Tutorials

Hack all images of network user’s and find out what user’s are accessing on network

Posted on

Sniffing is an essential phase in pentesting. Many times security researchers/ pentesters wants to sniff their target so they can prepare more better for further phases, as per ethical hacking professionals. There are many ways to sniff target. And there are many automation tools which helps in analyzing the network packets. We are talking about JUSTNIFFER.

According to ethical hacking researcher of International Institute of Cyber Security, Justniffer can be used in various phases of network pentesting.

Justniffer is a network packet analyzing tool used in sniffing the target on network. This tool can analyze capture traffic and can show them in customized logs. Security researcher/ pentester can get logs using customize keywords. Justniffer covers most of common network protocols which are used in communicating on the network. Justniffer is makes easy to analyze low level network issues such as TCP retransmission & IP fragmentation, mention ethical hacking experts.

  • Justniffer has tested on Ubuntu 16.04. According to developers of justniffer can be used on old versions of Ubuntu 11.04, 11.10, 12.04, 14.04.
  • For downloading Ubuntu 16.04 go to : http://releases.ubuntu.com/16.04/ubuntu-16.04.5-desktop-amd64.iso
  • After installing Ubuntu. Type sudo add-apt-repository ppa:oreste-notelli/ppa
  • After adding repository follow below steps:
root@ubuntu:/home/iicybersecurity/Downloads# sudo add-apt-repository ppa:oreste-notelli/ppa
  justniffer is a tcp packet sniffer. It can log network traffic in a 'standard' (web server like) or in a customized way. It can also log response times, useful for tracking network services performances (e.g. web server, application server, etc.).
  More info: https://launchpad.net/~oreste-notelli/+archive/ubuntu/ppa
 Press [ENTER] to continue or ctrl-c to cancel adding it
 gpg: keyring /tmp/tmpggqzg45b/secring.gpg' created gpg: keyring/tmp/tmpggqzg45b/pubring.gpg' created
 gpg: requesting key E404C48A from hkp server keyserver.ubuntu.com
 gpg: /tmp/tmpggqzg45b/trustdb.gpg: trustdb created
 gpg: key E404C48A: public key "Launchpad justniffer" imported
 gpg: Total number processed: 1
 gpg:               imported: 1  (RSA: 1)
 OK
  • Then type sudo apt-get update 
root@ubuntu:/home/iicybersecurity/Downloads# sudo apt-get update
 Hit:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
 Get:2 http://ppa.launchpad.net/oreste-notelli/ppa/ubuntu xenial InRelease [22.4 kB]
 Get:3 http://ppa.launchpad.net/oreste-notelli/ppa/ubuntu xenial/main amd64 Packages [556 B]
 Get:4 http://ppa.launchpad.net/oreste-notelli/ppa/ubuntu xenial/main i386 Packages [556 B]
 Get:5 http://ppa.launchpad.net/oreste-notelli/ppa/ubuntu xenial/main Translation-en [308 B]
 Fetched 23.9 kB in 3s (7,043 B/s)
 Reading package lists… Done
  • Type sudo apt-get install justniffer 
