Run the script on windows or on Linux machines, so you can run the script on the windows compiler using python. Here I used Kali Linux for snipping network victims. It is not important to install Python in Kali Linux.
System Attackers(Kali Linux)
Run the script using a command: net-creds.py python -i andh0- Choose your interface, here I choose -i eth0 as my interface.
Username Sniff Out & Password
Net-creds sniff out URLs visited to capture clear protocols for network text. Over illustrated image, sniffed data displays interesting juicy items in the HTTP protocol GET & POST query. Banking login credentials can be found here in POST Demo.testfire.net website request.
Check the Credentials of Victims
Let’s check out the sniffed credentials to login. Bingo!!! Bingo! Successful username and password login.
Net-creds protocols capable of sniffing
POST loads sent,HTTP logins/passwords form,HTTP basic auth logins/passwords,HTTP searches,POP logins/passwords. The following protocols are all supported: IMAP logins/passwords,Telnet logins/passwords,SMTP and SNMP,SNMP community-string,NTLMv1 and v2: HTTP,SMB, LDAP and Kerberos.
HTTP: Sends passwords in clear text TELNET: Transfer commands in plain text SNMP: Sends passwords in clear text POP: Sends passwords in clear text FTP: Sends passwords in clear text NNTP: Sends passwords in clear text IMAP: Sends passwords in clear text
Attack mitigation for MITM
Packet sniffer defense is first to use strong authentication, for example with one-time passwords. Anti-sniffing tools to detect the use of network sniffers. Includes Secure Shell Protocol (SSH) and Secure Sockets Layer (SSL), which implement cryptographic protocols for network management.
