danmcinerney / net-creds Goto Github PK
View Code? Open in Web Editor NEWSniffs sensitive data from interface or pcap
License: GNU General Public License v3.0
Sniffs sensitive data from interface or pcap
License: GNU General Public License v3.0
Hi,
Any chance we can get the frame number for a result added to the output? This would aid in validation of the results as we could then open the pcap in wireshark and spot check result output.
Thanks!
Please add capture POST request by mask, cap all POST requests that have "login","pass","email" field and custom phazes.
Investigate.
Hello, I'm running this script on Ubuntu and it doesn't capture anything except traffic from the machine on which the script is running. I've tried enabling promiscuous mode on my wireless interface but that doesn't seem to change anything. Has anyone else seen this / have any mitigations?
sudo python net-creds.py
File "net-creds.py", line 75
ipr = Popen([‘/usr/local/bin/ip’, 'route'], stdout=PIPE, stderr=DN)
^
SyntaxError: invalid syntax
I'm having this issue running net-creds.py on a macbook air with mavericks. I followed epocs instructions and here is the error I'm getting,
Traceback (most recent call last):
File "net-creds.py", line 7, in
from scapy.all import *
File "/Library/Python/2.7/site-packages/scapy/all.py", line 16, in
from arch import *
File "/Library/Python/2.7/site-packages/scapy/arch/init.py", line 75, in
from bsd import *
File "/Library/Python/2.7/site-packages/scapy/arch/bsd.py", line 12, in
from unix import *
File "/Library/Python/2.7/site-packages/scapy/arch/unix.py", line 20, in
from pcapdnet import *
File "/Library/Python/2.7/site-packages/scapy/arch/pcapdnet.py", line 173, in
import dnet
ImportError: No module named dnet
Hope someone can help.
Thanks
Control the index access of arrays, be care with incomplete streams
POST load:
Traceback (most recent call last):
File "./net-creds.py", line 995, in
main(parse_args())
File "./net-creds.py", line 972, in main
pkt_parser(pkt)
File "./net-creds.py", line 195, in pkt_parser
other_parser(src_ip_port, dst_ip_port, full_load, ack, seq, pkt, parse_args().verbose)
File "./net-creds.py", line 639, in other_parser
netntlm_found = parse_netntlm(authenticate_header, authorization_header, headers, ack, seq)
File "./net-creds.py", line 700, in parse_netntlm
parse_netntlm_chal(headers, chal_header, ack)
File "./net-creds.py", line 821, in parse_netntlm_chal
msg2 = header_val2[1]
IndexError: list index out of range
I'd like to see an argument to output the datetime with the message. Something like:
root@server:/root/sandbox/net-creds> python net-creds.py -d
[*] Using interface: ens33
[2015-03-04 18:26:41] [192.168.1.2] GET cnn.com/
Check it out: https://github.com/colinmcintosh/net-creds/tree/dev
If you're okay with it I can send a pull request
Working with big pcap files, there are a lot of repeated output,
It will very useful not show repeated data.
$ pip install pypcap
fails with:
clang -fno-strict-aliasing -fno-common -dynamic -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -mno-fused-madd -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_PCAP_SETNONBLOCK=1 -DHAVE_PCAP_COMPILE_NOPCAP=1 -DHAVE_PCAP_FILE=1 -I/usr/include/pcap -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c pcap.c -o build/temp.macosx-10.8-intel-2.7/pcap.o
clang: error: unknown argument: '-mno-fused-madd' [-Wunused-command-line-argument-hard-error-in-future]
clang: note: this will be a hard error (cannot be downgraded to a warning) in the future
error: command 'clang' failed with exit status 1
I tried, to no avail, a suggested workaround:
sudo ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future gem install pcap
Any other ideas?
Context:
After jumping through the usual hoops to get things running on an OS X machine, the final barrier that I've run into is the lack of /sbin/ip being installed on OS X. I can't seem to find a way to install it, so I'm wondering if there's a workaround. Traceback attached below:
Traceback (most recent call last):
File "/Users/admin/Desktop/net-creds.py", line 971, in <module>
main(parse_args())
File "/Users/admin/Desktop/net-creds.py", line 961, in main
conf.iface = iface_finder()
File "/Users/admin/Desktop/net-creds.py", line 73, in iface_finder
ipr = Popen(['/sbin/ip', 'route'], stdout=PIPE, stderr=DN)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 710, in __init__
errread, errwrite)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1335, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
when i run: sudo python2 net-creds.py
i get a import error.
