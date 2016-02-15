NetRipper - Smart Traffic Sniffing for Penetration Testers
NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption.
NetRipper was released at Defcon 23, Las Vegas, Nevada.
It should be able to capture network traffic from: Putty, WinSCP, SQL Server Management Studio, Lync (Skype for Business), Microsoft Outlook, Google Chrome, Mozilla Firefox. The list is not limited to these applications but other tools may require special support.
Command Line:
Injection: NetRipper.exe DLLpath.dll processname.exe Example: NetRipper.exe DLL.dll firefox.exe Generate DLL: -h, --help Print this help message -w, --write Full path for the DLL to write the configuration data -l, --location Full path where to save data files (default TEMP) Plugins: -p, --plaintext Capture only plain-text data. E.g. true -d, --datalimit Limit capture size per request. E.g. 4096 -s, --stringfinder Find specific strings. E.g. user,pass,config Example: NetRipper.exe -w DLL.dll -l TEMP -p true -d 4096 -s user,pass
