) and, what’s even more interesting -
dynamically change parameters in packets (for example, IP or MAC address).

Wireshark will be an excellent assistant for those users who need to produce detailed analysis network packets, - traffic computer network. The sniffer easily interacts with such common protocols as netbios, fddi, nntp, icq, x25, dns, irc, nfs, http, tcp, ipv6 and many others. During analysis, it allows you to separate a network packet into the appropriate components, according to a specific protocol, and display readable information in numerical form on the screen.
supports a huge number of different formats of transmitted and received information, and is able to open files that are used by other utilities. The principle of operation is that the network card goes into broadcast mode and begins intercepting network packets that are in its visibility area. Can work as a program for intercepting wifi packets.

How to use wireshark

The program studies the contents of information packets that pass through the network. To launch and use the results of the sniffer’s work, you do not need any specific knowledge, you just need to open it in the “Start” menu or click on the icon on the desktop (launching it is no different from any other Windows programs). A special function of the utility allows it to capture information packets, carefully decrypt their contents and return them to the user for analysis.

After launching wireshark, you will see the program's main menu on the screen, which is located at the top of the window. It is used to control the utility. If you need to load files that store data about packets caught in previous sessions, as well as save data about other packets caught in a new session, then you will need the "File" tab to do this.

To launch the network packet capture function, the user must click on the "Capture" icon, then find a special menu section called "Interfaces", with which you can open a separate "Wireshark Capture Interfaces" window, where all available network interfaces should be shown, through which will capture the necessary data packets. In the case when the program (sniffer) is able to detect only one suitable interface, it will display the entire important information about him.

The results of the utility are direct evidence that, even if users are not independently engaged (at a given time) in transmitting any data, the exchange of information on the network does not stop. After all, the principle of operation local network is that to maintain it in operating mode, each of its elements (computer, switch and other devices) continuously exchange service information with each other, therefore such network tools are designed to intercept such packets.

There is also a version for Linux systems.

It should be noted that The sniffer is extremely useful for network administrators and computer security services, because the utility allows you to identify potentially unprotected network nodes - likely areas that can be attacked by hackers.

In addition to its direct purpose, Wireshark can be used as a tool for monitoring and further analyzing network traffic in order to organize an attack on unprotected areas of the network, because intercepted traffic can be used to achieve various goals.

About the dangers of open Wifi access points, about how passwords can be intercepted.

Today we’ll look at intercepting passwords over Wi-Fi and intercepting cookies over Wi-Fi using the program.

The attack will take place due to Sniffing.

Sniffing— sniff translates as “Sniff.” Sniffing allows you to analyze network activity on the network, view which sites the user visits and intercept passwords. But it can also be used for useful purposes, for listening to viruses that send any data to the Internet.

The method I will show is quite primitive and simple. In fact, you can use the program more strongly.
Official website of the program sniff.su (copy the link and open in a new tab), you can download it in the section "Download".
There is a version for Windows Unix systems and for android.
We will consider for Windows since this is the most popular system and here the program is the most advanced.
Your browser or antivirus may complain that the program is dangerous, but you yourself understand that this is a hack program, and it will always respond to such hacks.
The program is downloaded to zip archive, you just need to unpack the program into a folder and use it, there is no need to install anything.
The program has the ability to organize various Mitm attacks on Wi-Fi networks.
The article was written purely for informational purposes, to show by example the dangers of open WiFi hotspots; any specified actions are performed at your own peril and risk. And I want to remind you about criminal liability for protecting other people’s data.

Service avi1 offers breathtakingly cheap prices for the opportunity to order followers for your Instagram profile. Achieve increased online popularity or sales right now, without spending a lot of effort and time.

Working with the Intercepter NG program

So, the program is launched via Intercepter-NG.exe.
The program has an English interface, but if you are a confident computer user, I think you will figure it out.

Below there will be a video on setting up (for those who prefer to watch rather than read).
- Choose the desired network at the top if you have several of them.
— Switch the type Ethernet/WiFi, if you have Wi Fi, then you need to select the Wi FI icon (to the left of the network selection)

— Press the button Scan Mode(radar icon)
- In an empty field, right-click and click on context menu Smart scan
— All connected devices to the network will appear
— Select the victim (you can select everyone while holding down the Shift key), just do not mark the router itself, its IP is usually 192.168.1.1
- Having selected, right-click and click Add to nat

- Go to the tab Nat
- IN Stealth ip It is advisable to change the last digit to any unoccupied one, this will hide your real IP.
- Put a tick on SSL Strip And SSL Mitm.

