Jump to content
Nytro

[RST] NetRipper - Smart traffic sniffing for penetration testers

Recommended Posts

Description

NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption.

NetRipper was released at Defcon 23, Las Vegas, Nevada.

Abstract

The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be sniffed. The implementation of this technique is a tool called NetRipper which uses API hooking to do the actions mentioned above and which has been especially designed to be used in penetration tests, but the concept can also be used to monitor network traffic of employees or to analyze a malicious application.

https://github.com/NytroRST

  • Like 2
  • Thanks 1
  • Upvote 8

Share this post


Link to post
Share on other sites

Thanks. Nu mai merge pe Chrome, insa l-am fixat, dar nu e pus pe GitHub.

O sa ii fac update, am mai lucrat la el, dar trebuie sa imi pun o licenta ceva, sa nu am probleme daca il folosesc altii in mod "urat".

Share this post


Link to post
Share on other sites
On 8/14/2015 at 12:09 AM, Nytro said:

NetRipper was released at Defcon 23, Las Vegas, Nevada.

 

19 hours ago, Nytro said:

Am adaugat suport pentru Chrome 62.

Tu esti autorul proiectului ?

Ai fost pana in Las Vegas, Nevada ? 

Felicitari !

  • Upvote 1

Share this post


Link to post
Share on other sites

Da, acolo l-am prezentat, mersi. Momentan, din cand in cand mai lucrez la el.

Daca aveti sugestii, sau daca are probleme, puteti posta aici si ma ocup cand am timp de ele.

  • Upvote 4

Share this post


Link to post
Share on other sites
On 8/14/2015 at 12:09 AM, Nytro said:

Description

NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption.

NetRipper was released at Defcon 23, Las Vegas, Nevada.

Abstract

The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be sniffed. The implementation of this technique is a tool called NetRipper which uses API hooking to do the actions mentioned above and which has been especially designed to be used in penetration tests, but the concept can also be used to monitor network traffic of employees or to analyze a malicious application.

 

 

https://github.com/NytroRST

 

Nici nu ai habar cat cautam asa ceva :))  ...sanatate brother

  • Upvote 1

Share this post


Link to post
Share on other sites

Da, e in CrackMapExec, insa nu i-a mai facut update de o gramada de timp. :( 

L-am cunoscut pe byt3bl33d3r la BlackHat Asia, e super de treaba, a zis ca o sa ii faca update, dar probabil a uitat. Poate ii mai aduc eu aminte. :D 

 

Este si in PTF, dar la fel, nu e updated :( https://github.com/trustedsec/ptf/tree/master/modules/windows-tools 

  • Upvote 3

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...