Sniffing HTTPs authentications.
Just tried 2to3 to convert your script from python 2 to 3 but errors raised at execution runtime.
Any chance to rewrite it under python 3 ?
Thanks.
┌──(kali㉿kali)-[~/net-creds]
└─$ ./net-creds.py
Traceback (most recent call last):
File "./net-creds.py", line 38, in
logging.basicConfig(filename='credentials.txt',level=logging.INFO)
File "/usr/lib/python2.7/logging/init.py", line 1554, in basicConfig
hdlr = FileHandler(filename, mode)
File "/usr/lib/python2.7/logging/init.py", line 920, in init
StreamHandler.init(self, self._open())
File "/usr/lib/python2.7/logging/init.py", line 950, in _open
stream = open(self.baseFilename, self.mode)
IOError: [Errno 13] Permission denied: '/home/kali/net-creds/credentials.txt'
┌──(kali㉿kali)-[~/net-creds]
└─$ sudo python3 net-creds.py
[sudo] password for kali:
File "/home/kali/net-creds/net-creds.py", line 952
print print_str
^^^^^^^^^^^^^^^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?
Traceback (most recent call last):
File "net-creds.py", line 1001, in
main(parse_args())
File "net-creds.py", line 978, in main
pkt_parser(pkt)
File "net-creds.py", line 183, in pkt_parser
mail_creds_found = mail_logins(full_load, src_ip_port, dst_ip_port, ack, seq)
File "net-creds.py", line 500, in mail_logins
mail_decode(src_ip_port, dst_ip_port, mail_creds)
File "net-creds.py", line 402, in mail_decode
printer(src_ip_port, dst_ip_port, msg)
File "net-creds.py", line 947, in printer
if msg in contents:
UnicodeDecodeError: 'ascii' codec can't decode byte 0x96 in position 1778: ordinal not in range(128)
Running in Kali Linux 2.0 with Python 2.7.9.
Thank you.
Getting this on a net-creds run while doing ARP Spoofing:
Traceback (most recent call last): File "net-creds.py", line 1003, in <module> main(parse_args()) File "net-creds.py", line 999, in main sniff(iface=conf.iface, prn=pkt_parser, store=0) File "/usr/lib/python2.7/site-packages/scapy/sendrecv.py", line 780, in sniff r = prn(p) File "net-creds.py", line 199, in pkt_parser other_parser(src_ip_port, dst_ip_port, full_load, ack, seq, pkt, parse_args().verbose) File "net-creds.py", line 643, in other_parser netntlm_found = parse_netntlm(authenticate_header, authorization_header, headers, ack, seq) File "net-creds.py", line 707, in parse_netntlm parse_netntlm_chal(headers, chal_header, ack) File "net-creds.py", line 831, in parse_netntlm_chal parse_ntlm_chal(msg2, ack) File "net-creds.py", line 844, in parse_ntlm_chal assert(msg_type==2) AssertionError
Traceback (most recent call last):
File "net-creds.py", line 15, in
from urllib import unquote
ImportError: cannot import name 'unquote' from 'urllib' (/usr/lib64/python3.8/urllib/init.py)
python: 3.8.3
pip: pip 19.3.1 from /usr/lib/python3.8/site-packages/pip (python 3.8)
Please, help me.
Hello, I have the following errors
root@localhost:~/git/net-creds# python2 net-creds.py Traceback (most recent call last): File "net-creds.py", line 1003, in <module> main(parse_args()) File "net-creds.py", line 993, in main conf.iface = iface_finder() File "net-creds.py", line 76, in iface_finder ipr = Popen(['/sbin/ip', 'route'], stdout=PIPE, stderr=DN) File "/usr/lib/python2.7/subprocess.py", line 394, in __init__ errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory
The incorrect base64 padding exception must be controlled, for avoiding crashes:
POST load:
Traceback (most recent call last):
File "./net-creds.py", line 995, in
main(parse_args())
File "./net-creds.py", line 972, in main
pkt_parser(pkt)
File "./net-creds.py", line 195, in pkt_parser
other_parser(src_ip_port, dst_ip_port, full_load, ack, seq, pkt, parse_args().verbose)
File "./net-creds.py", line 644, in other_parser
parse_basic_auth(src_ip_port, dst_ip_port, headers, authorization_header)
File "./net-creds.py", line 689, in parse_basic_auth
basic_auth_creds = base64.decodestring(basic_auth_b64)
File "/usr/lib/python2.7/base64.py", line 321, in decodestring
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.