root@ubuntu:/home/iicybersecurity/Downloads# sudo apt-get install justniffer
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following additional packages will be installed:
   libboost-program-options1.58.0 libboost-regex1.58.0
 The following NEW packages will be installed:
   justniffer libboost-program-options1.58.0 libboost-regex1.58.0
 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
 Need to get 524 kB of archives.
 After this operation, 2,196 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y
 Get:1 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libboost-program-options1.58.0 amd64 1.58.0+dfsg-5ubuntu3 [138 kB]
 Get:2 http://ppa.launchpad.net/oreste-notelli/ppa/ubuntu xenial/main amd64 justniffer amd64 0.5.15-0~131~ubuntu16.04.1 [125 kB]
 Get:3 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libboost-regex1.58.0 amd64 1.58.0+dfsg-5ubuntu3 [261 kB]
 Fetched 524 kB in 3s (147 kB/s)
 Selecting previously unselected package libboost-program-options1.58.0:amd64.
 (Reading database … 184176 files and directories currently installed.)
 Preparing to unpack …/libboost-program-options1.58.0_1.58.0+dfsg-5ubuntu3_amd64.deb …
 Unpacking libboost-program-options1.58.0:amd64 (1.58.0+dfsg-5ubuntu3) …
 Selecting previously unselected package libboost-regex1.58.0:amd64.
 Preparing to unpack …/libboost-regex1.58.0_1.58.0+dfsg-5ubuntu3_amd64.deb …
 Unpacking libboost-regex1.58.0:amd64 (1.58.0+dfsg-5ubuntu3) …
 Selecting previously unselected package justniffer.
 Preparing to unpack …/justniffer_0.5.15-0~131~ubuntu16.04.1_amd64.deb …
 Unpacking justniffer (0.5.15-0~131~ubuntu16.04.1) …
 Processing triggers for libc-bin (2.23-0ubuntu10) …
 Processing triggers for man-db (2.7.5-1) …
 Setting up libboost-program-options1.58.0:amd64 (1.58.0+dfsg-5ubuntu3) …
 Setting up libboost-regex1.58.0:amd64 (1.58.0+dfsg-5ubuntu3) …
 Setting up justniffer (0.5.15-0~131~ubuntu16.04.1) …
 Processing triggers for libc-bin (2.23-0ubuntu10) …
  • If your are using any other Linux distros. Type wget https://sourceforge.net/projects/justniffer/files/justniffer_0.5.15.tar.gz/download
  • Type tar -xvzf justniffer_0.5.15.tar.gz
  • Make sure you installed all the required libraries. The below mentioned libraries can be installed using sudo apt-get update && sudo apt-get install <libraries>
  • Libraries are :
    • patch
    • tar
    • autotools
    • make
    • libc6
    • libpcpap0.8
    • g++
    • gcc
    • libboost-iostreams
    • libboost-porogram-options
    • libboot-regex
  • After installation type justniffer –version to check if it is installed.
root@ubuntu:/home/iicybersecurity# justniffer --version
 justniffer 0.5.14
 Written by Oreste Notelli [email protected]
 Copyright (c) 2007- 2016 Plecno s.r.l.
  • Justniffer works with network interface. For knowing network interface of you Linux distros type ifconfig 
root@ubuntu:/home/iicybersecurity# ifconfig

