This is an open source python tool for seeing all interesting traffic from and to a client on your LAN. It's an asynchonous, multithreaded arp spoofing packet parser. It uses the Twisted framework, iptables nfqueue to feed the callback functions packets, and scapy for most packet dissection and injection.
Simple usage:
Code:git clone https://github.com/DanMcInerney/intercept cd intercept/ python intercept.py -u -p -n
-u: URLs visited; truncates at 150 characters and filters image urls since they spam the output
-p: display username/passwords for FTP/IMAP/POP/IRC/HTTP, POSTs made, all searches made, and incoming/outgoing email and IRC messages sent
-n: perform an doutput a very quick nmap scan of the target for open ports and operating system info
Full usage:
Code:python intercept.py -u -p -n -na -dns neopets.com -set -d -ip 10.0.1.20
-na: perform an aggressive and complete nmap scan of the victim in the background including service enumeration. Saves results to <IP address>.nmap.txt in the working directory
-dns DOMAIN: drop packets to DOMAIN and inject our own pointing the victim to the attack's IP address. This is especially powerful when combined with SET's web site cloning tool (option 1, 2, 3, 2, then enter the domain you're spoofing).
-set: open the social engineer's toolkit
Prereqs: Linux, scapy, python nfqueue-bindings, aircrack-ng, python twisted
Tested on Kali 1.0. Please PM or reply with bug reports.
