intercept

Individually arpspoofs the target box, router and DNS server if necessary. Displays all most the interesting bits of their traffic. Cleans up after itself.

Example usage: python intercept.py -u -p -d -w -ip 192.168.0.10

Output: -u, URLs visited; truncates at 150 characters and filters image urls since they spam the output -p, username/passwords for FTP/IMAP/POP/IRC/HTTP, POSTs made, all searches made -d, see all images they view with driftnet -w, writes the output to the running directory in intercept.log.txt -ip, target this IP address

Running just intercept.py without -ip argument will arp scan the network and give you a choice of targets although my wifi-monitor.py script additionally shows data usage on the LAN allowing you to pick the most active target.

All options: python intercept.py -h

-s, strip SSL from sites with SSLstrip -v, show verbose URLs which do not truncate at 150 characters like -u -i INTERFACE, specify interface; default is first interface in ip route, eg: -i wlan0 -dns DOMAIN, DNS spoofing; race condition with router, will fix eventually, eg: -dns google.com

Cleans the following on Ctrl-C: turn off IP forwarding flush iptables firewall individually restore each machine's ARP table

To do: integrate https://github.com/DanMcInerney/wifi-monitor change packet input from scapy to iptables' nfqueue like https://github.com/DanMcInerney/dnsspoof