Hacking Book | Free Online Hacking Learning

Home

share your technology and add some temperature for safety

Posted by agaran at 2020-02-27
all

0x00 foreword:

This tool is only used for safety technology learning and education. Illegal use is prohibited!

In case that you do something wrong, I have to go back to 0x01 to introduce:

Xplico network data forensics tool

Personal understanding is that under the premise of ARP hijacking, you can get the information about the email, an account password, and the account password of a site with expired certificates

Xplico is an IP traffic decoder used to extract data from Internet traffic application data. It can extract pop, IMAP and SMTP protocols of each email from pcap file, extract all HTTP content, VoIP calls (SIP, RTP, H323, Megaco, MGCP), IRC, MSN, etc. It is not a packet sniffer or network protocol analyzer, but a decoder or network forensic analysis tool (NFAT) for IP / Internet traffic. For detailed official instructions, see this: https://bbs.ichunqiu.com/forum.p... Mp; highlight = xplico is official, and I don't understand it at all, so let me talk about how to install and use it for novices,

0x02 installation:

Of course, it needs to be installed, with my update link

This product includes geolite data provided by maxmind http://www.maxmind.com/. Usage: xplico [- v] [C < config ﹣ u File >] [- H] [S] [g] [l] [I < prot >] - M < compute ﹣ module > - V version - C configuration file - h this help - I protocol protection information '- G protocol display tree-l Print all logs on the screen - s print the reconding status every second - M capture module type note: Parameters must follow this order! Current version used:

Location in Kali Linux menu

This crap is used in the UI of the web page. Don't think it's from the command line. There's no graphical interface. I haven't used this before. I don't understand it at all. I found that there's no port. I found the official document. The document said that I need Apache 2 service

Start apache2 service

As soon as the port is opened, you can refresh the web page and make this error. He said that let me run this service. You can directly click / etc / init.d/xplico start, which means start Xplico service, and then we start it. It may not refresh. Some people say we need to climb over the wall, but I don't think we need to. I'll just break the local network card. Here, if you can't refresh it, please try to refresh it with an English interface

Now there's no problem with the tool. Next, let's see how to play. No, demad has reported an error. After a careful look, we need to choose a starter as the heel. This should be the initial setting. Let's do it according to what he said

It's obvious that if you don't start it, you don't have this login

Let's see the point. This product supports Chinese

Default password xplico:xplico, you understand

After logging in, there's basically nothing you can play with. The latest case (meaning to create a new project) here, I'll create one randomly to see how to play

Click on the session you created before

It's found that it's empty because we haven't set it in detail. Then click New callback, that is, session

Just type in a name

Choose the session name you just created. 1234 will jump directly. Here, you will receive real-time data directly, that is, the local traffic without ARP spoofing. Let's try it

I think you can understand as long as you graduate from primary school

If it is left blank here, there will be no data display. It needs to be set

Because just a few pages are in Kali, there must be navigation on the left side and display on the right side of DNS packets

If you still think it's a weak point here, it's that you haven't combined with ARP deception. Previously, we needed to manually knock one by one, but now it's different. We can analyze the captured packets online or locally, and at the beginning of the setting, we can choose the local pcap data for analysis

Make complaints about it. Chinese translation is a bit of a translation. Cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, cough, Open wirehack to start capturing packets, and then take them to the virtual machine for testing. Remember to save them in pcap data format,

In addition to the Apache 2 service we need to start, we also need to start the service of xplico itself when we go back. After these two services are started, we need to access the 9876 port of the local interface. The intermediate steps are similar to those before, except that When you grab the real-time traffic, you can choose Chinese. When you use the data packets captured locally and the saved pcap files for analysis, you must choose English. Otherwise, an error will be reported. Then we need to set the filter to only view the traffic of which interfaces. Note: when you upload the pcap files We must use English. In the Chinese environment, we will report errors. In the English environment, we will not. Maybe there is a problem in the middle. I tried to modify the PHP configuration file, but I found that it is not that problem. After he uploaded it, he needs to automatically analyze and classify it for us,

Here we choose a typical case to show you. You can't restore the pictures with wirehack, ha ha. Let's look at other things. The figure below shows the capture of a single file. Similarly, in his filtering, he can also capture the video files, some flash, etc,

0x06 summary: I think this tool is very useful. If you add the deception of ettercap and ARP, I think the main sentences under the same LAN will hang up. I often hear my goddess say that LAN is the most insecure. You never know what other people are doing in a low position. Every time you disconnect the network, it may be the beginning of a hijacking.