Updated Intercepter-NG

    The new version has both new functionality and the old one updated.

    Consider the most noteworthy innovations.

    1. PCAP Over IP.

    This feature is associated with remote traffic capture and is an excellent replacement for the
    old and problematic rpcapd service. The name speaks for itself. Practically on any
    Unix there is always a bunch of tcpdump and netcat, with which you can log
    traffic to a remote host computer. In this case, Intercepter can open the port
    while waiting for the data stream in libpcap format and analyze them in real time.
    There is no fundamental difference in the source of the traffic, therefore, besides tcpdump, you can use the cat utility in the same way to read an existing .pcap log.
    Here are some usage examples; by default, Intercepter listens on port 2002:

    #tcpdump -i face -w - | nc IP 2002

    if traffic is planned to be transmitted through the same interface from which the capture is being conducted, then you need to add a filtering rule that excludes service traffic between the server and Intercepter: tcpdump -i face -w - not port 2002 | nc IP 2002

    #cat log.pcap | nc IP 2002

    #dumpcap -i face -P -w - | nc IP 2002

    is an analogue of tcpdump included in Wireshark. The -P flag indicates that packages should be saved in the standard libpcap format, and not in the new pcapng.

    2. View Caught Cookies in a Browser (IE). A popular feature for which entire separate applications are created, for example Cookie Cadger.

    3. 2 protocols were added to the spoofing mode. Now, in addition to replacing DNS responses, this can be done with NBNS (NetBios Name Service) and LLMNR (Link-local Multicast Name Resolution).

    When spoofing DNS names, it became possible to specify a mask, which allows replacing responses to several domains at once (* mail.com) or all subdomains of one domain (* .mail.com).

    4. The built-in socks service (when attacking WPAD) now supports the HTTP Inection function.

    5. In Expert mode, an option has appeared that allows you to remotely stop the http injection process. Everyone will find the area and method of application for themselves.

    Short video review:

    You can download it here (the main site is temporarily down)

    Feedback, suggestions and questions can be sent by mail or created a topic on the forum.
    There is a manual in the form of a wiki page in which you can find answers to many questions.


    They suggested an alternative way to redirect packets without using netcat:
    tcpdump> / dev / tcp / ip / port

    Also popular now: