Showing posts with label Sniffing. Show all posts
Showing posts with label Sniffing. Show all posts
SSLsplit v 0.4.5 - Man-in-the-middle attacks against SSL/TLS
Labels:
Man-in-the-middle,
Network Hacking,
penetration testing,
Sniffing,
spoofing,
ssl,
Vulnerabilities
SLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
Change Log:
- Add support for 2048 and 4096 bit Diffie-Hellman
- Fix syslog error messages
- Fix threading issues in daemon mode .
- Fix address family check in netfilter NAT lookup
- Fix build on recent glibc systems
- Minor code and build process improvements
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
dSploit v1.0.23b -- Android network penetration suite
Labels:
Android,
apk download,
Hacking Tools,
Mobile,
Network Hacking,
Sniffing,
Wi-Fi Hacking
Have you ever wanted to dabble in network security testing? dSploit is an Android based network analysis & penetration suite. It is a comprehensive toolchain which can be used by anyone in order to perform a number of advanced network analysis and Pentests. dSploit contains a number of powerful functions for IT security experts/geeks, but is easy enough for just about any one to perform exploits.
dSploit allows you to analyze, capture, and manipulate network packets. You can scan networks for connected devices like other smartphones, laptops, & identify the operating system, running services and open ports on each device. Once open ports are known, you can go further by checking open ports for vulnerabilities. These features together make dSploit the most complete and advanced professional toolkit to perform network security assesments on any mobile device, ever.
Other than analysis, dSploit even allows man in the middle attacks for a number of network protocols i.e. you can monitor and inject packets into the network and spoof your identity. In simpler words, it allows you to intercept wireless network traffic and mess it with in the way you want. You can poison the DNS, for example, so that your family members go to Google+ everytime they try open facebook, or replace all the images with a custom PWNed/funny image. The ideas are what limit you, possibilities of fun are endless.
Available Modules in dSploit :
- RouterPWN
- Launch the http://routerpwn.com/ service to pwn your router.
- Port Scanner
- A syn port scanner to find quickly open ports on a single target.
- Inspector
- Performs target operating system and services deep detection, slower than syn port scanner but more accurate.
- Vulnerability Finder
- Search for known vulnerabilities for target running services upon National Vulnerability Database.
- Login Cracker
- A very fast network logon cracker which supports many different services.
- Packet Forger
- Craft and send a custom TCP or UDP packet to the target.
- MITM
- A set of man-in-the-middle tools to command&conquer the whole network .
The app is currently in beta, so there may be bugs present. However, a large number of users are reporting good feedback in the thread. You need to be running at least Android 2.3 Gingerbread, and the device must be rooted.
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Ettercap 0.7.5 released - codename "Assimilation"
Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
It is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
Changes log:
- Fix versioning, flags.
- Need latest version of libnet that supports IPv6
- Fix gtk crash.
- Switched to git repo and CMAKE
- Now that IPv6 is supported the cli requires an extra “/”. To poison all hosts in a broadcast domain the command would be /// (Instead of // // in past versions.)
- Fixed Release tag and build flags, BZ 855504.
- Fixed Obsoletes, BZ 855067.
- Switch to git ettercap_rc branch for gtk crash, BZ 853791.
- Dropped UI and daemon patches.
- Merged subpackages, in part due to buildsystem change.
- Spec cleanup.
- Rebuilt for https ://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
- Add hardened build.
- libnet rebuild.
- New upstream.
- Rebuild against PCRE 8.30
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
ARPwner - Arp poisoning and dns poisoning tool
Labels:
Hacking Tools,
Network Hacking,
Sniffing
ARPwner was released at BlackHat USA 2012 by Nicolas Trippar. It is a tool to do arp poisoning and dns poisoning attacks, with a simple gui and a plugin system to do filtering of the information gathered, also has a implementation of sslstrip and is coded 100% in python, so you can modify on your needs.
