In the modern world there are very many applications which are vulnerable to network sniffing.

These include protocols such as Telnet, FTP, rsh, etc. All of these protocols have been around for a long time; before network sniffing was commonly known/used.

On the whole protocols have evolved in such a way that passwords aren't sent as plaintext any longer; SSH has replaced telnet, SCP has replaced FTP, and various other changes have been made - such as the introduction of APOP to avoid using plaintext passwords for POP3 connections.

This application is the start of a collection of tools for performing network audits of HTTP based services.

The tool designed here is a driver application which contains a couple of simple plugins for capturing, decoding, and displaying some network logins. Currently FTP/POP3/HTTP Basic Realms and CVS logins are supported. More may arrive in the future.

    skx@hell:~$ httpcapture --help
    httpcapture - 0.4 by Steve Kemp
     Usage: httpcapture [ options ]
       --debug          Enable extra debugging output.
       --force          Don't exit if run by a non-root user.
       --help           Show this help
       --interface ethN Set the interface to listen upon.
       --list           Show all installed plugins.
       --path dir       Set an alternate plugin directory.
       --version        Show the version number of this application.
   

Download via the following link, run 'make install' to build and install the plugins in the correct location. (A simple 'make uninstall' will remove everything cleanly).

Future versions will contain more plugins, a stable plugin API, and real documentation.

To build the application you'll need the libpcap development files - it's only been tested upon Debian GNU/Linux.

• httpcapture-0.4.tar.gz [34k]