A Network Simple Sniffer tool in python3

 

 

The internet, as wel as local area networks, consist of a huge number of services. You use HTTP(s) for surfing web pages, SMTP to send emails, POP3 or IMAP to read emails, ICQ, IRC, Skype or jabber to chat and so on. A Network Simple Sniffer tool  in python3

Most people should by now have heard that HTTP without the S is insecure and should not be used to send one's bank account data thourgh the net. However most protocols for daily use are plaintext protocols, like ICQ or SMTP and IMAP/POP3. Facebook, the biggest social network of the world has recently adopted HTTPS as default. One can activate SSL encryption for most commonly used protocols or install a SSL proxy in front of a service if it doesn't support SSL by itself, but only a few people care about data security and encryption.

Unencrypted network traffic is the low hanging fruit every attacker is searching for. Why should an attacker try to crack passwords if he can easily read them?

Why should try to break into the application server if they could hijack the current admin session and insert his commands by using IP spoofing.


With a network sniffer like TCPdump (https://www.tcpdump.org) or wireshark (https://www.wireshark.org) the admin can illustratively demonstrate its user that one can read their traffic if they don't use encryption. Ofcourse you should have the authorization for this demonstration, as an admin should never invade the privacy of its usrs. Without authorization, you should only sniff your own or the packets of an intruder to your network.

The next code snippet should demonstrate how easy it is to write your own sniffer in python. It uses the famous PCAP library from tcpdump.org. To be able to execute the source code you must also install the python impacket and pcapy from core security.

pip install impacket pcapy

Lets write a program...

#!/usr/bin/python3

import sys
import getopt 
import pcapy
from impacket.ImpactDecoder import EthDecoder

dev = "wlan0"
filter = "arp"
decoder = EthDecoder()

def handle_packet(hdr, data):
    print(decoder.decode(data))

def usage():
    print(sys.argv[0] + " -i <dev> -f <pcap_filter>")
    sys.exit(1)

try:
   cmd_opts = "f:i:"
   opts, args = getopt.getopt(sys.argv[1:], cmd_opts)
except getopt.GetoptError:
   usage()

for opt in opts:
   if opt[0] == "-f":
      filter = opt[1]
   elif opt[0] == "-i":
      dev = opt[1]
   else:
       usage()


pcap = pcapy.open_live(dev, 1500, 0, 100)
pcap.setfilter(filter)

pcap.loop(0, handle_packet)

 

Output :- 

 

 

┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/Penetration-tester-jr]
└─$ sudo python3 sniffer.py                                                                                                                             1 ⨯
/home/hackerboy/Desktop/Penetration-tester-jr/sniffer.py:37: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  pcap.loop(0, handle_packet)
Ether: e6:e4:e4:95:1e:27 -> fc:01:7c:29:00:77
ARP format: ARPHRD ETHER opcode: REQUEST
e6:e4:e4:95:1e:27 -> 0:0:0:0:0:0
192.168.200.167 -> 192.168.200.25

Ether: fc:01:7c:29:00:77 -> e6:e4:e4:95:1e:27
ARP format: ARPHRD ETHER opcode: REPLY
fc:1:7c:29:0:77 -> e6:e4:e4:95:1e:27
192.168.200.25 -> 192.168.200.167

Ether: e6:e4:e4:95:1e:27 -> fc:01:7c:29:00:77
ARP format: ARPHRD ETHER opcode: REQUEST
e6:e4:e4:95:1e:27 -> 0:0:0:0:0:0
192.168.200.167 -> 192.168.200.25

Ether: fc:01:7c:29:00:77 -> e6:e4:e4:95:1e:27
ARP format: ARPHRD ETHER opcode: REPLY
fc:1:7c:29:0:77 -> e6:e4:e4:95:1e:27
192.168.200.25 -> 192.168.200.167

Ether: fc:01:7c:29:00:77 -> e6:e4:e4:95:1e:27
ARP format: ARPHRD ETHER opcode: REQUEST
fc:1:7c:29:0:77 -> 0:0:0:0:0:0
192.168.200.25 -> 192.168.200.167

Ether: e6:e4:e4:95:1e:27 -> fc:01:7c:29:00:77
ARP format: ARPHRD ETHER opcode: REPLY
e6:e4:e4:95:1e:27 -> fc:1:7c:29:0:77
192.168.200.167 -> 192.168.200.25


Ether: e6:e4:e4:95:1e:27 -> fc:01:7c:29:00:77
ARP format: ARPHRD ETHER opcode: REQUEST
e6:e4:e4:95:1e:27 -> 0:0:0:0:0:0
192.168.200.167 -> 192.168.200.25

Ether: fc:01:7c:29:00:77 -> e6:e4:e4:95:1e:27
ARP format: ARPHRD ETHER opcode: REPLY
fc:1:7c:29:0:77 -> e6:e4:e4:95:1e:27
192.168.200.25 -> 192.168.200.167

^C^C
^CTraceback (most recent call last):
  File "/home/hackerboy/Desktop/Penetration-tester-jr/sniffer.py", line 37, in <module>
    pcap.loop(0, handle_packet)
  File "/home/hackerboy/Desktop/Penetration-tester-jr/sniffer.py", line 12, in handle_packet
    def handle_packet(hdr, data):
KeyboardInterrupt

┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/Penetration-tester-jr]
└─$                                                                            

I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

 

Disclaimer

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.