DSniff 2.3

DSniff project is a collection of tools for network auditing and penetration testing

Developer:	Dug Song more software by author →
Price:	0.00
License:	GPL (GNU General Public License)
File size:	123K
Language:
OS:
Rating:	3 /5 (5 votes)
Your vote:
enlarge screenshot

DSniff project is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).

arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

I wrote these tools with honest intentions - to audit my own network, and to demonstrate the insecurity of most network application protocols. Please do not abuse this software.

Requirements:

Berkeley DB

OpenSSL

libpcap

libnids

libnet

arpspoof

redirect packets from a target host (or all hosts) on the LAN intended for another local host by forging ARP replies. this is an extremely effective way of sniffing traffic on a switch. kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter :-) must be turned on ahead of time.

dnsspoof

forge replies to arbitrary DNS address / pointer queries on the LAN. this is useful in bypassing hostname-based access controls, or in implementing a variety of man-in-the-middle attacks (HTTP, HTTPS, SSH, Kerberos, etc).

dsniff

password sniffer. handles FTP, Telnet, SMTP, HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase and Microsoft SQL auth info.

dsniff automatically detects and minimally parses each application protocol, only saving the interesting bits, and uses Berkeley DB as its output file format, only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).

filesnarf

saves selected files sniffed from NFS traffic in the current working directory.

macof

flood the local network with random MAC addresses (causing some switches to fail open in repeating mode, facilitating sniffing). a straight C port of the original Perl Net::RawIP macof program.

mailsnarf

a fast and easy way to violate the Electronic Communications Privacy Act of 1986 (18 USC 2701-2711), be careful. outputs selected messages sniffed from SMTP and POP traffic in Berkeley mbox format, suitable for offline browsing with your favorite mail reader (mail -f, pine, etc.).

msgsnarf

record selected messages from sniffed AOL Instant Messenger, ICQ 2000, IRC, and Yahoo! Messenger chat sessions.

sshmitm

SSH monkey-in-the-middle. proxies and sniffs SSH traffic redirected by dnsspoof(8), capturing SSH password logins, and optionally hijacking interactive sessions. only SSH protocol version 1 is (or ever will be) supported - this program is far too evil already.

tcpkill

kills specified in-progress TCP connections (useful for libnids-based applications which require a full TCP 3-whs for TCB creation).

tcpnice

slow down specified TCP connections via "active" traffic shaping. forges tiny TCP window advertisements, and optionally ICMP source quench replies.

urlsnarf

output selected URLs sniffed from HTTP traffic in CLF (Common Log Format, used by almost all web servers), suitable for offline post-processing with your favorite web log analysis tool (analog, wwwstat, etc.).

webmitm

HTTP / HTTPS monkey-in-the-middle. transparently proxies and sniffs web traffic redirected by dnsspoof(8), capturing most "secure" SSL-encrypted webmail logins and form submissions.

webspy

sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time (as the target surfs, your browser surfs along with them, automagically). a fun party trick.
tags

sniffed from the middle traffic redirected and sniffs proxies and logins and urls sniffed tcp connections and optionally your favorite for offline the lan middle attacks

Download DSniff 2.3

http://naughty.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz

Authors software

DSniff 2.3 (by Dug Song)
DSniff project is a collection of tools for network auditing and penetration testing

libdnet 1.11 (by Dug Song)

Fragroute 1.2 (by Dug Song)
Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described

Similar software

DSniff 2.3 (by Dug Song)
DSniff project is a collection of tools for network auditing and penetration testing

ggsniff 1.2 (by Ryba)
ggsniff is a sniffer that allows you to record Gadu-Gadu messages

ntop 3.2 (by Luca Deri)
ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does.

ntop is based on

HTTPCapture 0.4 (by Steve Kemp)
HttpCapture is a core wrapper around the packet-capture library pcap and a framework for building plugins to filter, analyse, or disp

THC-Parasite 1.2 (by The Hacker's Choice)
THC-Parasite v1.2 allows you to sniff on switched networks by performing ARP man-in-the-middle spoofing

OpenSSH 4.5 (by OpenBSD Project)
OpenSSH project is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the In

DNSA 0.5 (by Pierre BETOUIN)
DNSA and DNSA-NG are swiss knife tools for Linux designed to test several DNS security issues.

The most important one is a full wi

Network Probe 3.0 (by Object Planet)
Network Probe and protocol analyzer is the ultimate tool for traffic-level network monitoring, troubleshooting, analysis,

If your ne

Chaosreader 0.94 (by Brendan Gregg)
Chaosreader is an open source tool to trace TCP/UDP/..

angst 0.4b (by Patroklos G. Argyroudis)
Angst is an active sniffer, based on libpcap and libnet

Other software in this category

Nmap 4.20 (by Fyodor)
Nmap is a utility for network exploration or security auditing

iptables 1.3.7 (by Harald Welte)
iptables and netfilter are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel

Linux Bandwidth Arbitrator 9.62 (by astormchaser)
Linux Bandwidth Arbitrator allows beginning-to-advanced network administrators to control bandwidth

Ettercap 0.7.3 (by ALoR NaGA)
Ettercap is a network sniffer/interceptor/logger for ethernet LANs

rdesktop 1.5.0 (by matthewc)
rdesktop is an open source client for Windows NT Terminal Server and Windows 2000/2003 Terminal Services, capable of natively speakin