Home > hack tools > network sniffing > Wall of Sheep - a password sniffing tool

Wall of Sheep - a password sniffing tool

April 15, 2017 ,
The Wall of Sheep is dedicated to network security research and we make use of a powerful API provided by RethinkDB, Firebase to store and sync data in realtime.

Without SSL/TLS, your password is just like streaking. Therefore, we recommend that service provider in the list should secure their websites with HTTPS.

You can check out the demo page. The circle symbolizes that the status of sniffer program. Green is online, otherwise offline.

We built sniffer in two languages Python and Node.js. The Node.js version support on OSX and Linux. Unfortunately, The Python version only support on Linux.

New implementation in Node.js

[April 18, 2015 Updated] Add Node.js sniffer implementation. Now OSX user can play with it. 😆

We believe that using JavaScript is more efficient. Please refer to Why capture packets in JavaScript?

In simple terms

Event-based.
Handling binary data is fast and efficient.
Good HTTP parser.


Installation

Here is installation method.

Using brew install Node.js, npm and rethinkdb (option).

$ brew update
$ brew install node
$ brew install npm
$ brew install rethinkdb
Clone the repo and change directory to nodejs folder.

$ git clone git@github.com:John-Lin/wallofsheep.git
Packet capturing depends on mranney/node_pcap and save data to RethinkDB using neumino/thinky (option) you can use npm to get these packages.

$ npm install
That's it.

Basic usage

Two ways to use

Not saving the credentials. Start the sniffer with sudo

john at JohnsMacBook-Air in ~/Repository/wallofsheep/nodejs (master●●)
$ sudo node sniffer.js -i en0
[-] Loading RethinkDB module.
  _       _____    __    __       ____  ______   _____ __  __________________
| |     / /   |  / /   / /      / __ \/ ____/  / ___// / / / ____/ ____/ __ \
| | /| / / /| | / /   / /      / / / / /_      \__ \/ /_/ / __/ / __/ / /_/ /
| |/ |/ / ___ |/ /___/ /___   / /_/ / __/     ___/ / __  / /___/ /___/ ____/
|__/|__/_/  |_/_____/_____/   \____/_/       /____/_/ /_/_____/_____/_/
[*] Using interface: en0
[192.168.0.16:61881 -> 140.***.**.***:80] Account: hello@gmail.com
[192.168.0.16:61881 -> 140.***.**.***:80] Password: thisispassword
Saving credentials in RethinkDB need -s option.

First, start the RethinkDB server like this:

$ rethinkdb
info: Creating directory 'rethinkdb_data'
info: Listening for intracluster connections on port 29015
info: Listening for client driver connections on port 28015
info: Listening for administrative HTTP connections on port 8080
info: Server ready
Second, open a new terminal and start the sniffer with sudo

john at JohnsMacBook-Air in ~/Repository/wallofsheep/nodejs (master●●)
$ sudo node sniffer.js -i en0 -s
[-] Loading RethinkDB module.
  _       _____    __    __       ____  ______   _____ __  __________________
| |     / /   |  / /   / /      / __ \/ ____/  / ___// / / / ____/ ____/ __ \
| | /| / / /| | / /   / /      / / / / /_      \__ \/ /_/ / __/ / __/ / /_/ /
| |/ |/ / ___ |/ /___/ /___   / /_/ / __/     ___/ / __  / /___/ /___/ ____/
|__/|__/_/  |_/_____/_____/   \____/_/       /____/_/ /_/_____/_____/_/
[*] Using interface: en0
[192.168.0.16:61881 -> 140.***.**.***:80] Account: hello@gmail.com
[192.168.0.16:61881 -> 140.***.**.***:80] Password: thisispassword


How to Run Web

Deploy firebase web
First, Install firebase toolkits.

╭─~/Coding/Projects/web/wallofsheep/firebase_app on master✔ using
╰─± npm install -g firebase-tools
Find out the following code snippet in firebase_app/index.html and change to your own firebase's project id and create both pwd_table & status table in the Firebase management panel.

var myDataRef = new Firebase('https://<your-project-id>.firebaseio.com/pwd_table'),
    statusRef = new Firebase('https://<your-project-id>.firebaseio.com/status'),
Last, just do

╭─~/Coding/Projects/web/wallofsheep/firebase_app on master✔ using
╰─± firebase deploy
After a moment, you can find your site on https://your-project-id.firebaseapp.com

Running web implemented in express
Just change directory to express_app, do the following command, do not forget to run rethinkdb and sniffer.js metioned above.

╭─~/Coding/Projects/web/wallofsheep/express_app on master✔ using
╰─± npm install & npm start
Now, You can wait for the comming sheep 😄


Work in progress

 Support RethinkDB provided push/sync data in realtime.
 Parsing user/password in IMAP protocol.
 Parsing user/password in POP3 protocol.
 A new Web interface for showing off rely on RethinkDB.
 Any protocol not encrypted (e.g., telnet, irc etc.)





GITHUB PROJECT

Post a Comment

No comments

Note: Only a member of this blog may post a comment.

Powered by Blogger.