ens33     Link encap:Ethernet  HWaddr 00:0c:29:d7:ed:a1
           inet addr:192.168.1.6  Bcast:192.168.1.255  Mask:255.255.255.0
           inet6 addr: fe80::eddd:700e:2477:8da0/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:25129 errors:0 dropped:0 overruns:0 frame:0
           TX packets:18127 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:18736101 (18.7 MB)  TX bytes:2536084 (2.5 MB)
  • In this scenario ens33 is the network interface which will be used in justniffer.
  • Type justniffer -l “%response.time.begin”
  • -l is used to show output in log form.
root@ubuntu:/home/iicybersecurity/Downloads# justniffer -l "%response.time.begin"
 0.285771
 0.306928
 0.304552
 0.278160
 0.289295
 0.276613
 0.314918
  • After executing the above query, Server response with the requested URL. At that time above query begins and records time from server to the client.
  • The above query can be used to check the response time in network pentesting.
  • Type justniffer -l “%request.header.cookie”
  • -l is used to show output in log form.
root@ubuntu:/home/iicybersecurity# justniffer -l "%request.header.cookie"

_ga=GA1.2.336292582.1550218454; _gid=GA1.2.2094894364.1550218454; __gads=ID=b5f4a681f0a23b12:T=1550218454:S=ALNI_MbarcPt5qZsZ9DdYG2s3MXp3_qf8g
  • Above output shows request cookie which is send by the server in response to HTTP request. This can be used in network to sniff all cookie and perform cookie stealing as sone by malwares that steals session cookies.
  • Type justniffer -i ens33 -p “port 80”
  • -i is used to enter the network interface.
  • -p is used to enter the port number.
root@ubuntu:/home/iicybersecurity# justniffer -i ens33 -p "port 80"
 192.168.1.6 - - [-] "" - 0 "" ""
 192.168.1.6 - - [-] "" - 0 "" ""
 192.168.1.6 - - [-] "" - 0 "" ""
 192.168.1.6 - - [15/Feb/2019:02:37:53 -0800] "GET /js/side-bar.js HTTP/1.1" 302 215 "http://www.iicybersecurity.com/ethical-hacking.html" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
 192.168.1.6 - - [-] "" - 0 "" ""
 192.168.1.6 - - [-] "" - 0 "" ""
 192.168.1.6 - - [15/Feb/2019:02:38:10 -0800] "GET /teams/baseball HTTP/1.1" 302 416 "http://www.azpreps365.com/sections/beach-volleyball" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
 192.168.1.6 - - [15/Feb/2019:02:38:11 -0800] "GET /teams/baseball/6a HTTP/1.1" 200 0 "http://www.azpreps365.com/sections/beach-volleyball" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
 192.168.1.6 - - [-] "" - 0 "" ""
 192.168.1.6 - - [15/Feb/2019:02:38:13 -0800] "GET /account/session HTTP/1.1" 200 0 "http://www.azpreps365.com/teams/baseball/6a" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
 192.168.1.6 - - [15/Feb/2019:02:38:33 -0800] "GET /program-operators/logos/64x64/westview-knights-98aafb.png HTTP/1.1" 200 4829 "http://www.azpreps365.com/teams/baseball/1481-alhambra/115144-varsity" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
 192.168.1.6 - - [15/Feb/2019:02:38:33 -0800] "GET /program-operators/logos/64x64/pinnacle-pioneers-2a4ebe.png HTTP/1.1" 200 5218 "http://www.azpreps365.com/teams/baseball/1481-alhambra/115144-varsity" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
 192.168.1.6 - - [15/Feb/2019:02:38:33 -0800] "GET /program-operators/logos/64x64/copper-canyon-aztecs-43e8a5.png HTTP/1.1" 200 7963 "http://www.azpreps365.com/teams/baseball/1481-alhambra/115144-varsity" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
  • Above query shows GET response from the server. In GET response it retrives with What HTTP version is used.
  • Above query has also fetched the user agent with its ID. The above query is also downloading some images.
  • Type justniffer -l “%dest.ip”
  • -l is used to show output in log form.
root@ubuntu:/home/iicybersecurity# justniffer -l "%dest.ip"
 172.217.167.206
 172.217.167.206
 216.58.203.132
 216.58.203.132
 172.217.167.206
 216.58.203.132
 109.63.142.253
 109.63.142.253
  • After executing above query, justniffer has gather dest IP addresses. The above information can be used to verifiy URL IP address. The above information can also be used in other hacking activities.

