NetRipper - Smart Traffic Sniffing for Penetration Testers

NetRipper - Smart Traffic Sniffing for Penetration Testers

NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption.

NetRipper was released at Defcon 23, Las Vegas, Nevada.

It should be able to capture network traffic from: Putty, WinSCP, SQL Server Management Studio, Lync (Skype for Business), Microsoft Outlook, Google Chrome, Mozilla Firefox. The list is not limited to these applications but other tools may require special support.

Command Line:

Injection: NetRipper.exe DLLpath.dll processname.exe  
Example: NetRipper.exe DLL.dll firefox.exe

Generate DLL:

-h, --help Print this help message
-w, --write Full path for the DLL to write the configuration data
-l, --location Full path where to save data files (default TEMP)

Plugins:

-p, --plaintext Capture only plain-text data. E.g. true
-d, --datalimit Limit capture size per request. E.g. 4096
-s, --stringfinder Find specific strings. E.g. user,pass,config

Example: NetRipper.exe -w DLL.dll -l TEMP -p true -d 4096 -s user,pass




Source: www.effecthacking.com
NetRipper - Smart Traffic Sniffing for Penetration Testers NetRipper - Smart Traffic Sniffing for Penetration Testers Reviewed by Anonymous on 11:35 PM Rating: 5