intercept
========

Individually arpspoofs the target box, router and DNS server if necessary. Displays all most the interesting bits of their traffic. Cleans up after itself. 

Example usage:
python intercept.py -u -p -d -w -ip 192.168.0.10

Output: 

-u, URLs visited; truncates at 150 characters and filters image urls since they spam the output 

-p, username/passwords for FTP/IMAP/POP/IRC/HTTP, POSTs made, all searches made 

-d, see all images they view with driftnet

-w, writes the output to the running directory in intercept.log.txt

-ip, target this IP address 


Running just intercept.py without -ip argument will arp scan the network and give you a choice of targets although my wifi-monitor.py script additionally shows data usage on the LAN allowing you to pick the most active target.

All options:

python intercept.py -h


-s, strip SSL from sites with SSLstrip

-v, show verbose URLs which do not truncate at 150 characters like -u

-i INTERFACE, specify interface; default is first interface in `ip route`, eg: -i wlan0

-dns DOMAIN, DNS spoofing; race condition with router, will fix eventually, eg: -dns google.com


Cleans the following on Ctrl-C:

  turn off IP forwarding

  flush iptables firewall

  individually restore each machine's ARP table


To do:
  integrate https://github.com/DanMcInerney/wifi-monitor

  change packet input from scapy to iptables' nfqueue like https://github.com/DanMcInerney/dnsspoof

  integrate this project with wifite?

  use twisted so we can use nfqueue as pkt input

  add ability to read from pcap