Termux is an increasingly popular tool, as it is accessible to almost any user interested in programming and has a lot of complementary tools. This time, ethical hacking experts from the International Institute of Cyber Security (IICS) will show you how to create a sniffer in Termux without requiring root user permissions.
As usual, we remind you that this article was prepared for informational purposes only, so IICS is not responsible for the misuse that may be given to the information contained herein.
For those users unfamiliar with the term, remember that sniffer refers to a computer program capable of intercepting information and capturing traffic from the target system. According to experts in ethical hacking, this software captures any data flow and, if necessary, decodes the information and stores it sequentially.
The sniffer will create a fake SSDP device (UPnP) with which they can trick the target system into sending the desired information to the malicious location, keeping a detailed record of the victim’s activities. Let’s see how to use the tool presented on this occasion.
Installation
pkg update
pkg upgrade
Next, we install the packages we need: Git and Python.
apt install git -y
apt install python -y
Now we balance the instrument itself
git clone https://github.com/initstring/evil-ssdp
cd evil-ssdp
Next we will launch the tool:
python evil_ssdp.py eth0
The installation process will continue. In case you require help to use the tool, experts in ethical hacking recommend using these commands:
usage: evil_ssdp.py [-h] [-p PORT] [-t TEMPLATE] [-s SMB] [-b] [-r REALM]
[-u URL]
interface
positional arguments:
interface Network interface to listen on.
optional arguments:
-h, --help show this help message and exit
-p PORT, --port PORT Port for HTTP server. Defaults to 8888.
-t TEMPLATE, --template TEMPLATE
Name of a folder in the templates directory. Defaults
to "office365". This will determine xml and phishing
pages used.
-s SMB, --smb SMB IP address of your SMB server. Defalts to the primary
address of the "interface" provided.
-b, --basic Enable base64 authentication for templates and write
credentials to log file.
-r REALM, --realm REALM
Realm when prompting target for authentication via
Basic Auth.
-u URL, --url URL Redirect to this URL. Works with templates that do a
POST for logon forms and with templates that include
the custom redirect JavaScript (see README for more
info).[example: -r https://google.com]
-a, --analyze Run in analyze mode. Will NOT respond to any SSDP
queries, but will still enable and run the web server
for testing.
These are all the commands needed to familiarize you with the tool. Ethical hacking experts recommend trying them out for a better experience.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.