lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <327646cd0512060244i252561fat8aba5b93ef022abb@mail.gmail.com>
Date: Tue Dec  6 10:44:56 2005
From: ghooti at googlemail.com (Mark Knowles)
Subject: Packet sniffing help needed

Hi all,

I have been thinking about packet sniffing and packet capture - it is
because of all of those alerts in IE - you know the ones - This page
is not encrypted and a 3rd party might be listening.

 I have been doing some googling and not really found much, but then
I am not too sure what I am looking for.

This is the setup I want to explore.

Comp1(victim1) = Windows xp box, Connected via dial up to a free ISP
Comp2(attacker) = windows/*nix, connected via broadband to different
ISP than comp1
Comp3(webserver/victim2)

C1< ----- > C3

C2---?

The image above is my attempt at ascii art - I suppose it represents
the old style wiretap method. where C1 and C3 communicate unaware that
their data is being listened to by C2. C2 has no power to modify the
information.

Is this sort of sniffing possible?  or would it have to be more like

C1 < --- > C2 < --- > C3

Which is how i see MITM attacks working. - I suppose this would be
akin to having the telephone operator relay the message, or a language
interpreter changing the message between clients.

I am currently only looking for http data, although i am assuming that
I will have to filter that after I have gotten it all.

 I do not want to mess with the data, I would just like to view it.
Would this still count as a MITM attack?

 I know its all a bit Hollywood, but i am really curious to see what
information i am transmitting (non https) - and what those warnings
really mean, are they of the McDonald$ coffee "caution contents is
hot" type thing? which i have to say is how i view them.  I understand
how proxies cache and transmit data - are the warnings just about
them?

Any advice/ideas/whacking with a lart greatly received :)

Thanks,

Mark.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