Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label MITM. Show all posts
Showing posts with label MITM. Show all posts

Sunday, January 28, 2018

Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan - GhostInTheNet




Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan.

Properties:
  • Network Invisibility
  • Network Anonymity
  • Protects from MITM/DOS
  • Transparent
  • Cross-platform
  • Minimalistic

Dependencies:
  • Linux 2.4.26+ - will work on any Linux-based OS, including Whonix and RaspberryPI
    • BASH - the whole script
    • root privileges - for kernel controlling

Limitations:
  • You can still be found with VLAN logs if using ethernet or by triangulation/broadcast if using WiFi
  • MAC spoofing won't work if appropriate mitigations has been taken, like DAI or sticky MAC
  • Might be buggy with some CISCO switches
  • Not suitable for production servers

How it works
The basic and primary network protocol is ARP for IPv4 and NDP (ICMPv6) for IPv6, located in the link and network layer, provides main connectivity in a LAN.
Despite its utility and simplicity, it has numerous vulnerabilities that can lead to a MITM attack and leak of confidentiality.
Patching of such a widely used standard is a practically impossible task.
A very simple, but at the same time effective solution is to disable ARP and NDP responses on an interface and be very cautious with broadcasting.
Considering the varieties of implementations, this means that anyone in the network wouldn't be able to communication with such host, only if the host is willing it-self.
The ARP/NDP cache will be erased quickly afterwards.
Here is an example schema:
A >>> I need MAC address of B >>> B

A <<< Here it is <<< B

A <<< I need MAC address of A <<< B

A >>> I'm not giving it >>> B
To increase privacy, it's advised to spoof the MAC address, which will provide a better concealment.
All this is possible using simple commands in Linux kernel and a script that automates it all.

Analysis
No ARP/NDP means no connectivity, so an absolute stealth and obscurity on the network/link layer.
This protects from all possible DOSes and MITMs (ARP, DNS, DHCP, ICMP, Port Stealing) and far less resource consuming like ArpON.
Such mitigation implies impossibility of being scanned (nmap, arping).
Besides, it doesn't impact a normal internet or LAN connection on the host perspective.
If you're connecting to a host, it will be authorised to do so, but shortly after stopping the communication, the host will forget about you because, ARP/NDP tables won't stay long without a fresh request.
Regarding the large compatibility and cross-platforming, it's very useful for offsec/pentest/redteaming as well.
You see everyone, but nobody sees you, you're a ghost.
Mitigation and having real supervision on the network will require deep reconfiguration of OSes, IDPSes and all other equipement, so hardly feasible.

HowTo
You can execute the script after the connection to the network or just before:
sudo GhostInTheNet.sh on eth0
This will activate the solution until reboot.
If you want to stop it:
sudo GhostInTheNet.sh off eth0
Of course, you will have to make the script executable in the first place:
chmod u+x GhostInTheNet.sh

Notes
ARP/NDP protocol can be exploited for defensive purpose.
Now your Poisontap is literally undetectable and your Tails is even more anonymous.
You should learn some stuff about IPv6.




Share:

Monday, January 2, 2017

Poison, Reset, Spoof, Redirect MITM Script - creak



Performs some of the most famous MITM attack on target addresses located in a local network. Among these, deny navigation and download capabilities of a target host in the local network performing an ARP poison attack and sending reset TCP packets to every request made to the router. Born as a didactic project for learning python language, I decline every responsibility for any abuse, including malevolent or illegal use of this code.

Installation
$ git clone https://github.com/codepr/creak.git
$ cd creak
$ python setup.py install
or simply clone the repository and run the creak.py after all requirements are installed:
$ git clone https://github.com/codepr/creak.git
It is required to have installed pcap libraries for raw packet manipulations and dpkt module, for dns spoofing options is required to have installed dnet module from libdnet package, do not confuse it with pydnet (network evaluation tool) module. It can use also scapy if desired, can just be set in the config.py file.

Options
Usage: creak.py [options] dev

Options:
  -h, --help           show this help message and exit
  -1, --sessions-scan  Sessions scan mode
  -2, --dns-spoof      Dns spoofing
  -3, --session-hijack Try to steal a TCP sessions by desynchronization (old technique)
  -x, --spoof          Spoof mode, generate a fake MAC address to be used
                       during attack
  -m MACADDR           Mac address octet prefix (could be an entire MAC
                       address in the form AA:BB:CC:DD:EE:FF)
  -M MANUFACTURER      Manufacturer of the wireless device, for retrieving a
                       manufactur based prefix for MAC spoof
  -s SOURCE            Source ip address (e.g. a class C address like
                       192.168.1.150) usually the router address
  -t TARGET            Target ip address (e.g. a class C address like
                       192.168.1.150), can be specified multiple times
  -p PORT              Target port to shutdown
  -a HOST              Target host that will be redirect while navigating on
                       target machine
  -r REDIR             Target redirection that will be fetched instead of host
                       on the target machine
  -v, --verbose        Verbose output mode
  -d, --dotted         Dotted output mode