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Android Network Spoofer - Pwn WiFi Networks
Labels:
Android,
Mobile,
Phishing,
Sniffing,
Social Engineering
Developed by Digitalsquid, Network Spoofer is a powerful networking app for Android devices that lets you spoof people on your network. It comes with over a dozen “hacks” such as redirecting all websites to your chosen URL, redirect all YouTube videos to the famous Never Gonna Give You Up music video, blur all images on websites, flip images, change all images on a website to a troll face etc.
Network Spoofer lets you change websites on other people’s computers from an Android phone. After downloading simply log onto a Wifi network, choose a spoof to use and press start.Please note that there is no intention for Network Spoofer to include any malicious features. This application is a fun demonstration of how vulnerable home networks are to simple attacks, with permission of the network owner - DO NOT attempt to use Network Spoofer on any corporate or other non-residential networks (eg. at school, university). It becomes very obvious when Network Spoofer is being used on a Network, and use of Network Spoofer will be considered malicious hacking by network administrators.
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
WebSploit v 1.7 - Scan And Analysis Remote System From Vulnerability
Labels:
Hacking Tools,
Linux,
Metasploit,
penetration testing,
Sniffing
- Autopwn - Used From Metasploit For Scan and Exploit Target Service
- wmap - Scan,Crawler Target Used From Metasploit wmap plugin
- format infector - inject reverse & bind payload into file format
- phpmyadmin - Search Target phpmyadmin login page
- lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
- apache users - search server username directory (if use from apache webserver)
- Dir Bruter - brute target directory with wordlist
- admin finder - search admin & login page of target
- MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
- MITM - Man In The Middle Attack
- Java Applet Attack - Java Signed Applet Attack
- MFOD Attack Vector - Middle Finger Of Doom Attack Vector
- USB Infection Attack - Create Executable Backdoor For Infect USB For Windows
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
SSLsplit - Transparent and Scalable SSL/TLS Interceptor
Labels:
Hacking Tools,
Sniffing
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. It terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, it generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. It can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. SSLsplit supports a number of NAT engines, static forwarding and SNI DNS lookups to determine the original destination of redirected connections.
SSLsplit currently supports the following NAT engines:
- OpenBSD packet filter (pf) – also available on FreeBSD and NetBSD
- FreeBSD IP firewall (IPFW) – also available on Mac OS X
- IPFilter (ipfilter, ipf), available on many systems, including FreeBSD, NetBSD, Linux and Solaris
- Linux netfilter (netfilter)
- Linux netfilter using the iptables TPROXY (tproxy)
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Intercepter-NG v0.9.3 Sniffing ToolDownload Intercepter-NG 0.9
Labels:
Hacking Tools,
Sniffing
[Intercepter-NG] offers the following features:
- Sniffing passwordshashes of the types:
- ICQ\IRC\AIM\FTP\IMAP\POP3\SMTP\LDAP\BNC\SOCKS\HTTP\WWW\NNTP\CVS\TELNET\MRA\DC++\VNC\MYSQL\ORACLE\NTLM
- Sniffing chat messages of ICQ\AIM\JABBER\YAHOO\MSN\IRC\MRA
- Promiscuous-mode\ARP\DHCP\Gateway\Smart Scanning
- Raw mode\eXtreme\Resurrection mode
- Capturing packets and post-capture (offline) analyzing
- Remote traffic capturing via RPCAP daemon
- NAT\SOCKS\DHCP
- ARP\DNS over ICMP\DHCP\SSL\SSLSTRIP\WPAD\SMBRelay MiTM
Official Intercepter-NG change log:
- Major update of sslstripping code
- UAC Manifest added to .exe
- openssl+zlib linked statically
- IRC moved to Messengers Mode
- New Resurrection Mode – reconstruction of HTTPFTPSMBIMAPPOP3SMTP files
- Updated WiFi Mode and improved MiTMs code
- RAW mode updated
- Cookie grabber added
- Intercepter converts raw IP Data captures to Ethernet frames a lot of small changes
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Subscribe to:
Posts (Atom)