Security Basics mailing list archives
Re: urlsnarf woes
From: Bog Witch <iambogwitch () gmail com>
Date: Thu, 8 Sep 2011 13:59:22 +0100
A quick update. Although the urlsnarf is still not working, the use of httpry on a VLAN tagged ethernet interface captures the information I was oping to see. Capturing from the raw interface does not work efficiently and only captures the source and destination addresses. Thanks for the help, if anyone has any ideas as to who urlsnarf is not functioning, I would be happy to hear them! Cheers, Bog On Thu, Sep 8, 2011 at 9:59 AM, Bog Witch <iambogwitch () gmail com> wrote:
Hi Marcello, Thanks for that. That has removed the VLAN tag (as verified by Wireshark) but I am still not collecting URLs with urlsnarf. Now I'm heavily confused. Iwas convinced that the VLAN tag was causing the problems and your solution has successfully removed the VLAN tag. If I run urlsnarf on eth0 (Internal network) and run up a browser, I can capture URLs with urlsnarf. When it's running on the external interface, it fails to collect URLs. The traffic is obviously there, as wireshark will happily pick it up. I also have full capture running to file and urlsnarf will not extract the URLs from the capture files either! So, I guess it's something obvious I'm missing. I'll give httpry a go, as suggested by Paul Halliday but I would like to get urlsnarf working as an intellectual exercise if nothing else! Thanks again, Bog On Wed, Sep 7, 2011 at 5:22 PM, Marcello 'R.D.O.' Magnifico <rdo-lists () yashima dyndns-server com> wrote:am I missing something more obvious?Perhaps the problem can be just avoided. Assuming that you're using some flavor of Linux, you could try and set up a logical interface (i.e. eth0.10 for VLAN #10), a tagged one, on top of a physical one; then, have another sniffer process reading from it. That way, the kernel's network layer is expected to strip away the tag from the top of the ethernet frame: the other sniffer program shall see the incoming traffic as untagged, then decode it properly. I guess you aren't required to set up an IP on the logical interface in order to have a foot in the right VLAN; the setup instructions, in order to do so, could be more/less fast/easy depending on the Linux distribution you're on. For sure, Red Hat Linux and its siblings/derivatives do that with just another configuration file for the new logical interface. The bad about such a solution, apart from forking a potentially high number of processes, have a potentially high number of logical interfaces to tap on and have no assurance that you can shut down something at a given time without loosing new data, is that you need to know in advance which 802.11Q VLAN numbers are in use. This is not such an issue if you are the network manager and/or the VLAN allocation is properly planned. Obviously, if you are asked to secure an undocumented network, you can't count on anything but the data running through it. If another sniffer could tell you just the VLAN tag numbers, a bash/perl/whatever script of yours might parse its output in real time, in order to fire up as many other interfaces+sniffers you need. best regards Marcello Magnifico On Wed, 7 Sep 2011 11:47:54 +0100 Bog Witch <iambogwitch () gmail com> wrote:Hi All, I have used urlsnarf to good effect in previous organisations. I am currently running a full capture of the external interface where I currently work, dsniff is providing good results, along with mailsnarf however urlsnarf is not providing me with any output. The only thing I can distiguish between this trafffic and traffic tht provides a urlsnarf output is that the failing traffic is VLAN tagged. Is it possible to manipulate urlsnarf to ignore the VLAN tag in order for me to capture URLs, is there a newer, VLAN aware tool I could be using or am I missing something more obvious? Thanks, Bog ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- urlsnarf woes Bog Witch (Sep 07)
- Re: urlsnarf woes Paul Halliday (Sep 07)
- Re: urlsnarf woes Marcello 'R.D.O.' Magnifico (Sep 07)
- Re: urlsnarf woes Bog Witch (Sep 08)
- Re: urlsnarf woes Bog Witch (Sep 08)
- Re: urlsnarf woes Bog Witch (Sep 08)