dsniff-2.3
----------

i wrote these tools with honest intentions - to audit my own network,
and to demonstrate the insecurity of cleartext / weakly-encrypted
network protocols and ad-hoc PKI. please do not abuse this software.

these programs require:

      Berkeley DB - http://www.sleepycat.com/
      OpenSSL - http://www.openssl.org/
      libpcap - http://www.tcpdump.org/
      libnids - http://www.packetfactory.net/Projects/Libnids/
      libnet - http://www.packetfactory.net/Projects/Libnet/

built and tested on OpenBSD, Linux, and Solaris. YMMV.

what's here:

arpspoof
    redirect packets from a target host (or all hosts) on the LAN
    intended for another local host by forging ARP replies. this
    is an extremely effective way of sniffing traffic on a switch.
    kernel IP forwarding (or a userland program which accomplishes
    the same, e.g. fragrouter :-) must be turned on ahead of time.

dnsspoof
    forge replies to arbitrary DNS address / pointer queries on
    the LAN. this is useful in bypassing hostname-based access
    controls, or in implementing a variety of man-in-the-middle
    attacks (HTTP, HTTPS, SSH, Kerberos, etc).

dsniff
    password sniffer. handles FTP, Telnet, SMTP, HTTP, POP,
    poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP
    MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ,
    Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec
    pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase
    and Microsoft SQL auth info.

    dsniff automatically detects and minimally parses each
    application protocol, only saving the interesting bits, and
    uses Berkeley DB as its output file format, only logging
    unique authentication attempts. full TCP/IP reassembly is
    provided by libnids(3) (likewise for the following tools as
    well).

filesnarf
    saves selected files sniffed from NFS traffic in the current
    working directory.

macof
    flood the local network with random MAC addresses (causing
    some switches to fail open in repeating mode, facilitating
    sniffing). a straight C port of the original Perl Net::RawIP
    macof program.

mailsnarf
    a fast and easy way to violate the Electronic Communications
    Privacy Act of 1986 (18 USC 2701-2711), be careful. outputs
    selected messages sniffed from SMTP and POP traffic in Berkeley
    mbox format, suitable for offline browsing with your favorite
    mail reader (mail -f, pine, etc.).

msgsnarf
    record selected messages from sniffed AOL Instant Messenger,
    ICQ 2000, IRC, and Yahoo! Messenger chat sessions.

sshmitm
    SSH monkey-in-the-middle. proxies and sniffs SSH traffic
    redirected by dnsspoof(8), capturing SSH password logins, and
    optionally hijacking interactive sessions. only SSH protocol
    version 1 is (or ever will be) supported - this program is far
    too evil already.

tcpkill
    kills specified in-progress TCP connections (useful for
    libnids-based applications which require a full TCP 3-whs for
    TCB creation).

tcpnice
    slow down specified TCP connections via "active" traffic
    shaping. forges tiny TCP window advertisements, and optionally
    ICMP source quench replies.

urlsnarf
    output selected URLs sniffed from HTTP traffic in CLF
    (Common Log Format, used by almost all web servers), suitable
    for offline post-processing with your favorite web log
    analysis tool (analog, wwwstat, etc.).

webmitm
    HTTP / HTTPS monkey-in-the-middle. transparently proxies and
    sniffs web traffic redirected by dnsspoof(8), capturing most
    "secure" SSL-encrypted webmail logins and form submissions.

webspy
    sends URLs sniffed from a client to your local Netscape
    browser for display, updated in real-time (as the target
    surfs, your browser surfs along with them, automagically).
    a fun party trick. :-)

-d.

---
http://www.monkey.org/~dugsong