Macof floods the local network with random MAC addresses, causing some switches to fail open in repeating mode, and thereby facilitates sniffing.
Mailsnarf is capable of capturing and outputting SMTP mail traffic that is sniffed on the network
urlsnarf is a neat tool for monitoring Web traffic.
Webspy allows the user to see all the WebPages visited by the victim.
Each of the tools included in the dsniff distribution has some unique function. In general, the tools dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy are used to passively monitor a vulnerable shared network. By overloading the switch, a hacker could have access to all the data passing through the switch.
| Tools | One tool for doing this is called "macof. Dsniffs "macof" generates random MAC addresses exhausting the switch's memory. It is capable of generating 155,000 MAC entries on a switch per minute. Some switches than revert to acting like a hub. |
The whole process of sniffing another's mail becomes an easy task with mailsnarf. Once the attacker has access to the target subnet, he can use mailsnarf to capture mail traffic that passes through the network subnet or Ethernet switch.
| Tools | Mailsnarf makes it possible to save the messages in standard mail format, so that the attacker can use just about any e-mail client to read what is captured as easily as he can read mail from his inbox. Mailsnarf reassembles and displays e-mail traffic in a legible manner, thus enabling the attacker to read other users' e-mail in real time. |
| Tools | urlsnarf is a tool for monitoring Web traffic. urlsnarf grabs all the HTTP requests from the captured network traffic and outputs the results in the Common Log Format (CLF), as used by Web servers such as Apache or IIS. |
The only drawback of urlsnarf is that at present, it is hard coded to monitor TCP ports 80 (clear-text HTTP), 3128 (MS-proxy), and 8080 (generic/squid proxy). HTTP traffic going to other TCP ports is ignored. Because urlsnarf generates output as CLF log lines, the output can be piped to any log analysis program that uses CLF Web server logs.
| Tools | The webspy package (webspy.exe) is a hacking tool. By the usage webspy 111.111.111.111 the program intercepts all HTTP traffic to and from the IP addresses 111.111.111.111 and passes it off to a local browser. This will open Netscape or IE and the traffic sent to the attacker's browser will match that of the target. He can then follow targets around as they surf the net. However, Webspy won't follow targets over ssl connection or reveal information entered into form fields (like passwords). |
0 comments:
Post a Comment