Welcome back, my tenderfoot hackers!
We have looked at a number of ways that we sniff traffic on the network with such tools as Wireshark, tcpdump, dnsiff, and others, but each of these tools is only capable of pulling packets off the wire.
Those packets can be examined for various attributes such as the source and destination IP address, what port is going to and coming from, the ASCII characters in the packet, and if we're lucky, maybe a password or two. Usually our sniffing is visualized like the Wireshark output below.
What none of these tools do is detect and display graphic files that are passing over the wire. This would require that such a tool would be able to...
- Identify packets containing the binaries for a portion of a graphic file,
- Then combine of the binaries of the packets,
- And then display them.
That is quite a task for any tool to do.
How to See What Images Your Neighbor Is Looking at Online
Fortunately for us, such a tool has been developed, albeit still in beta form. The tool is called driftnet and it was developed by Chris Lightfoot and is packaged with both Kali and BackTrack. Although far from perfect, it gives us the capability to sniff the wire for graphics, audio, or MPEG4 images and display them to an X window.
In our example situation, we'll be trying to determine what kind of images our neighbor is looking at. If you suspect your neighbor of watching pornographic films online, you can get a general idea of what their tastes may be by viewing trends in your area, but we'll be trying to pinpoint exactly what they're looking at instead.
Step 1: Open Kali & Driftnet
Let's fire up Kali and open driftnet. Go to Applications, Kali Linux, Sniffing/Spoofing, Web Sniffers, and then driftnet
When you do, you will be greeted by this driftnet help screen.
Using driftnet is very simple without any options. Simple type the following at the prompt.
- kali >driftnet
When you do so, driftnet will open a small X window screen in the upper left-hand corner as seen in the screenshot below. Expand that screen as large as possible, if you want to see the images going across the wire.
If you do not designate a directory to store the images in (-d switch), driftnet will create a directory within your /tmp directory to store the images it captures.
Step 2: Hack the Network
Next, we need to get inside our neighbors network. We can do this by connecting to his access point (AP) in any of many ways. Check out my tutorials on cracking WEP passwords, WPA2 passwords and using Reaver or coWPAtty to crack WPS.
Maybe even easier, would be to set up an Evil Twin and let your neighbor connect to it. Remember, your neighbor's computer will automatically connect to the strongest AP. You can turn the power up on your AP so that your Evil Twin is stronger than his local AP and he will automatically connect to yours. Then, you can easily sniff all his traffic!
Of course, if it's your own AP and you're curious as to what your child, spouse, or girlfriend is viewing online, you won't need to do any cracking. You simply start sniffing the traffic and capturing the graphic images with driftnet.
I hope it goes without saying that this technique applies equally well to your corporate, school, or other institution's network. The key issue with these wired networks is overcoming the fact that the switch isolates traffic, but this can be overcome in a number of different ways such as MAC flooding or using dsniff.
Step 3: View the Graphic Files
Now, let's go back to the driftnet X window screen to see what are neighbor has been viewing
Hmm...looks like he hasn't been viewing porn at all, but rather the latest Sport Illustrated Swimsuit issue!
Step 4: View the Tmp Directory
The viewer in driftnet is great to view what is crossing the wire in real-time, but driftnet also captures the images and places them on your computer in the /tmp directory. Navigate to the /tmp with the following.
- kali > cd /tmp
Then, list all the directories there.
- kali > ls -l
At the very top of my screen and the directory listing, you can see a new directory named drifnet-y46mNv. Note that driftnet is spelled incorrectly. After all, it is only a beta.
Next, navigate to that directory.
- kali > cd drifnet-y46mNv
And then list the contents.
- kali > ls -l
Here we can see all the images that driftnet captured as we were sniffing our neighbor's traffic. Driftnet can also be used to capture MPEG4 files and audio files, but I'll leave that for another day.
Driftnet is one of those open source tools that does the job, but still needs a bit of refinement. In our case, it enabled us to snoop on our neighbors Internet viewing. We'll explore more of driftnet's capabilities in future tutorials, so keep coming back, my tenderfoot hackers!
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
34 Comments
I can't get any images... I just opened driftnet and no pictures is there, even tho I tried to open pix on my own laptop and still nothing is there... I viewed many pix on google images and also viewed them in a separate page... and nothing is there... am I doing something wrong or something? and is it applies only for computers connected via ethernet? if not, does it works on other devices? like phones, tabs, etc...
Hi, maybe its because google uses https try using SSLstrip.
It should work on wlan or eth.
If you install it on your phone or pad, it will work there as well.
Are there image files in the directory?
OTW, can I ask what your virtual setup is? I cannot figure out how to get mine to work. What kind of virtual software do you use?
Cameron:
I use both Virtual Box and VMWare Workstation. Workstation is more reliable and stable.
Maybe you should consider a dual boot setup?
That sounds like it would get rid of the virtual machine issues. Where could I find a tutorial to set up a dual boot on my macbook air?
Google?
Haha! Agreed! I will google.
I'm not sure I understand why people have so many issues with virtualization, and can be so against it. I think it is a great tool, especially in learning hacking. You can setup entire environments to learn in at little to no cost, then just rebuild them in minutes to fit what you need next. I have done it for years with little issues.
I agree.
Why don't you write an article on setting up a virtual environment?
I love virtualization, don't get me wrong. It just causes problems with my MITM attack, which pretty much takes the piss out of me.
My driftnet only seems to work when I arpspoof myself in the middle of my target and the router which is alright with me, but is it supposed to work without that?
EDIT: nevermind, it works without arpspoof, It just only seems to work on non-https sites
I made a directory and everything, but it doesnt capture anything.. why?
could you do some of the basic linux tutorials again on kali because many of the commands dont seem to work
Jackson:
Welcome to Null Byte!
Kali is built on debian and Backtrack on ubuntu so there are some differences. I'll try to do a tutorial on the differences.
OTW
great thanks
well it worked now.. but It doesn't work on other computers.. like I opened images on another computer... It doesnt show me anything
Ahmed:
On a wired switched network, you need to overcome the isolation od the switch.
OTW
Hi am using Kali, and it dont working for me.
i tried on 2 Pc's and 2 internet accounts , both had same result :(
Brook:
Are you running in a vm? Are you using wired or wireless? Can you capture your own images?
OTW
this is what i see, on live USB, not able to do full dual install yet as i have not been able to found fix for grub boot not working on window 8 laptop, after a number of times its tell me that install was successful and then it never boots :(
Brook:
You have two direvtories there with images. You need to cd into them.
OTW
thanks - )
anyone know a good tutorial on SSH and using free vps? looking at using Putty
This is old but going to put this out there anyway for anyone reading this article now. If using windows, which I assume you are talking putty, there is a great software for this called MobaXterm for windows. Enjoy! =)
Hi OTW
Thanks for this. I have a different question.
I got heartbleed from github under openssl and i incorporated it on my metasploit framework....I have tried loading it as an exploit to test my servers without much success. Kindly tell me how it works.
Regards Evil Genious.
if i scan ip's of poker rooms i only get the server ip
i dont get of the pepol in the room
sorry im from holland and i cant speak the language verry wel
Wow, our wee community has expanded greatly in my absence, whether this is a good or bad thing remains to be seen. Another great tutorial on a often overlooked tool, master. Not particularly commercially viable but interesting none the less. Now if only everyone could be educated to target child pornography propagators and so on and so forth.
Hi.
I'm capable of getting images I request on the laptop I'm running driftnet. But, unfortunatey, I don't seem to be able to capture images from another computer (connected to the same AP).
Did I miss an option or am I just being a noob?
(using kali)
Thanks
Is it possible to capture MPEG4 files using driftnet. I think it is not possible (searched a lot in google :P ). If yes, please explain how to do that. I know that you can capture audio files.
Thank you.
Hi, im a new member :) im learning and i would like to know if there is a way i can for example scroll to top on the driftnet X window.
I know i can access the images in the folder :)
Sorry for any error on my english
Thanks
Can I do this to android phones connected to my wifi
I get messages like image too small to mess with. I want to see ALL images all sizes. Also, how do I get it to display them entirely, not just the corner of an image for example if they ar looking at wallpaper for their winblows OS? Is there a conf file to tweak? Or perhaps a command I am missing? ANy ideas, suggestions, or thoughts? Thanks in advance! =)
I have tried to use driftnet with like 10 different tutorials, all slightly different and NONE of them work AT ALL. Any assistance is appreciated. Running Parrot Security, which is basically a customized Kali (debian base) PLEASE HELP
Share Your Thoughts