Security Basics mailing list archives
Re: urlsnarf woes
From: "Marcello 'R.D.O.' Magnifico" <rdo-lists () yashima dyndns-server com>
Date: Wed, 7 Sep 2011 18:22:53 +0200
am I missing something more obvious?
Perhaps the problem can be just avoided. Assuming that you're using some flavor of Linux, you could try and set up a logical interface (i.e. eth0.10 for VLAN #10), a tagged one, on top of a physical one; then, have another sniffer process reading from it. That way, the kernel's network layer is expected to strip away the tag from the top of the ethernet frame: the other sniffer program shall see the incoming traffic as untagged, then decode it properly. I guess you aren't required to set up an IP on the logical interface in order to have a foot in the right VLAN; the setup instructions, in order to do so, could be more/less fast/easy depending on the Linux distribution you're on. For sure, Red Hat Linux and its siblings/derivatives do that with just another configuration file for the new logical interface. The bad about such a solution, apart from forking a potentially high number of processes, have a potentially high number of logical interfaces to tap on and have no assurance that you can shut down something at a given time without loosing new data, is that you need to know in advance which 802.11Q VLAN numbers are in use. This is not such an issue if you are the network manager and/or the VLAN allocation is properly planned. Obviously, if you are asked to secure an undocumented network, you can't count on anything but the data running through it. If another sniffer could tell you just the VLAN tag numbers, a bash/perl/whatever script of yours might parse its output in real time, in order to fire up as many other interfaces+sniffers you need. best regards Marcello Magnifico On Wed, 7 Sep 2011 11:47:54 +0100 Bog Witch <iambogwitch () gmail com> wrote:
Hi All, I have used urlsnarf to good effect in previous organisations. I am currently running a full capture of the external interface where I currently work, dsniff is providing good results, along with mailsnarf however urlsnarf is not providing me with any output. The only thing I can distiguish between this trafffic and traffic tht provides a urlsnarf output is that the failing traffic is VLAN tagged. Is it possible to manipulate urlsnarf to ignore the VLAN tag in order for me to capture URLs, is there a newer, VLAN aware tool I could be using or am I missing something more obvious? Thanks, Bog ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- urlsnarf woes Bog Witch (Sep 07)
- Re: urlsnarf woes Paul Halliday (Sep 07)
- Re: urlsnarf woes Marcello 'R.D.O.' Magnifico (Sep 07)
- Re: urlsnarf woes Bog Witch (Sep 08)
- Re: urlsnarf woes Bog Witch (Sep 08)
- Re: urlsnarf woes Bog Witch (Sep 08)