search

DanMcInerney / net-creds

Sniffs sensitive data from interface or pcap
GNU General Public License v3.0
1.65k stars 432 forks source link

Implement HTTPS #27

Closed TheSph1nx closed 6 years ago

TheSph1nx commented 6 years ago

Sniffing HTTPs authentications.

Aholicknight commented 6 years ago

This woudent be possible since HTTPS is encrypted.

TheSph1nx commented 6 years ago

I know but what about Zeus then?

Aholicknight commented 6 years ago

@SPB-Production I dont know what you mean by Zeus. Please be more specific.

TheSph1nx commented 6 years ago

Zeus I mean the botnet , the agent can sniff https traffic .

TrevorRowe123 commented 6 years ago

Zeus sniffs HTTPS traffic on the client, before the outgoing traffic is encrypted, and after the inbound traffic is decrypted. It isn't able to actually decrypt traffic on its own.

DanMcInerney commented 6 years ago

@SPB-Production, @werro123 is right.

TheSph1nx commented 6 years ago

I know how it works but why don't trying to implement a method to decode the traffic before leaving the machine ...

DanMcInerney commented 6 years ago

That'd be pretty cool, but I feel the main purpose of this script is for parsing pcaps. It can be run live, but it quickly eats all the cpu. Additionally, capturing traffic prior to encryption is not a trivial task. There's a tool called netripper that does it but to implement that functionality in a simple python script like this would be a major undertaking that I don't feel like doing right now especially since I'm working on icebreaker and some other stuff for the foreseeable future.

I like the thought though, would be a neat feature. Maybe I'll try something like that in the future.

On Mar 3, 2018 12:50 AM, "SpaceTech" notifications@github.com wrote:

I know how it works but why don't trying to implement a method to decode the traffic before leaving the machine ...

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/DanMcInerney/net-creds/issues/27#issuecomment-370128013, or mute the thread https://github.com/notifications/unsubscribe-auth/ABuspYlpkym5j6MPx7OZHFW-V5VzWv-3ks5taksygaJpZM4RWTPk .

TheSph1nx commented 6 years ago

@DanMcInerney Yes don't worry , I asked that because I tryed to implement that in python and other languages but i can't a find an elegant solution so i thought maybe you know something more about it (I needed https decryption for my project spacenet). I know about netripper but i've found some trouble working with it so i thought was better working on something else . Anyway thanks for the answers , good work for icebreaker ;) .