Extensible Sniffer for: HTTP (with plugins - filters), FTP, SMTP, POP3, IRC and others..., supports cookies saving in format readable by web browser (possible import of cookies), logging to file, working as daemon
Python
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
plugins
README
extsniff.py
version.xml

README

extsniff - Extensible sniffer for multi web protocols

Requires: scapy (python library), Unix-like operating system (Windows is not supported)

Supports:
+ HTTP (with plugins - filters)
+ Scanning for cookies on HTTP
+ Logging to file
+ Searching for username and password in HTTP (plugins)
+ Saving FTP usernames & passwords to file
+ Supports SMTP (only plaintext authorization)
+ Supports POP3
+ Supports GET method with --print-cookies
+ HTTP Responses manipulation support for man-in-the-middle tests
+ Facebook cookies saving (can be easily imported to web browser with one click - Cookie 
Importer for Firefox )
+ IRC Support (logging in, NickServ, ChanServ)
+ IP/MAC adress blacklisting/whitelisting
+ Cookie capturing and saving to file from any site (/root/.extsniff/cookies)
+ Supports Basic HTTP authorization

webnull-gentoo-desktop smods # extsniff --help
extsniff - extensible sniffer for GNU/Linux

Usage: extsniff [option] [long GNU option]

Valid options:
  -h, --help             : display this help
  -c, --console          : don't fork into background
  -d, --debug            : switch to debug log level
  -p, --print-cookies    : print all cookies
  -m,                    : load modules (comma separated)
  -x, --disable-http     : dont listen on HTTP port 80 (tcp port http)
  -f, --enable-ftp       : start listening on FTP port 21 (tcp port ftp)
  -r, --enable-pop3      : start listening on POP3 port 110 (tcp port 110)
  -s, --enable-smtp      : start listening on POP3 port 25 (tcp port smtp)
  -o, --enable-stdout    : enable output printing in console
  -l, --enable-logging   : enable logging messages to file when in console mode
  -u, --log-file=        : select custom log file (default: /var/log/extsniff.log)
  -i, --iface=           : custom interface to listen to
  -q, --enable-irc       : listen on 6667 and 6666 IRC ports

To start sniffing HTTP using all avaiable plugins and output results 
in console:
extsniff -m all -c -o -l

To fork sniffer to daemon just dont use "-s" (--console).
Logs you can find in /var/log/extsniff.log

To start sniffing FTP:
extsniff -x -f -c -o -l

To sniff SMTP:
extsniff -x -s -c -o -l

And POP3:
extsniff -x -r -c -o -l

Or you can set sniffer to listen on all avaiable ports:
extsniff -f -s -r -c -m all -o -l

To show URL, cookies and user-agent of all HTTP requests in console:
extsniff -c -p -o

Extsniff can also run in daemon mode, you just need to remove -c param from examples. 
Its recommended to remove -o param too when using daemon mode.

To listen on IRC ports:
extsniff -c -q -o -l # -c (dont fork to background), -q (enable IRC), -o (output to console), -l (save to logs)

# IP adress whitelisting:
 If you dont want to see yourself in logs, you can add you to whitelist - sniffer wont analyze packets 
from specified adress.

Syntax: -b file-with-blacklisted-ips
  File format:
   "192.168.1.100
    192.168.1.101,192.168.1.1"

 Syntax #2: -b "192.168.1.100,192.168.1.101,192.168.1.1"

# Blacklisting MAC/IP adress:
 Sometimes you want to focus only on specified machines in network.
 Extsniff will skip all packets not sent to/from specified machines - sniff only specified machines.

 Syntax: -b file-with-blacklisted-ips
  File format:
   "192.168.1.100
    192.168.1.101
    192.168.1.102,192.168.1.103"

 Syntax #2: -b "192.168.1.100,192.168.1.101,192.168.1.102,192.168.1.103"

Changelog:
23.07.2011 (v.1.4.2) <webnull.www@gmail.com>:
    * Switched to pcap in Scapy (lossing less packets)

30.07.2011 (v.1.4.1):
    * Changed Python version from python2.7 to python

29.07.2011 (v.1.4):
    + Created changelog and added versioning informations