Example
Most basic usage: Deny all traffic to the target host
$ python creak.py -t 192.168.1.30 wlan0
Set a different gateway:
$ python creak.py -s 192.168.1.2 -t 192.168.1.30 wlan0
Set a different mac address for the device:
$ python creak.py -m 00:11:22:33:44:55 -t 192.168.1.30 wlan0
Spoof mac address generating a fake one:
$ python creak.py -x -t 192.168.1.30 wlan0
Spoof mac address generating one based on manufacturer(e.g Xeros):
$ python creak.py -x -M xeros -t 192.168.1.30 wlan0
DNS spoofing using a fake MAC address, redirecting ab.xy to cd.xz(e.g. localhost):
$ python creak.py -x -M xeros -t 192.168.1.30 -a www.ab.xy -r www.cd.xz wlan0
Deny multiple hosts in the subnet:
$ python creak.py -x -t 192.168.1.30 -t 192.168.1.31 -t 192.168.1.32 wlan0



Share:

Sunday, August 7, 2016

Efficient And Advanced Man In The Middle Framework - Xerosploit



Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap .

Dependencies
  • nmap
  • hping3
  • build-essential
  • ruby-dev
  • libpcap-dev
  • libgmp3-dev
  • tabulate
  • terminaltables

Instalation
Dependencies will be automatically installed.
git clone https://github.com/LionSec/xerosploit
cd xerosploit && sudo python install.py
sudo xerosploit

Tested on
Operative system Version
Ubuntu 16.10 / 15.10
Kali linux Rolling / Sana
Parrot OS 3.1

Features
  • Port scanning
  • Network mapping
  • Dos attack
  • Html code injection
  • Javascript code injection
  • Download intercaption and replacement
  • Sniffing
  • Dns spoofing
  • Background audio reproduction
  • Images replacement
  • Drifnet
  • Webpage defacement and more ...

Contact


Share:

Thursday, June 30, 2016

Ruby In The Middle (HTTP/HTTPS Interception Proxy) - RITM



Ruby in the middle (RITM) is an HTTP/HTTPS interception proxy with on-the-fly certificate generation and signing, which leaves the user with the full power of the Ruby language to intercept and even modify requests and responses as she pleases.

Installation

    gem install ritm   

Basic usage
  1. Write your interception handlers
    require 'ritm'

    # A single answer for all your google searches
    Ritm.on_request do |req|
    if req.request_uri.host.start_with? 'www.google.'
    new_query_string = req.request_uri.query.gsub(/(?<=^q=|&q=)(((?!&|$).)*)(?=&|$)/, 'RubyInTheMiddle')
    req.request_uri.query = new_query_string
    end
    end

    my_picture = File.read('i_am_famous.jpg')

    # Replaces every picture on the web with my pretty face
    Ritm.on_response do |_req, res|
    if res.header['content-type'] && res.header['content-type'].start_with?('image/')
    res.header['content-type'] = 'image/jpeg'
    res.body = my_picture
    end
    end
  2. Start the proxy server
    proxy = Ritm::Proxy::Launcher.new
    proxy.start

    puts 'Hit enter to finish'
    gets

    proxy.shutdown
  3. Configure your browser
    Or whatever HTTP client you want to intercept traffic from, to connect to the proxy in localhost:8080
  4. Browse the web!
    For the examples above, search anything in google and also visit your favorite newspaper website.

Trusting self-signed certificates generated by RITM

With the previous example your client might have encountered issues when trying to access HTTPS resources. In some cases you can add an exception to your browser (or instruct your http client not to verify certificates) but in some other cases you won't be able to add exceptions. The reason for this is that in order to decrypt and to be able to modify SSL traffic, RITM will have to be the one doing the SSL negotiatiation with the client (using its own set of certificates) and then it will establish a separate SSL session towards the server. I.e.:

Client <--- SSL session ---> RITM <--- SSL session ---> Server

For every different server's hostname your client tries to communicate with, RITM will generate a certificate on the fly and sign it with a pre-configured Certificate Authority (CA). So, in order to be able to establish a secure connection you will need to configure your client (e.g. browser) to trust RITM's CA.

