Forum Thread: Python Credential Sniffer

Python Credential Sniffer

I just finished working on a Python script that helps you automate MitM credential sniffing. It uses Ettercap and Arpspoof. Hoping to add SSLStrip next. It can:

  • Auto-detect the gateway
  • Show the newly found credentials in an easy format
  • Sanitizes the credentials so you don't get a "+" for a space, etc.
  • You can start sniffing in 10 seconds or less

Now, this may not be the cleanest code, but it was worth it. I hope you all enjoy my "magic button" (it's not quite that). :)

Download it here...

Thanks to Ciuffy, R&J, and Cx2H for guiding me with my studies! :)

C|H of C3

19 Responses

Looks well written, I'll check it out soon

From the lands of mornings...
GG!
#C3

Great work hope I can make programmes like this with Python

Really? You don't know how?

You download and python pass-sniff.py.

Looks fantastic! You should write up a tutorial so that us newbies can learn, too!

I might, but I just don't have time. Maybe for my next script.

Also is it possible to implement something similar with C++ ?
Because the socket library isn't built in the C++ standard library(you need a 3rd party one)

If I'm not mistaken, Python can be used like glue... So I think you can use Python with C++ as in, use Python for the parts that require the libraries you don't have in C++ and then import your Python script into your C++.

Someone correct me if I am wrong though.

I want to write it out fully on c++
And yes I think we can inject Python script through dll into a c++ programme
But I want to implement something similar in only c++
What libraries are required cracker hacker ?
I got the socket library(boost asio)

Can't wait to test it out thanks.

EDIT: I mostly made this for pentesting on the fly *hint hint*, so I'm going to be trying to simplify the code, maybe less libraries.

Anywho, I'm going to also add SSL support next, so you can look forward to that.

Nice! really awesome to simplify it for us like that :)

I am by no means an expert but since everyone is now running HSTS and sslstrip is basically useless against that, wouldnt it be better to run an enhanced version of sslstrip like this one https://github.com/singe/sslstrip2 ?

I missed that one. Good call.
Most of the time people don't realize that HSTS is going to ruin the party...
It's from the recent DNS exploiting waves, so I guess we sre going to see new stuff.

cool ... can you make a tutorial on how to use it. am new to python and this kali world

Share Your Thoughts

  • Hot
  • Active