THC-Parasite 1.2 review
DownloadTHC-Parasite v1.2 allows you to sniff on switched networks by performing ARP man-in-the-middle spoofing
|
|
THC-Parasite v1.2 allows you to sniff on switched networks by performing ARP man-in-the-middle spoofing. Selective targets, DOS and various other features present.
Have you ever sniffed on a switch? Without special tools you will see no (no thats not true, but lets simplify that statement) which is not destined for your machine. This gives you 3 options to do to be able to sniff on the LAN.
1) ARP Spoofing
2) MAC Flooding
3) MAC duplicating
4) Routing attacks
5) hook your laptop to the uplink trunk
1+2+3 are possible with this tool
3 you can also do with any linux/solaris/etc. via the ifconfig command
4 I know no good tools for this (except icmp_redir)
5 needs physical access to the switch component.
For 2, there are already a few tools available, the best is the one by Dug Song as part of dsniff. See http://www.monkey.org/~dugsong/ For 1, you will only find tools which send fake ARP packets to defined single machines. This is not effective if you want to sniff the whole LAN. Thats what this tool is for, bypass the basic switch security to be able to see all traffic on the LAN.
With this tool you can NOT sniff on a different VLAN on the same switch! There are other ways to do this ...
What's New in This Release:
made OpenBSD port (tcp/ip config via sysctl)
made Solaris port (tcp/ip config via ndd)
added sysctl support for Linux (before directly /proc writing was done)
added -p percent option, to give a percent chance for every arp request being replied. this is a nice features for DOS.
renamed LINUX_SPEED_HACK to SPEED_HACK as it works as well on Solaris and OpenBSD.
THC-Parasite 1.2 search tags