• Stars
    star
    330
  • Rank 127,657 (Top 3 %)
  • Language
    C
  • License
    Other
  • Created almost 10 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Dug Song seems to have abandoned dsniff. I got it to work with the latest OS X & Homebrew libraries.
dsniff-2.4b1
------------

This is a fork of Dug Song's dsniff tools, updated to compile and run on OS X.

Installation on OS X:

1. Install dependencies:

brew install berkeley-db libnet libnids libpcap openssl

2. Configure with correct paths:

./configure \
  --with-libpcap=/usr/local/opt/libpcap \
  --with-openssl=/usr/local/opt/openssl \
  --with-libnet=/usr/local/opt/libnet \
  --with-libnids=/usr/local/opt/libnids \
  --without-x

3. Compile:

make

4. Install:

make install

------------

Original README follows

------------

i wrote these tools with honest intentions - to audit my own network,
and to demonstrate the insecurity of cleartext / weakly-encrypted
network protocols and ad-hoc PKI. please do not abuse this software.

these programs require:

      Berkeley DB - http://www.sleepycat.com/
      OpenSSL - http://www.openssl.org/
      libpcap - http://www.tcpdump.org/
      libnids - http://www.packetfactory.net/Projects/Libnids/
      libnet - http://www.packetfactory.net/Projects/Libnet/

built and tested on OpenBSD, Linux, and Solaris. YMMV.

what's here:

arpspoof
	redirect packets from a target host (or all hosts) on the LAN
	intended for another local host by forging ARP replies. this
	is an extremely effective way of sniffing traffic on a switch.
	kernel IP forwarding (or a userland program which accomplishes
	the same, e.g. fragrouter :-) must be turned on ahead of time.

dnsspoof
	forge replies to arbitrary DNS address / pointer queries on
	the LAN. this is useful in bypassing hostname-based access
	controls, or in implementing a variety of man-in-the-middle
	attacks (HTTP, HTTPS, SSH, Kerberos, etc).

dsniff
	password sniffer. handles FTP, Telnet, SMTP, HTTP, POP,
	poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP
	MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ,
	Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec
	pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase
	and Microsoft SQL auth info.

	dsniff automatically detects and minimally parses each
	application protocol, only saving the interesting bits, and
	uses Berkeley DB as its output file format, only logging
	unique authentication attempts. full TCP/IP reassembly is
	provided by libnids(3) (likewise for the following tools as
	well).

filesnarf
	saves selected files sniffed from NFS traffic in the current
	working directory.

macof
	flood the local network with random MAC addresses (causing
	some switches to fail open in repeating mode, facilitating
	sniffing). a straight C port of the original Perl Net::RawIP
	macof program.

mailsnarf
	a fast and easy way to violate the Electronic Communications
	Privacy Act of 1986 (18 USC 2701-2711), be careful. outputs
	selected messages sniffed from SMTP and POP traffic in Berkeley
	mbox format, suitable for offline browsing with your favorite
	mail reader (mail -f, pine, etc.).

msgsnarf
	record selected messages from sniffed AOL Instant Messenger,
	ICQ 2000, IRC, and Yahoo! Messenger chat sessions.

sshmitm
	SSH monkey-in-the-middle. proxies and sniffs SSH traffic
	redirected by dnsspoof(8), capturing SSH password logins, and
	optionally hijacking interactive sessions. only SSH protocol
	version 1 is (or ever will be) supported - this program is far
	too evil already.

sshow
	SSH traffic analysis tool. analyzes encrypted SSH-1 and SSH-2
	traffic, identifying authentication attempts, the lengths of
	passwords entered in interactive sessions, and command line
	lengths.

tcpkill
	kills specified in-progress TCP connections (useful for
	libnids-based applications which require a full TCP 3-whs for
	TCB creation).

tcpnice
	slow down specified TCP connections via "active" traffic
	shaping. forges tiny TCP window advertisements, and optionally
	ICMP source quench replies.

urlsnarf
	output selected URLs sniffed from HTTP traffic in CLF
	(Common Log Format, used by almost all web servers), suitable
	for offline post-processing with your favorite web log
	analysis tool (analog, wwwstat, etc.).

webmitm
	HTTP / HTTPS monkey-in-the-middle. transparently proxies and
	sniffs web traffic redirected by dnsspoof(8), capturing most
	"secure" SSL-encrypted webmail logins and form submissions.

webspy
	sends URLs sniffed from a client to your local Netscape
	browser for display, updated in real-time (as the target
	surfs, your browser surfs along with them, automagically).
	a fun party trick. :-)

-d.

---
http://www.monkey.org/~dugsong/

More Repositories

1

the_silver_searcher

A code-searching tool similar to ack, but faster.
C
26,124
star
2

jekyll-gallery-generator

A Jekyll plugin that generates photo galleries from directories full of images.
Ruby
350
star
3

lscolors

LSCOLORS Generator
HTML
302
star
4

fsevents-tools

Like inotify-tools but for OS X's FSEvents
C
264
star
5

dotfiles

Shell
19
star
6

twisted_hang

Hack day project. Figure out if the main thread is hanging, and if so, what's causing it to hang.
Python
17
star
7

linksplosion

Chrome extension to open all links in a selection. Great for when you don't have enough tabs open!
JavaScript
8
star
8

memex_trails

Extension that adds Vannevar Bush's "trails" to Chrome.
JavaScript
7
star
9

cogtrack

A tool to track one's cognitive abilities over time.
JavaScript
7
star
10

CursorHide

OS X utility to hide the mouse cursor if it hasn't been moved recently
Objective-C
7
star
11

stag

Sublime Text Ag
Python
6
star
12

history-stats

A Chrome extension that shows graphs about your history. Basically an excuse for me to play with d3.
JavaScript
4
star
13

wtf

Slack bot hackathon thing. Ignore this
TypeScript
3
star
14

serendipity

More convenient video chat
TypeScript
3
star
15

sublime-copy-github-link

Python
3
star
16

crucible

Readability extension for Chrome. Based on the now-defunct readability-redux.
JavaScript
3
star
17

counterforce

Listen for github webhooks and send an e-mail when anyone runs git push --force master.
JavaScript
3
star
18

tail-page

Chrome extension that lets you stay scrolled to the bottom of a page. Particularly helpful for buildbot output.
JavaScript
3
star
19

mpostr

GeoIP Impostor
C
2
star
20

geoff.greer.fm

HTML
2
star
21

cloudkick_tag_exports

Uses the Cloudkick API to build list of IPs for each tag. Handy for automating jobs across a group of servers.
2
star
22

circleci-insights

Use CircleCI Insights API to show which tests fail the most.
TypeScript
1
star
23

react-interview-example

JavaScript
1
star
24

payoff_matrix

Simple web page for displaying payoff matrices
Python
1
star
25

react-redux-example

Example thing that I gave a presentation about
JavaScript
1
star