Now to Grabbing Images of users on Network :-

  • For downloading images use query grap-http-traffic. The query does not come pre-installed in justniffer.
  • For downloading query type git clone https://github.com/onotelli/justniffer 
root@ubuntu:/home/iicybersecurity# git clone https://github.com/onotelli/justniffer
 Cloning into 'justniffer'…
 remote: Enumerating objects: 1287, done.
 remote: Total 1287 (delta 0), reused 0 (delta 0), pack-reused 1287
 Receiving objects: 100% (1287/1287), 2.94 MiB | 735.00 KiB/s, done.
 Resolving deltas: 100% (932/932), done.
 Checking connectivity… done.
  • Type cd justniffer & ls 
root@ubuntu:/home/iicybersecurity# cd justniffer/
 root@ubuntu:/home/iicybersecurity/justniffer# ls
 acinclude.m4    build_debian.sh  config.sub       COPYING  include     justmonitor      ltmain.sh    make-release.sh  README
 aclocal.m4      ChangeLog        configure        debian   info.json   justniffer.8     m4           missing          src
 AUTHORS         compile          configure.ac     depcomp  INSTALL     justniffer.8.in  Makefile.am  NEWS             test
 autom4te.cache  config.guess     configure.ac.in  doc      install-sh  lib              Makefile.in  python           ws
  • Type ./configure 
root@ubuntu:/home/iicybersecurity/justniffer# ./config
 config.guess  config.sub    configure
 root@ubuntu:/home/iicybersecurity/justniffer# ./configure
 checking for a BSD-compatible install… /usr/bin/install -c
 checking whether build environment is sane… yes
 checking for a thread-safe mkdir -p… /bin/mkdir -p
 checking for gawk… no
 checking for mawk… mawk
 checking whether make sets $(MAKE)… yes
 checking whether make supports nested variables… yes
 checking whether to enable maintainer-specific portions of Makefiles… no
 checking for bash… yes
 BASH_F= yes
 checking for g++… g++
 checking whether the C++ compiler works… yes
 checking for C++ compiler default output file name… a.out
 checking for suffix of executables…
 checking whether we are cross compiling… no
 checking for suffix of object files… o
 checking whether we are using the GNU C++ compiler… yes
 checking whether g++ accepts -g… yes
 checking for style of include used by make… GNU
 checking dependency style of g++… gcc3
 checking dependency style of g++… (cached) gcc3
 gcc: fatal error: no input files
 compilation terminated.
 checking for gcc… gcc
 checking whether we are using the GNU C compiler… yes
 checking whether gcc accepts -g… yes
 checking for gcc option to accept ISO C89… none needed
 checking whether gcc understands -c and -o together… yes
 checking dependency style of gcc… gcc3
 checking dependency style of gcc… (cached) gcc3
 checking how to run the C preprocessor… gcc -E
 checking for grep that handles long lines and -e… /bin/grep
 checking for egrep… /bin/grep -E
 checking for ANSI C header files… yes
 checking for sys/types.h… yes
 checking for sys/stat.h… yes
 checking for stdlib.h… yes
 checking for string.h… yes
 checking for memory.h… yes
 checking for strings.h… yes
 checking for inttypes.h… yes
 checking for stdint.h… yes
 checking for unistd.h… yes
 checking sys/time.h usability… yes
 checking sys/time.h presence… yes
 checking for sys/time.h… yes
 checking for an ANSI C-conforming const… yes
 checking for inline… inline
 checking for strftime… yes
 checking for stdbool.h that conforms to C99… yes
 checking for _Bool… yes
 checking whether time.h and sys/time.h may both be included… yes
 checking whether struct tm is in sys/time.h or time.h… time.h
 checking netinet/ip.h usability… yes
 checking netinet/ip.h presence… yes
 checking for netinet/ip.h… yes
 checking build system type… x86_64-unknown-linux-gnu
 checking host system type… x86_64-unknown-linux-gnu
 checking how to print strings… printf
 checking for a sed that does not truncate output… /bin/sed
 checking for fgrep… /bin/grep -F
 checking for ld used by gcc… /usr/bin/ld
 checking if the linker (/usr/bin/ld) is GNU ld… yes
 checking for BSD- or MS-compatible name lister (nm)… /usr/bin/nm -B
 checking the name lister (/usr/bin/nm -B) interface… BSD nm
 checking whether ln -s works… yes
 checking the maximum length of command line arguments… 1572864
 checking whether the shell understands some XSI constructs… yes
 checking whether the shell understands "+="… yes
 checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format… func_convert_file_noop
 checking how to convert x86_64-unknown-linux-gnu file names to toolchain format… func_convert_file_noop
 checking for /usr/bin/ld option to reload object files… -r
 checking for objdump… objdump
 checking how to recognize dependent libraries… pass_all
 checking for dlltool… no
 checking how to associate runtime and link libraries… printf %sn
 checking for ar… ar
 checking for archiver @FILE support… @
 checking for strip… strip
 checking for ranlib… ranlib
 checking command to parse /usr/bin/nm -B output from gcc object… ok
 checking for sysroot… no
 checking for mt… mt
 checking if mt is a manifest tool… no
 checking for dlfcn.h… yes
 checking for objdir… .libs
 checking if gcc supports -fno-rtti -fno-exceptions… no
 checking for gcc option to produce PIC… -fPIC -DPIC
 checking if gcc PIC flag -fPIC -DPIC works… yes
 checking if gcc static flag -static works… yes
 checking if gcc supports -c -o file.o… yes
 checking if gcc supports -c -o file.o… (cached) yes
 checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries… yes
 checking whether -lc should be explicitly linked in… no
 checking dynamic linker characteristics… GNU/Linux ld.so
 checking how to hardcode library paths into programs… immediate
 checking whether stripping libraries is possible… yes
 checking if libtool supports shared libraries… yes
 checking whether to build shared libraries… yes
 checking whether to build static libraries… yes
 checking how to run the C++ preprocessor… g++ -E
 checking for ld used by g++… /usr/bin/ld -m elf_x86_64
 checking if the linker (/usr/bin/ld -m elf_x86_64) is GNU ld… yes
 checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries… yes
 checking for g++ option to produce PIC… -fPIC -DPIC
 checking if g++ PIC flag -fPIC -DPIC works… yes
 checking if g++ static flag -static works… yes
 checking if g++ supports -c -o file.o… yes
 checking if g++ supports -c -o file.o… (cached) yes
 checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries… yes
 checking dynamic linker characteristics… (cached) GNU/Linux ld.so
 checking how to hardcode library paths into programs… immediate
 checking for pcap_open_live in -lpcap… no
 checking for boostlib >= 1.46… configure: We could not detect the boost libraries (version 1.46 or higher). If you have a staged boost library (still not installed) please specify $BOOST_ROOT in your environment and do not give a PATH to --with-boost option.  If you are sure you have boost installed, then check your version number looking in . See http://randspringer.de/boost for more documentation.
 checking whether the Boost::Regex library is available… no
 checking whether the Boost::Program_Options library is available… no
 checking whether the Boost::IOStreams library is available… no
 checking for lib/libnids-1.21_patched/README.original… yes
 ./configure: line 17253: AX_PYTHON: command not found
 checking that generated files are newer than configure… done
 configure: creating ./config.status
 config.status: creating Makefile
 config.status: creating src/Makefile
 config.status: creating python/Makefile
 config.status: creating include/config.h
 config.status: executing depfiles commands
 config.status: executing libtool commands
 === configuring in lib/libnids-1.21_patched (/home/iicybersecurity/justniffer/lib/libnids-1.21_patched)
 configure: running /bin/bash ./configure.gnu --disable-option-checking '--prefix=/usr/local'  --cache-file=/dev/null --srcdir=.
 checking build system type… x86_64-unknown-linux-gnu
 checking host system type… x86_64-unknown-linux-gnu
 checking target system type… x86_64-unknown-linux-gnu
 checking for gcc… gcc
 checking whether the C compiler works… yes
 checking for C compiler default output file name… a.out
 checking for suffix of executables…
 checking whether we are cross compiling… no
 checking for suffix of object files… o
 checking whether we are using the GNU C compiler… yes
 checking whether gcc accepts -g… yes
 checking for gcc option to accept ISO C89… none needed
 checking for ranlib… ranlib
 checking for a BSD-compatible install… /usr/bin/install -c
 checking how to run the C preprocessor… gcc -E
 checking for grep that handles long lines and -e… /bin/grep
 checking for egrep… /bin/grep -E
 checking for ANSI C header files… yes
 checking for sys/types.h… yes
 checking for sys/stat.h… yes
 checking for stdlib.h… yes
 checking for string.h… yes
 checking for memory.h… yes
 checking for strings.h… yes
 checking for inttypes.h… yes
 checking for stdint.h… yes
 checking for unistd.h… yes
 checking sys/time.h usability… yes
 checking sys/time.h presence… yes
 checking for sys/time.h… yes
 checking syslog.h usability… yes
 checking syslog.h presence… yes
 checking for syslog.h… yes
 checking for unistd.h… (cached) yes
 checking for an ANSI C-conforming const… yes
 checking for inline… inline
 checking whether time.h and sys/time.h may both be included… yes
 checking whether byte ordering is bigendian… no
 checking for gettimeofday… yes
 checking for socket in -lsocket… no
 checking for gethostbyname in -lnsl… yes
 checking for libpcap… configure: error: libpcap not found
 configure: error: ./configure.gnu failed for lib/libnids-1.21_patched
  • If it shows above error type apt-get install libpcap-dev 
root@ubuntu:/home/iicybersecurity/justniffer# apt-get install libpcap-dev
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following additional packages will be installed:
   libpcap0.8-dev
 The following NEW packages will be installed:
   libpcap-dev libpcap0.8-dev
 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
 Need to get 216 kB of archives.
 After this operation, 734 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y
 Get:1 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libpcap0.8-dev amd64 1.7.4-2 [212 kB]
 Get:2 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libpcap-dev all 1.7.4-2 [3,394 B]
 Fetched 216 kB in 1s (131 kB/s)
 Selecting previously unselected package libpcap0.8-dev.
 (Reading database … 184194 files and directories currently installed.)
 Preparing to unpack …/libpcap0.8-dev_1.7.4-2_amd64.deb …
 Unpacking libpcap0.8-dev (1.7.4-2) …
 Selecting previously unselected package libpcap-dev.
 Preparing to unpack …/libpcap-dev_1.7.4-2_all.deb …
 Unpacking libpcap-dev (1.7.4-2) …
 Processing triggers for man-db (2.7.5-1) …
 Setting up libpcap0.8-dev (1.7.4-2) …
 Setting up libpcap-dev (1.7.4-2) …
  • Then again type ./configure
  • make && make install
  • Type cd python
  • Type ./setup.py
  • Type ./justniffer-grab-http-traffic 
root@ubuntu:/home/iicybersecurity/justniffer/python# ./justniffer-grab-http-traffic
 Usage: justniffer-grab-http-traffic [options]
 Options:
   --version             show program's version number and exit
   -h, --help            show this help message and exit
   -d DIRECTORY, --directory=DIRECTORY
                         MANDATORY: directory where to save files
   -p PACKET_FILTER, --packet-filter=PACKET_FILTER
                         packet filter (tcpdump filter syntax), default ='port
                         80'
   -U USER, --user=USER  user to impersonate when saving files, cannot be root
                         user
   -i INTERFACE, --interface=INTERFACE
                         network interface to listen on (e.g. eth0, en1, etc.)
   -f FILECAP, --filecap=FILECAP
                         input file in 'tcpdump capture file format'
   -s MAX_TCP_STREAMS, --max-tcp-streams=MAX_TCP_STREAMS
                         Max concurrent tcp streams
   -D MAX_FRAGMENTED_IP, --max-fragmented-ip=MAX_FRAGMENTED_IP
                         Max concurrent fragmented ip host
   -F, --force-read-pcap
                         force the reading of the pcap file ignoring the
                         snaplen value. WARNING: could give unexpected results
   -P PARSER_SCRIPT, --parser_script=PARSER_SCRIPT
                         parser script to execute, default is
                         /usr/share/justniffer/scripts/http_parser.py
  • Now do mkdir /tmp/justniffer
  • Above directory is created where images and other files will be captured.
  • Type chmod 777 /tmp/justniffer
  • Above query will grant permission to the justniffer directory.
  • Type ./justniffer-grab-http-traffic -i ens33 -U iicybersecurity -d /tmp/justniffer/
  • -i is used to enter network interface. ens33 is the network interface.
  • -U is used to enter Linux distros username. iicybersecurity is the username.
  • -d is used to save all the grabbed files.
root@ubuntu:/home/iicybersecurity/justniffer/python# ./justniffer-grab-http-traffic -i ens33 -U iicybersecurity -d /tmp/justniffer/
 from  GET www.iicybersecurity.com /images/seguridad%20de%20aplicaciones%20web.png
 of type 'image/png'
 from  GET www.iicybersecurity.com /images/news_arrow.png
 of type 'image/png'
 from  GET www.iicybersecurity.com /seguridad-informatica.html
 of type 'text/html'
 from  GET www.iicybersecurity.com /information-security.html
 of type 'text/html'
 from  GET www.iicybersecurity.com /js/jquery.myHint.js
 of type 'application/javascript'
 from  GET www.iicybersecurity.com /ethical-hacking.html
 of type 'text/html'
  • After executing the above query http-grab-traffic will grab all the contents of the URL. including images, javascript and many other files.
  • Files can be accessed go to directory : tmp
  • Go to directory : justniffer
  • Above are the files which are grabbed after executing the above query. There are some images which are downloaded by justniffer.
  • Above is the list of the images which has been grabbed by the justniffer.
  • Now if you run this on the network you can grab images of all user’s and find out what images they are visiting on the network, and remember this work for images flowing on the network in HTTP mode (or accessed images accessed using HTTP).
Related Items:, , , ,

Recommended for you

To Top

Pin It on Pinterest

Share This