March 22, 2013 at 13:57Updated Intercepter-NG
The new version has both new functionality and the old one updated.
Consider the most noteworthy innovations.
1. PCAP Over IP.
This feature is associated with remote traffic capture and is an excellent replacement for the
old and problematic rpcapd service. The name speaks for itself. Practically on any
Unix there is always a bunch of tcpdump and netcat, with which you can log
traffic to a remote host computer. In this case, Intercepter can open the port
while waiting for the data stream in libpcap format and analyze them in real time.
There is no fundamental difference in the source of the traffic, therefore, besides tcpdump, you can use the cat utility in the same way to read an existing .pcap log.
Here are some usage examples; by default, Intercepter listens on port 2002:
#tcpdump -i face -w - | nc IP 2002
if traffic is planned to be transmitted through the same interface from which the capture is being conducted, then you need to add a filtering rule that excludes service traffic between the server and Intercepter: tcpdump -i face -w - not port 2002 | nc IP 2002
#cat log.pcap | nc IP 2002
#dumpcap -i face -P -w - | nc IP 2002
is an analogue of tcpdump included in Wireshark. The -P flag indicates that packages should be saved in the standard libpcap format, and not in the new pcapng.
2. View Caught Cookies in a Browser (IE). A popular feature for which entire separate applications are created, for example Cookie Cadger.
3. 2 protocols were added to the spoofing mode. Now, in addition to replacing DNS responses, this can be done with NBNS (NetBios Name Service) and LLMNR (Link-local Multicast Name Resolution).
When spoofing DNS names, it became possible to specify a mask, which allows replacing responses to several domains at once (* mail.com) or all subdomains of one domain (* .mail.com).
4. The built-in socks service (when attacking WPAD) now supports the HTTP Inection function.
5. In Expert mode, an option has appeared that allows you to remotely stop the http injection process. Everyone will find the area and method of application for themselves.
Short video review:
You can download it here (the main site is temporarily down)
intercepter.nerf.ru
Feedback, suggestions and questions can be sent by mail or created a topic on the forum.
There is a manual in the form of a wiki page in which you can find answers to many questions.
UPDATE:
They suggested an alternative way to redirect packets without using netcat:
tcpdump> / dev / tcp / ip / port
Consider the most noteworthy innovations.
1. PCAP Over IP.
This feature is associated with remote traffic capture and is an excellent replacement for the
old and problematic rpcapd service. The name speaks for itself. Practically on any
Unix there is always a bunch of tcpdump and netcat, with which you can log
traffic to a remote host computer. In this case, Intercepter can open the port
while waiting for the data stream in libpcap format and analyze them in real time.
There is no fundamental difference in the source of the traffic, therefore, besides tcpdump, you can use the cat utility in the same way to read an existing .pcap log.
Here are some usage examples; by default, Intercepter listens on port 2002:
#tcpdump -i face -w - | nc IP 2002
if traffic is planned to be transmitted through the same interface from which the capture is being conducted, then you need to add a filtering rule that excludes service traffic between the server and Intercepter: tcpdump -i face -w - not port 2002 | nc IP 2002
#cat log.pcap | nc IP 2002
#dumpcap -i face -P -w - | nc IP 2002
is an analogue of tcpdump included in Wireshark. The -P flag indicates that packages should be saved in the standard libpcap format, and not in the new pcapng.
2. View Caught Cookies in a Browser (IE). A popular feature for which entire separate applications are created, for example Cookie Cadger.
3. 2 protocols were added to the spoofing mode. Now, in addition to replacing DNS responses, this can be done with NBNS (NetBios Name Service) and LLMNR (Link-local Multicast Name Resolution).
When spoofing DNS names, it became possible to specify a mask, which allows replacing responses to several domains at once (* mail.com) or all subdomains of one domain (* .mail.com).
4. The built-in socks service (when attacking WPAD) now supports the HTTP Inection function.
5. In Expert mode, an option has appeared that allows you to remotely stop the http injection process. Everyone will find the area and method of application for themselves.
Short video review:
You can download it here (the main site is temporarily down)
intercepter.nerf.ru
Feedback, suggestions and questions can be sent by mail or created a topic on the forum.
There is a manual in the form of a wiki page in which you can find answers to many questions.
UPDATE:
They suggested an alternative way to redirect packets without using netcat:
tcpdump> / dev / tcp / ip / port