The internet, as wel as local area networks, consist of a huge number of services. You use HTTP(s) for surfing web
pages, SMTP to send emails, POP3 or IMAP to read emails, ICQ, IRC, Skype or jabber to chat and so on.
A Network Simple Sniffer tool in python3
Most people
should by now have heard that HTTP without the
S is insecure and should not be used to send one's
bank account data thourgh the net. However most protocols for daily use are
plaintext protocols, like ICQ or SMTP and
IMAP/POP3. Facebook, the biggest social network of the world has recently adopted
HTTPS as default. One can activate
SSL encryption for most commonly used protocols or
install a SSL proxy in front of a service if it doesn't support
SSL by itself, but only a few people care about data security
and encryption.
Unencrypted network traffic is the
low hanging fruit every attacker is searching for. Why should an attacker try
to crack passwords if he can easily read them?
Why
should try to break into the application server if they could hijack the
current admin session and insert his commands by using IP spoofing.
With
a network sniffer like TCPdump (https://www.tcpdump.org) or wireshark (https://www.wireshark.org) the admin can illustratively demonstrate its user that one can read their
traffic if they don't use encryption. Ofcourse you should have the authorization for this
demonstration, as an admin should never invade the privacy of
its usrs. Without authorization, you should only sniff your own or the packets of an intruder to your
network.
The next code snippet should demonstrate how
easy it is to write your own sniffer in python. It uses the famous
PCAP library from tcpdump.org. To be able to execute the source code you must also install the
python impacket and pcapy from core
security.
pip install impacket pcapy
Lets write a
program...
#!/usr/bin/python3 import sys import getopt import pcapy from impacket.ImpactDecoder import EthDecoder dev = "wlan0" filter = "arp" decoder = EthDecoder() def handle_packet(hdr, data): print(decoder.decode(data)) def usage(): print(sys.argv[0] + " -i <dev> -f <pcap_filter>") sys.exit(1) try: cmd_opts = "f:i:" opts, args = getopt.getopt(sys.argv[1:], cmd_opts) except getopt.GetoptError: usage() for opt in opts: if opt[0] == "-f": filter = opt[1] elif opt[0] == "-i": dev = opt[1] else: usage() pcap = pcapy.open_live(dev, 1500, 0, 100) pcap.setfilter(filter) pcap.loop(0, handle_packet)
Output :-
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/Penetration-tester-jr] └─$ sudo python3 sniffer.py 1 ⨯ /home/hackerboy/Desktop/Penetration-tester-jr/sniffer.py:37: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats pcap.loop(0, handle_packet) Ether: e6:e4:e4:95:1e:27 -> fc:01:7c:29:00:77 ARP format: ARPHRD ETHER opcode: REQUEST e6:e4:e4:95:1e:27 -> 0:0:0:0:0:0 192.168.200.167 -> 192.168.200.25 Ether: fc:01:7c:29:00:77 -> e6:e4:e4:95:1e:27 ARP format: ARPHRD ETHER opcode: REPLY fc:1:7c:29:0:77 -> e6:e4:e4:95:1e:27 192.168.200.25 -> 192.168.200.167 Ether: e6:e4:e4:95:1e:27 -> fc:01:7c:29:00:77 ARP format: ARPHRD ETHER opcode: REQUEST e6:e4:e4:95:1e:27 -> 0:0:0:0:0:0 192.168.200.167 -> 192.168.200.25 Ether: fc:01:7c:29:00:77 -> e6:e4:e4:95:1e:27 ARP format: ARPHRD ETHER opcode: REPLY fc:1:7c:29:0:77 -> e6:e4:e4:95:1e:27 192.168.200.25 -> 192.168.200.167 Ether: fc:01:7c:29:00:77 -> e6:e4:e4:95:1e:27 ARP format: ARPHRD ETHER opcode: REQUEST fc:1:7c:29:0:77 -> 0:0:0:0:0:0 192.168.200.25 -> 192.168.200.167 Ether: e6:e4:e4:95:1e:27 -> fc:01:7c:29:00:77 ARP format: ARPHRD ETHER opcode: REPLY e6:e4:e4:95:1e:27 -> fc:1:7c:29:0:77 192.168.200.167 -> 192.168.200.25 Ether: e6:e4:e4:95:1e:27 -> fc:01:7c:29:00:77 ARP format: ARPHRD ETHER opcode: REQUEST e6:e4:e4:95:1e:27 -> 0:0:0:0:0:0 192.168.200.167 -> 192.168.200.25 Ether: fc:01:7c:29:00:77 -> e6:e4:e4:95:1e:27 ARP format: ARPHRD ETHER opcode: REPLY fc:1:7c:29:0:77 -> e6:e4:e4:95:1e:27 192.168.200.25 -> 192.168.200.167 ^C^C ^CTraceback (most recent call last): File "/home/hackerboy/Desktop/Penetration-tester-jr/sniffer.py", line 37, in <module> pcap.loop(0, handle_packet) File "/home/hackerboy/Desktop/Penetration-tester-jr/sniffer.py", line 12, in handle_packet def handle_packet(hdr, data): KeyboardInterrupt ┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/Penetration-tester-jr] └─$
I hope you liked this post, then you should not forget to share this post at
all.
Thank you so much :-)