NetRipper - Smart Traffic Sniffing for Penetration Testers

is a post exploitation tool targeting systems which uses API hooking in order to intercept network and encryption related functions from a low privileged user, being able to capture both plain-text and encrypted before encryption/after decryption.

NetRipper was released at Defcon 23, Las Vegas, Nevada.

It should be able to capture network traffic from: Putty, WinSCP, SQL Server Management Studio, Lync (Skype for Business), Microsoft Outlook, Google Chrome, Mozilla Firefox. The list is not limited to these applications but other tools may require special support.

Command Line:

Injection: NetRipper.exe DLLpath.dll processname.exe  
Example:   NetRipper.exe DLL.dll firefox.exe  

Generate DLL:

  -h,  --help          Print this help message  
  -w,  --write         Full  for the DLL to write the configuration   
  -l,  --location      Full path where to save  files (default TEMP)  


  -p,  --plaintext     Capture only plain-text . E.g. true  
  -d,  --datalimit     Limit capture size per request. E.g. 4096  
  -s,  --stringfinder  Find specific strings. E.g. user,pass,config  

Example: NetRipper.exe -w DLL.dll -l TEMP -p true -d 4096 -s user,pass 

Source link

thanks you RSS link


Please enter your comment!
Please enter your name here