For security reasons, every time you start RITM's proxy with the default settings it will generate a new internal Certificate Authority. To use your own CA instead (so it can be loaded and trusted by your browser) perform the following steps:
  1. Generate a Certificate Authority PEM and Private Key files
    You can use OpenSSL or RITM to generate these two files. With OpenSSL:
    openssl req -new -nodes -x509 -days 365 -extensions v3_ca -keyout insecure_ca.key -out insecure_ca.crt
    Or with RITM:
    require 'ritm/certs/ca'

    ca = Ritm::CA.create common_name: 'InsecureCA'

    File.write('insecure_ca.crt', ca.pem)
    File.write('insecure_ca.key', ca.private_key.to_s)
  2. Repeat step 2 from the previous example, this time indicating what CA should be used to sign certificates
    proxy = Ritm::Proxy::Launcher.new(ca_crt_path: 'path/to/insecure_ca.crt',
    ca_key_path: 'path/to/insecure_ca.key')
    proxy.start

    puts 'Hit enter to finish'
    gets

    proxy.shutdown
  3. Trust the CA certificate into your browser or client
    I'll leave it to you to figure out how this is done in your browser or client.
  4. Surf the web!
  5. When you are done Remove the CA from your trusted authorities!
    Or take really good care of the CA private key since anyone in possession of that key will be capable of decrypting all your traffic! Also notice that when using the proxy every server will be automatically trusted even if the end server certificate is not valid.

Share:

Sunday, March 6, 2016

Multipurpose Sniffer - Ettercap



Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.






Functionality

Ettercap works by putting the network interface into promiscuous mode and by ARP poisoning the target machines. Thereby it can act as a ‘man in the middle’ and unleash various attacks on the victims. Ettercap has plugin support so that the features can be extended by adding new plugins.

Features

Ettercap supports active and passive dissection of many protocols (including ciphered ones) and provides many features for network and host analysis. Ettercap offers four modes of operation:

ºIP-based: packets are filtered based on IP source and destination.
ºMAC-based: packets are filtered based on MAC address, useful for sniffing connections through a gateway.
ºARP-based: uses ARP poisoning to sniff on a switched LAN between two hosts (full-duplex).
ºPublicARP-based: uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (half-duplex).




In addition, the software also offers the following features:


Character injection into an established connection: characters can be injected into a server (emulating commands) or to a client (emulating replies) while maintaining a live connection.

SSH1 support: the sniffing of a username and password, and even the data of an SSH1 connection. Ettercap is the first software capable of sniffing an SSH connection in full duplex.

HTTPS support: the sniffing of HTTP SSL secured data—even when the connection is made through a proxy.

Remote traffic through a GRE tunnel: the sniffing of remote traffic through a GRE tunnel from a remote Cisco router, and perform a man-in-the-middle attack on it.

Plug-in support: creation of custom plugins using Ettercap’s API.

Password collectors for: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG

Packet filtering/dropping: setting up a filter that searches for a particular string (or hexadecimal sequence) in the TCP or UDP payload and replaces it with a custom string/sequence of choice, or drops the entire packet.

OS fingerprinting: determine the OS of the victim host and its network adapter.

Kill a connection: killing connections of choice from the connections-list.

Passive scanning of the LAN: retrieval of information about hosts on the LAN, their open ports, the version numbers of available services, the type of the host (gateway, router or simple PC) and estimated distances in number of hops.


Hijacking of DNS requests.


Dependencies:

ºLibpcap & dev libraries
ºLibnet1 & dev libraries
ºLibpthread & dev libraries
ºZlibc
ºLibtool
ºCMake 2.6
ºFlex
ºBison
ºSSL Dissection Required Dependencies
ºLibSSL & dev libraries
ºGTK Related Dependencies
ºLibGTK & dev libraries
ºNCurses Related Dependencies
ºLibncurses & dev libraries
ºFilter Related Regex Dependencies
ºLibpcre & dev libraries




Share:

Saturday, February 20, 2016

Mac OSX Arp Spoof (MITM) Tool - Arpy




Arpy is an easy-to-use ARP spoofing MiTM tool for Mac. It provides 3 targeted functions:
  • Packet Sniffing
  • Visited Domains
  • Visited Domains with Gource

Each function will be explained below.

