LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-15-2003, 04:20 PM   #1
bobr
Member
 
Registered: Jun 2003
Distribution: MANDRAKE-REDHAT
Posts: 70

Rep: Reputation: 15
webspy


when i start webspy (dsniff) i get this return - 'listening on eth0'
but i get no return on netscape from the target machine. i've done this correctly at one time but i forgot how to, anybody else know?
 
Old 07-17-2003, 09:40 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
How did you start it, what is your commandline? If you "strace -v /path/to/webspy <args>" does it show parsing any traffic?

If this is your own private network *only you* muck on (not invading other peoples privacy): are you in the position to actually see traffic from that host (netwrk topo)? Tried using a MiM tool?
 
Old 12-13-2005, 03:35 AM   #3
mickyg
Member
 
Registered: Oct 2004
Location: UK
Distribution: Ubuntu/Kubuntu
Posts: 249

Rep: Reputation: 30
I have the same problem. I haven't managed to get it working but I read somewhere that you can't use the dsniff tools on a switched LAN without ARP poisoning the victim's PC. I've tried using arpspoof and ettercap to do this and although I am able to arp poison with ettercap I still couldn't get webspy to work. I'll have to see if I can get any of the other tools to work.

Sorry I couldn't be of more help

Last edited by mickyg; 12-13-2005 at 06:14 AM.
 
Old 01-06-2006, 05:55 PM   #4
mickyg
Member
 
Registered: Oct 2004
Location: UK
Distribution: Ubuntu/Kubuntu
Posts: 249

Rep: Reputation: 30
Ok, I managed to get this to work Hooray! It's not perfect but it's good enough.

If you're on a network where you and the victim are connected via a hub then you shouldn't need to do a mitm (man in the middle) attack, however, if you are connected via a switch then you will. I recommend using ettercap for that.

Once you've got the mitm set up (if needed) you'll need to start up your browser, I've only used webspy from knoppix-std so I've only tried this using mozilla/firefox, but I would assume any browser should be fine.

After your browser's started you then need to run webspy parsing the IP address of the victims PC and optionally the interface on your PC to listen to,
i.e. $ webspy -i eth0 192.168.2.100

Then all you need is for the victim to start surfing!

Two notes on this though:

1) webspy doesn't seem to be able to cope with tabbed browsing very well, i.e. if the victim is using a tabbed browser then things can get a bit messy and it doesn't always pick up every URL for some reason. I've been redirected to the KDE home site when the victim PC requested somewhere completely different.

2) this should only be tried out on a network that either you own (i.e. your home network) or where you have express permission from the powers that be, seriously. Just as ettercap can be used to ARP poison (perform mitm attacks), it can also be used to detect them...

Last edited by mickyg; 01-06-2006 at 05:59 PM.
 
Old 01-07-2006, 08:54 AM   #5
mickyg
Member
 
Registered: Oct 2004
Location: UK
Distribution: Ubuntu/Kubuntu
Posts: 249

Rep: Reputation: 30
Sorry, I forgot to mention that you'll need to enable IP forwarding in the kernel. This is done by issuing this command as root:

echo 1 > /proc/sys/net/ipv4/ip_forward

I don't know whether this is needed on a hubbed network but it's definately needed on a switched network and should be done before you attempt the mitm setup in ettercap.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
webspy and msgsnarf question Di0de Linux - Software 1 07-15-2003 04:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration