HTTP Network Sniffer

In the modern world there are very many applications which are vulnerable to network sniffing.

These include protocols such as Telnet, FTP, rsh, etc. All of these protocols have been around for a long time; before network sniffing was commonly known/used.

On the whole protocols have evolved in such a way that passwords aren't sent as plaintext any longer; SSH has replaced telnet, SCP has replaced FTP, and various other changes have been made - such as the introduction of APOP to avoid using plaintext passwords for POP3 connections.

This application is the start of a collection of tools for performing network audits of HTTP based services.

The Tool

The tool designed here is a driver application which contains a couple of simple plugins for capturing, decoding, and displaying some network logins. Currently FTP/POP3/HTTP Basic Realms and CVS logins are supported. More may arrive in the future.

Usage is pretty simple:

skx@hell:~$ httpcapture --help
httpcapture - 0.4 by Steve Kemp

 Usage: httpcapture [ options ]

   --debug  Enable extra debugging output.
   --force  Don't exit if run by a non-root user.
   --help   Show this help
   --interface ethN Set the interface to listen upon.
   --list   Show all installed plugins.
   --path dir   Set an alternate plugin directory.
   --versionShow the version number of this application.

Download HTTPCapture

Download via the following link, run 'make install' to build and install the plugins in the correct location. (A simple 'make uninstall' will remove everything cleanly).

Future versions will contain more plugins, a stable plugin API, and real documentation.

To build the application you'll need the libpcap development files - it's only been tested upon Debian GNU/Linux.