Tested OS (to date)
  • Darwin 14.3.0 Darwin Kernel Version 14.3.0 (Mac OS X)

Requirements
  • Python 2.7
  • Gource
  • Scapy

Installation

Gource
brew install gource

Scapy
pip install scapy

Sample Commands


ivanvza:~/ > sudo arpy
_____
| _ |___ ___ _ _
| | _| . | | |
|__|__|_| | _|_ |
MiTM Tool |_| |___|
v3.15 -@viljoenivan

Usage: arpy -t <Target IP> -g <Gateway IP> -i <Interface>

ARP MiTM Tool

Options:
-h, --help show this help message and exit
-t TARGET, --target=TARGET
The Target IP
-g GATEWAY, --gateway=GATEWAY
The Gateway
-i INTERFACE, --interface=INTERFACE
Interface to use
--tcp Filters out only tcp traffic
--udp Filters out only udp traffic
-d D_PORT, --destination_port=D_PORT
Filter for a destination port
-s S_PORT, --source_port=S_PORT
Filter for a source port
--sniff Sniff all passing data
--sniff-dns Sniff only searched domains
--sniff-dns-gource Output target's DNS searches in gource format
-v Verbose scapy packet print


Packet Sniff

This is the packet sniffer, it allows you to see your target's traffic.


ivanvza:~/ > sudo arpy -t 192.168.1.3 -g 192.161.1.1 -i en0 --sniff
_____
| _ |___ ___ _ _
| | _| . | | |
|__|__|_| | _|_ |
MiTM Tool |_| |___|
v3.15 -@viljoenivan


[Info] Starting Sniffer...

[Info] Enabling IP Forwarding...
[Info] Filter: ((src host 192.168.1.3 or dst host 192.168.1.3))

[Info] Found the following (IP layer): 192.168.1.3 -> 46.101.34.90
GET / HTTP/1.1
User-Agent: curl/7.37.1
Host: ivanvza.ninja
Accept: */*



[Info] Found the following (IP layer): 46.101.34.90 -> 192.168.1.3
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Accept-Ranges: bytes
ETag: "2719538271"
Last-Modified: Thu, 30 Apr 2015 08:25:15 GMT
Content-Length: 3213
Date: Fri, 29 May 2015 20:15:06 GMT
Server: Microsoft IIS

<html>
<title>><></title>
<body>
<pre style="line-height: 1.25; white-space: pre;">
\ SORRY /
\ /
\ This page does /
] not exist yet. [ ,'|
] [ / |
]___ ___[ ,' |
] ]\ /[ [ |: |
] ] \ / [ [ |: |
] ] ] [ [ [ |: |
] ] ]__ __[ [ [ |: |
] ] ] ]\ _ /[ [ [ [ |: |
] ] ] ] (#) [ [ [ [ :===='
] ] ]_].nHn.[_[ [ [
] ] ] HHHHH. [ [ [
] ] / `HH("N \ [ [
]__]/ HHH " \[__[
] NNN [
] N/" [
] N H [
/ N \
/ q, \
/ \
</pre>
<h3 id="list"><h3>
</body>
<script>

// NOTE: window.RTCPeerConnection is "not a constructor" in FF22/23
var RTCPeerConnection = /*window.RTCPeerConnection ||

DNS Sniff

This function allows you to see domain names that your target is currently requesting.


ivanvza:~/ > sudo arpy -t 192.168.1.4 -g 192.168.1.1 -i en0 --sniff-dns
_____
| _ |___ ___ _ _
| | _| . | | |
|__|__|_| | _|_ |
MiTM Tool |_| |___|
- @viljoenivan


[Info] Starting DNS Sniffer...

[Info] Enabling IP Forwarding...
[Info] Done...
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: www.youtube.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: s2.googleusercontent.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: google.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: s.ytimg.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: fonts.gstatic.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: yt3.ggpht.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: i.ytimg.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing.google.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing-cache.google.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing-cache.google.com.


DNS Sniff With Gource

This function is more or less the same as the above, however it provides the functionality to pass it through Gource to get a live feed of what your target is viewing.


ivanvza:~/ > sudo arpy -t 192.168.1.3 -g 192.161.1.1 -i en0 --sniff-dns-gource
[INFO] For a live gource feed run this command in parallel with this one:

tail -f /tmp/36847parsed_nmap | tee /dev/stderr | gource -log-format custom -a 1 --file-idle-time 0 -

[Info] Filter: ((src host 192.168.1.3 or dst host 192.168.1.3) and dst port 53)



Share:

Wednesday, February 10, 2016

Ghost Phisher



Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot,could be used to service DHCP request , DNS requests or phishing attacks





Features:

ºHTTP Server
ºInbuilt RFC 1035 DNS Server
ºInbuilt RFC 2131 DHCP Server
ºWebpage Hosting and Credential Logger (Phishing)
ºWifi Access point Emulator
ºSession Hijacking (Passive and Ethernet Modes)
ºARP Cache Poisoning (MITM and DOS Attacks)
ºPenetration using Metasploit Bindings
ºAutomatic credential logging using SQlite Database
ºUpdate Support




Operating System Supported

Software runs on any Linux machine with the programs prerequisites,

Prerequisites

The Program requires the following to run properly:
The following dependencies can be installed using the Debian package installer command on Debian based systems using “apt-get install program” or otherwise downloaded and installed manually

ºAircrack-NG
ºPython-Scapy
ºPython Qt4
ºPython
ºSubversion
ºXterm
ºMetasploit Framework (Optional)

Installation

Installation on Debian Package supported systems:

root@host:~# dpkg -i ghost-phisher_1.5_all.deb

The source code for the program can be fetched using the following command on terminal


root@host:~# svn checkout http://ghost-phisher.googlecode.com/svn/Ghost-Phisher/





Share:

Sunday, January 24, 2016

VoIP Sniffer - UCSniff



UCSniff is a Proof of Concept tool to demonstrate the risk of unauthorized recording of VoIP and Video – it can help you understand who can eavesdrop, and from what parts of your network. It is intended for next generation enterprise VoIP/UC Infrastructures that rely on Voice VLANs to segment UC applications for QoS requirements.



UCSniff was born from pentesting and the “VoIP Hopper” tool as an idea to combine automated Voice VLAN Discovery and VLAN Hop with MitM, along with targeted VoIP attacks against users in the VoIP Corporate Directory. Eavesdropping is one of many potential UC-specific attacks that can take place, and UCSniff can be used by other researchers and security professionals as a base tool to explore this idea. UCSniff is a text and GUI application, written in C/C++, that runs in the Linux and Windows OS environment. It is freely available under the GPLv3 license for anyone to download and use.


UCSniff bundles a hodgepodge of previously available open-source applications into a single software package that helps penetration testers assess the security of VoIP calls carried over a client’s network. It also introduces several new features that make eavesdropping on specific targets a point-and-click undertaking.

UCSniff runs on a laptop that can be plugged in to the ethernet port of the organization being probed. From there, a VLAN hopper automatically traverses the virtual local area network until it accesses the part that carries VoIP calls. Once the tool has gained unauthorized access, UCSniff automatically injects spoofed ARP, or address resolution protocol, packets into the network, allowing all voice traffic to be routed to the laptop.

UCSniff streamlines eavesdropping by allowing an attacker to zero in on the conversations of particular users. Targets can be selected by extension number or dial-by-name features, making it easy to listen to all calls made by a specific individual – such as an organization’s CEO. Eavesdropping can be further fine-tuned by listening only to calls


“It’s silently intercepting all the traffic and forwarding it to the phone, so a regular phone user would not be able to tell the difference,”


VoIP Sniffer: UCSniff Features

ºUC Sniffer with VoIP and IP Video Support
ºRealtime Video and VoIP Monitor (SIP)
ºAutomated Voice VLAN Discovery (CDP)
ºVLAN Hop Support
ºSniffing across Ethernet Switches
ºAutomatic creation of forward and reverse RTP audio streams into a single wav file
ºAutomatic creation of two avi files (forward and reverse video) for H.264 Video codec
ºAutomatic recording and saving of conversations using G.711 u-law and a-law codecs
ºAutomatic recording and saving of conversations using G.722, G.729, G.726, G.723 and ºWebRTC iSAC codecs (Note: G.729, G.723, G.726 codecs only work with a 32-bit Linux OS)
ºMitM ARP Poisoning and host management support
ºMonitor Mode (Span Session, Hub)
ºTracking and tracing of users, with logging
ºSupport for Cisco SIP, Cisco Skinny, RFC 3261 SIP
ºSupport for Cisco UCM 6.1, 7.0, 7.1, 8.0.2 Skinny (SCCP)
ºTarget Mode (Target User)
ºCorporate Directory Tool and functions (ACE)
ºARP Saver Tool to restore network in emergencies
ºGratuitous ARP Disablement Bypass
ºTFTP MitM Modification of IP Phone Settings
ºGUI Support in Windows and Linux
ºGUI Skin or Theme selection
ºOnly requires 1 phone (not both) in source VLAN in order to capture entire conversation
ºNew VideoSnarf tool outputs media files (audio, video) from pcap
ºSniffing and logging of Microsoft OCS IM Conversations
ºSupport for eavesdropping on Avaya SIP, Avaya H.323 media re-construction
ºUC Keystroke logger, for interception of dialed keypad digits (SCCP only)
ºAbility to enable/disable audio/video file mixing via checkbox in GUI
ºSupport for user specified command to mix audio and video files


Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition