Greetings! Andrew Stewart wrote: > Does anyone know of a tool with credential sniffing capabilities similar > to dsniff? (But that isn't dsniff ;-) > > I've played with Ethereal but I'd like to try and find a tool with > focused password/credential snarfing ability. http://phenoelit.de/phoss/ "PHoss is a sniffer designed to find HTTP, FTP, LDAP, Telnet, IMAP4 and POP3 logins on the wire. It also sniffs the VNC challange/response handshake." Especially in non-switchd networks quite an eye-opener. Lists nicely protocol, name and password for each appropriate packet coming along. Personal experience with Phenoelit: some of them tried to social engineer into our CeBit network few years ago (out of sportsmanship I figure) but ended up getting social engineered themselves as they handed me their real, private "business card". But I guess they got better in that by now... (Greetings!) ;-) Bye Volker Tanger IT-Security Consulting -- discon gmbh Wrangelstraße 100 D-10997 Berlin Telefon (030) 6104-3307 Telefax (030) 6104-3461 volker.tangerat_private http://www.discon.de/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 10:45:10 PST