[question] Sniffing cleartext passwords on monitor interface.

[proxx]

Hello EZ,

Does anyone know of a tool that filters passwords from raw (live) packet captures.
I know I could use airodump-ng than use airdecap-ng to strip the 802.11 headers after finally giving it to dsniff.
If course one could write a bash to do all that in some hackish loopy way but im curious if anyone knows about a tool that does this on-the-fly.
Seen some stuff like irongeek's wall of shame but im curious if anyone knows about an other tool to do this directly?

[Superflu0usRoot]

I've seen a few programs that are built to specifically parse down information looking for specific passwords.

Cain has worked for me before, as well as some modules in wireshark.

What specific protocols are you wanting to get passwords from?

[Snayler]

I think you're looking for something like ettercap.

[proxx]

I've seen a few programs that are built to specifically parse down information looking for specific passwords.

Cain has worked for me before, as well as some modules in wireshark.

What specific protocols are you wanting to get passwords from?

Means I would need to use windows in some virtualbox draining my battery..
Not really practical.

In fact Ive been working on some code to do this.
Sniffing cleartext from a monitor interface and than doing some algo magic.
As for procotols, guess POP3, plain HTTP stuff like that.

@snayler, im aware of ettercap, again its not capable of handling 802.11 traffic directly.


*edit*
Im probably gonna release the tool here when its 'done'
Called it ClearNsnort.
Mainly targetted at sniffing cleartext , primairy goal to filter human written text.

[Axon]

I think you're looking for something like ettercap.

Ettercap does not sniff cleartext passwords.

[proxx]

Ettercap does not sniff cleartext passwords.

Password collectors for: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG

Thats from wikipedia on ettercap

[Snayler]

Ettercap does not sniff cleartext passwords.

It doesn't? I was under the impression it did.

[Axon]

Thats from wikipedia on ettercap

It doesn't? I was under the impression it did.

My judgment was from an experience with ettercap, depending on the authentication the site is using, you may or may not sniff clear text passwords, at my work, ettercap will sniff the ntlmv2 authentications sent by users connected on the network. However, ettercap comes with various plugins, one of them is smb_clear, which force the client to send passwords in clear text, but that depends also, this cloud crash the connection for all the users on the network.


At the end, ettercap cloud be the right tool an, or it cloud not be the right tool. May be you should try it out and decide for yourself.

[Moiz]

hello

just give this tool a try

http://code.google.com/p/subterfuge/

thanks