NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption.
NetRipper was released at Defcon 23, Las Vegas, Nevada.
It should be able to capture network traffic from: Putty, WinSCP, SQL Server Management Studio, Lync (Skype for Business), Microsoft Outlook, Google Chrome, Mozilla Firefox. The list is not limited to these applications but other tools may require special support.
Injection: NetRipper.exe DLLpath.dll processname.exe Example: NetRipper.exe DLL.dll firefox.exe Generate DLL: -h, --help Print this help message -w, --write Full path for the DLL to write the configuration data -l, --location Full path where to save data files (default TEMP) Plugins: -p, --plaintext Capture only plain-text data. E.g. true -d, --datalimit Limit capture size per request. E.g. 4096 -s, --stringfinder Find specific strings. E.g. user,pass,config Example: NetRipper.exe -w DLL.dll -l TEMP -p true -d 4096 -s user,pass