Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
when i start webspy (dsniff) i get this return - 'listening on eth0'
but i get no return on netscape from the target machine. i've done this correctly at one time but i forgot how to, anybody else know?
How did you start it, what is your commandline? If you "strace -v /path/to/webspy <args>" does it show parsing any traffic?
If this is your own private network *only you* muck on (not invading other peoples privacy): are you in the position to actually see traffic from that host (netwrk topo)? Tried using a MiM tool?
I have the same problem. I haven't managed to get it working but I read somewhere that you can't use the dsniff tools on a switched LAN without ARP poisoning the victim's PC. I've tried using arpspoof and ettercap to do this and although I am able to arp poison with ettercap I still couldn't get webspy to work. I'll have to see if I can get any of the other tools to work.
Ok, I managed to get this to work Hooray! It's not perfect but it's good enough.
If you're on a network where you and the victim are connected via a hub then you shouldn't need to do a mitm (man in the middle) attack, however, if you are connected via a switch then you will. I recommend using ettercap for that.
Once you've got the mitm set up (if needed) you'll need to start up your browser, I've only used webspy from knoppix-std so I've only tried this using mozilla/firefox, but I would assume any browser should be fine.
After your browser's started you then need to run webspy parsing the IP address of the victims PC and optionally the interface on your PC to listen to,
i.e. $ webspy -i eth0 192.168.2.100
Then all you need is for the victim to start surfing!
Two notes on this though:
1) webspy doesn't seem to be able to cope with tabbed browsing very well, i.e. if the victim is using a tabbed browser then things can get a bit messy and it doesn't always pick up every URL for some reason. I've been redirected to the KDE home site when the victim PC requested somewhere completely different.
2) this should only be tried out on a network that either you own (i.e. your home network) or where you have express permission from the powers that be, seriously. Just as ettercap can be used to ARP poison (perform mitm attacks), it can also be used to detect them...
Sorry, I forgot to mention that you'll need to enable IP forwarding in the kernel. This is done by issuing this command as root:
echo 1 > /proc/sys/net/ipv4/ip_forward
I don't know whether this is needed on a hubbed network but it's definately needed on a switched network and should be done before you attempt the mitm setup in ettercap.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.