Visit trapper at: www.nediam.com.mx/trapper ---:[ Trapper Tutorial ]:--- 1.- Requirements 2.- What is trapper? 3.- Installing 4.- Usage 5.- Saved data ---:[ Requirements ]:--- Before using trapper you will require this modules. -Net::IP -Net::RawIP -Getopt::Std -NetPacket::Ethernet -Time::HiRes -Net::Pcap -Net::Ping -Net::ARP -Proc::Simple -Net::Frame -Net::Frame::Layer::ARP -Net::Frame::Simple -Net::Frame::Dump::Online -NetPacket::IP -NetPacket::TCP ---:[ Description ]:--- Trapper is a simple tool for sniffing protocols like http, ftp, telnet pop3, imap, smtp, msn, irc and smb. Also this tool include the attack known as APR ( ARP Poison Routing ). More protocols and types of attacks will be added in the future. ---:[ Installation ]:--- First download the lastest version of trapper in this case we will use trapper-0.3.5.tar.gz, so lets start: trapperbox # wget nediam.com.mx/trapper/download/trapper-0.3.5.tar.gz trapperbox # tar zxvf trapper-0.3.5.tar.gz trapperbox # perl install.pl Here we will wait until all the modules are installed if by any chance you get an error due cpan, try to install it manually which will take you no more than 5 minutes... you can search for the modules in: http://search.cpan.org After you and done, now we can run trapper as: trapperbox # ./trapper.pl ---:[ Usage ]:--- You can use the options you want ;) buts lets do some examples shall we? trapperbox # ./trapper.pl -i ath0 -sniff [*] Supported protocols: 1. HTTP (Cookie supported) 2. FTP 3. TELNET 4. POP3 5. IMAP 6. SMTP 7. MSN 8. IRC (Convos supported) 9. SMB 10. ALL Select option(s) [default: 10]: Lets say i wanna only sniff http, ftp, pop3 and smtp so we put the following option: Select option(s) [default: 10]: 1 2 4 6 Press ENTER and trapper will start listening on those ports for passwords or any good information. Now if by any chance the brilliant admin is running the services on another ports well in this case we can use the configuration file provided by trapper. trapperbox # nano trapper.conf And we edit whatever we want, example: ftp = "1832" # default 21 telnet = "328" # default 23 smtp = "3133" # default 25 ......... When you run trapper again, it will automatically start sniffing on those ports. Another cool thing about trapper is that we can fake the mac address.. you can choose between doing it by trapper or manually its up to you, in this case we will choose trapper. trapperbox # ./trapper.pl -i ath0 -m sniff -f 00:11:22:33:44:55 (for atheros cards you need to install madwifi in other to change your mac) [*] Fake your mac address, please follow the steps... [*] Number of linux distro ( 'L' for list): l 1) Ubuntu 2) Debian/Slackware/Mandriva/Fedora/Other [*] Choose a number: 2 You choose your number and woala mac changed and trapper will run after that. Trapper has a verbose option for protocols like: msn, irc, http cookie sniffing. Why is that? to avoid flood on the screen but you are able to enable them if you want trapperbox # ./trapper.pl -i ath0 -m sniff -v irc or trapperbox # ./trapper.pl -i ath0 -m sniff -v irc,msn or trapperbox # ./trapper.pl -i ath0 -m sniff -v irc,msn,cookie * We do not recommend this option because of the amount of flood you can have. * Now lets move on to the APR attack mode: trapperbox # ./trapper.pl -i ath0 -m apr -f 00:11:22:33:44:55 [*] MODE SELECTED: ARP POISON ROUTING [*] Specify the range to scan (ex. 192.168.1.0 - 192.168.1.254 ) Range: We specify the range you wanna scan for possible victims Range: 192.168.1.0 - 192.168.1.254 Press ENTER and wait until the scanning is over.. when trapper finishes it will show you all the victims IP and Mac Address and the total.. after that you can see: ( you also can see the victims list in "hosts.txt" file ) [*] Select Option: [*] 1) One-to-One: Hijack the traffic only between two particular hosts [*] 2) One-to-All: Hijack the network faking a single host (The default gateway is a good option) [*] 3) Hijack the entire network Type of attack: You choose whatever your criteria is, in this case we will use "3", press ENTER and you will start infecting the victims, after that the sniffer will activate and ask you for the same options that we discussed above, put your options, press ENTER and enjoy your sniffing. ---:[ Saved data ]:--- All the data is saved in: /irc.txt /telnet.txt /http.txt /cookies.txt /ftp.txt /smb.txt /pop3.txt /imap.txt MSN conversations, e-mails and irc conversations are saved in: /msn/ /mails/ /$server/$channel /irc/private_msg/ FTP files saved in: /ftp_files/ ---:[ EOF ]:--- Enjoy it!