NetRipper - Smart Traffic Sniffing for Penetration Testers

is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network and encryption related functions from a low privileged user, being able to capture both plain-text and encrypted before encryption/after decryption.

NetRipper was released at Defcon 23, Las Vegas, Nevada.

It should be able to capture network traffic from: Putty, WinSCP, SQL Server Management Studio, Lync (Skype for Business), Microsoft Outlook, Chrome, Mozilla Firefox. The list is not limited to these applications but other tools may require special support.

Command Line:

Injection: NetRipper.exe DLLpath.dll processname.exe  
Example:   NetRipper.exe DLL.dll firefox.exe  

Generate DLL:

  -h,  --help          Print this help message  
  -w,  --write         Full  for the DLL to write the configuration   
  -l,  --location      Full path where to save  files (default TEMP)  


  -p,  --plaintext     Capture only plain-text . E.g. true  
  -d,  --datalimit     Limit capture size per request. E.g. 4096  
  -s,  --stringfinder  Find specific strings. E.g. user,pass,config  

Example: NetRipper.exe -w DLL.dll -l TEMP -p true -d 4096 -s user,pass 

Source link

thanks you RSS link


Please enter your comment!
Please enter your name here