Script for sniffing traffic – YAMAS by comaX

Posted on May 30, 2011 by admin


Current main features are :
- Real-time output of creds without definition files : any credential, from any website whould show up
- Log parsing for user-friendly output.
- Network mapping for host discovery.
- Can save dumped passwords to file as well as the whole log file.
- Support for multiple targets on the network, as well as adding targets after attack is launched.
- Sslstrip checking (existence, executable, directory, check version, update…)
- Standalone script, updatable, interactive (new !).


Basically its main advantage is that it produces credentials sniffed in real time, and doesn’t require ANY program to parse through the actual log file. It does everything on its own. However, the biggest CON here is that the live output shows ONLY the password+account/email. It DOES NOT show to which websites are those credentials linked to. Which kind of loses the entire purpose of live output, but still makes it easier to search for the site in the actual log file. As of version 0.8 such a CON no longer exists. The script now shows live credentials PLUS the website for which these credentials are valid.

 

Official website: http://comax.pagesperso-orange.fr/info/#yamas

Actual script : http://comax.pagesperso-orange.fr/info/mitm/#axzz1NphSAxjw

Change log for v0.8:
- Tail-greping log file so we can be sure there is traffic being sniffed
- New parsing method from scratch : should be lighter, less CPU consuming, and most of all, outputs websites as well.
This should be tested though to ensure maximum reliability. PLease report back !
- More improvements.

As of version 0.8 this is by far the best credential sniffing script available to the general public. It has everything you would ever need.

Note: Doesn’t work on N900 as currently arpspoof isn’t available to Maemo.
UPDATED 5 June 2011/ version 0.8.3

This entry was posted in Backtrack. Bookmark the permalink.
  • http://comax.pagesperso-orange.fr/ comaX

    Hi ! I just saw your article, and I’m glad you made it !

    About the fact that live output doesn’t show the websites : you’re unfortunately right, but I’m working on this. It’s not quite easy though, so if anyone has an idea, I’m all ears.

    Also, keep in mind that people mostly use the same logins and pass prety much everywhere, so it shouldn’t be much of a problem. Anyway, it would be really nice to have this feature, so I’ll keep working on that. I’ll try and keep you posted.

    Thanks for the article ;)

  • http://pcsci3nce.info admin

    No problem, thanks for the script ;) Its by far the most supported one and with the most features, at least available to the public.

  • http://comax.pagesperso-orange.fr/ comaX

    It’s me again ! I updated it and…
    You can edit your post to delete the “CON” part :p

    Yep, sir ! Websites do show up now ! I spent the whole afternoon on that, I hope you’ll like it ! Also, thanks to that version is now 0.8, so you might want to update your screenshot ;)

  • http://pcsci3nce.info admin

    Thanks for the input comaX. It works like a charm ;) . Keep up with the good work. Updated the article and will update the screenshot later.

    • http://comax.pagesperso-orange.fr/ comaX

      Hi, how is it possible to contact you ? admin@pcsci3ence.info ?
      Here’s mine in case you’d rather not display yours : contact.comax@gmail.com

      • http://pcsci3nce.info admin

        Wrote you an email.

  • Pingback: New script for sniffing credentials – Yamas-ARM for the N900 by comaX | pcsci3nce.info

  • Pingback: New script for sniffing credentials – Yamas-ARM for the N900 by comaX | pcsci3nce.info

  • Pingback: Sniffing Facebook cookies with Wireshark | pcsci3nce.info