From ced1b2224f74b5f7e10f56962659c3d0f6497d7a Mon Sep 17 00:00:00 2001 From: DanMcInerney Date: Sun, 20 Oct 2013 02:02:14 -0600 Subject: [PATCH] README --- README.md | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a535c0e..dab2784 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,33 @@ intercept ======== -Running just intercept.py without -ip argument will arp scan the network and give you a choice of targets although I'd recommend using my wifi-monitor.py script instead since it shows data usage allowing you to pick the most active target. +Individually arpspoofs the target box, router and DNS server if necessary. Displays all most the interesting bits of their traffic. Cleans up after itself. Example usage: -python intercept.py -u -p -w -ip 192.168.0.10 +python intercept.py -u -p -d -w -ip 192.168.0.10 -Prints URLs visited (-u), username/passwords for FTP/IMAP/POP/IRC/HTTP, POSTs made, all searches they make (all that is -p), writes the output to the running directory in intercept.log.txt (-w), and spoofs the target IP (-ip). +Output: +-u, URLs visited; truncates at 150 characters and filters image urls since they spam the output +-p, username/passwords for FTP/IMAP/POP/IRC/HTTP, POSTs made, all searches made +-d, see all images they view with driftnet +-w, writes the output to the running directory in intercept.log.txt +-ip, target this IP address + +Running just intercept.py without -ip argument will arp scan the network and give you a choice of targets although my wifi-monitor.py script additionally shows data usage on the LAN allowing you to pick the most active target. All options: python intercept.py -h + +-s, strip SSL from sites with SSLstrip +-v, show verbose URLs which do not truncate at 150 characters like -u +-i INTERFACE, specify interface; default is first interface in `ip route`, eg: -i wlan0 +-dns DOMAIN, DNS spoofing; race condition with router, will fix eventually, eg: -dns google.com + +Cleans the following on Ctrl-C: + turn off IP forwarding + flush iptables firewall + individually restore each machine's ARP table + +To do: + integrate https://github.com/DanMcInerney/wifi-monitor + change packet input from scapy to iptables' nfqueue like https://github.com/DanMcInerney/dnsspoof