— Click Settings(gears on the right).
- Put a tick on Resurrection(This will allow you to intercept passwords and cookies of the encrypted Https protocol) and Remove Spoof IP/Mac. You can check the box Cookie Killer, thanks to it, the victim will be kicked out of the current page, for example a social network, and the victim will have to re-enter the password, and we will intercept it. Compare the settings with the picture.

— Here the setup is complete, close the settings with a checkmark.
— The setup is complete, you can begin the attack.
— Press the button at the top Start/stop sniffing(triangle), in the same window click on the radiation icon at the bottom Start/Stop ARP Poison
— Go to the tab Password mode and right-click in the window and select Show Cookies(“This will allow cookies and passwords entered by victims to be shown”)
That's it, we're waiting for someone to enter the password.
Sometimes it happens that the Internet stops working, try to access the Internet yourself, if it doesn’t work, restart the program.
I noticed that it is not always possible to intercept a password, but in fact it works almost without failure.

That's all, we looked at intercepting passwords over Wi-Fi and intercepting cookies over Wi-Fi.

Take care of yourself

ATTENTION! This article is written for informational purposes only for IT security specialists. Traffic interception was based on the example of our own devices on a personal local network. The interception and use of personal data may be punishable by law, so we do not encourage using this article to harm others. World peace, let's help each other!

Hi all! In this article we will talk about WiFi sniffer. At all this type programs are designed exclusively for intercepting traffic on the local network. Further, it makes no difference how exactly the victim is connected to the router, via cable or Wi-Fi. I want to show traffic interception with an example interesting program"Intercepter-NG". Why did I choose her? The fact is that this sniffer application was written specifically for Windows, has a fairly friendly interface and is easy to use. And not everyone has Linux.

Intercepter-NG capabilities

As you know, a local network constantly uses data exchange between the router and the end client. If desired, this data can be intercepted and used for your own purposes. For example, cookies, passwords, or other interesting data can be intercepted. Everything happens very simply - the computer sends a request to the Internet and receives data along with a response from the central gateway or router.

The program launches a certain mode in which the client computer begins to send requests with data not to the gateway, but to the device with the program. That is, we can say that he confuses the router with the attacker’s computer. This attack is also called ARP spoofing. Further, from the second computer, all data is used for its own purposes.

After receiving the data, the sniffing process begins when the program tries to extract from the packets necessary information: passwords, logic, final web resource, visited pages on the Internet and even correspondence in instant messengers. But there is a small drawback in that this picture works great with unencrypted data. When requesting HTTPS pages, you need to dance with a tambourine. For example, a program can, when a client requests a DNS server, insert the address of its fake website, where he can enter his login and password to log in.

Normal attack

First we need to download the program. Some browsers may complain if you try to download the application from the official website - sniff.su. But you can try. If you are too lazy to go this protection then you can download the application from GitHub.

1. Depending on how you are connected to the network, the corresponding icon will be displayed in the upper left corner - click on it;

1. You need to select your working network module. I chose the one that already had a local IP assigned, that is, my IP address;

1. On the empty area, right-click and then launch “Smarty Scan”;

1. Next you will see a list of IP addresses, as well as MAC and additional information about devices on the network. It is enough to select one of the attack targets, click on it and then select “Add as Target” from the list for the program to assign the device. After that, click on the start button in the upper right corner of the window;

1. Go to the “MiTM mode” section and click on the radiation icon;

1. The startup process has started, now to view logins and passwords, go to the third tab;

1. On the second tab you will see all the transferred data;

As you can see, here you can only see and detect intercepted keys and usernames, as well as those sites visited by the target.

Intercepting Cookies

If anyone doesn’t know, cookies are temporary data that allows us not to constantly enter credentials on forums, in social networks and other sites. You could say this is a temporary pass. You can also intercept them using this application.

Everything is done quite simply, after launching a regular attack, go to the third tab, right-click on the free field and select “Show Cookies”.

You should see the required Cookies. Using them is very simple - just right-click on the desired site and then select “Open in browser”. After this, the site will open from someone else’s account page.

Obtaining login and password

Most likely, after launching the program, the client will already be sitting in one or another account. But you can force him to enter his login and password again. Since cookies themselves are not eternal, this is a completely normal practice. For this purpose, the Cookie Killer program is used. After launch, the client’s old cookies are completely deleted and he has to enter his login and password again, this is where interception comes into play. There is a separate video instruction on this matter: