Sniffing is an essential phase in pentesting. Many times security researchers/ pentesters wants to sniff their target so they can prepare more better for further phases, as per ethical hacking professionals. There are many ways to sniff target. And there are many automation tools which helps in analyzing the network packets. We are talking about JUSTNIFFER.
According to ethical hacking researcher of International Institute of Cyber Security, Justniffer can be used in various phases of network pentesting.
Justniffer is a network packet analyzing tool used in sniffing the target on network. This tool can analyze capture traffic and can show them in customized logs. Security researcher/ pentester can get logs using customize keywords. Justniffer covers most of common network protocols which are used in communicating on the network. Justniffer is makes easy to analyze low level network issues such as TCP retransmission & IP fragmentation, mention ethical hacking experts.
- Justniffer has tested on Ubuntu 16.04. According to developers of justniffer can be used on old versions of Ubuntu 11.04, 11.10, 12.04, 14.04.
- For downloading Ubuntu 16.04 go to : https://releases.ubuntu.com/16.04/ubuntu-16.04.5-desktop-amd64.iso
- After installing Ubuntu. Type sudo add-apt-repository ppa:oreste-notelli/ppa
- After adding repository follow below steps:
root@ubuntu:/home/iicybersecurity/Downloads# sudo add-apt-repository ppa:oreste-notelli/ppa
justniffer is a tcp packet sniffer. It can log network traffic in a 'standard' (web server like) or in a customized way. It can also log response times, useful for tracking network services performances (e.g. web server, application server, etc.).
More info: https://launchpad.net/~oreste-notelli/+archive/ubuntu/ppa
Press [ENTER] to continue or ctrl-c to cancel adding it
gpg: keyring/tmp/tmpggqzg45b/secring.gpg' created gpg: keyring
/tmp/tmpggqzg45b/pubring.gpg' created
gpg: requesting key E404C48A from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpggqzg45b/trustdb.gpg: trustdb created
gpg: key E404C48A: public key "Launchpad justniffer" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK
- Then type sudo apt-get update
root@ubuntu:/home/iicybersecurity/Downloads# sudo apt-get update
Hit:1 https://us.archive.ubuntu.com/ubuntu xenial InRelease
Get:2 https://ppa.launchpad.net/oreste-notelli/ppa/ubuntu xenial InRelease [22.4 kB]
Get:3 https://ppa.launchpad.net/oreste-notelli/ppa/ubuntu xenial/main amd64 Packages [556 B]
Get:4 https://ppa.launchpad.net/oreste-notelli/ppa/ubuntu xenial/main i386 Packages [556 B]
Get:5 https://ppa.launchpad.net/oreste-notelli/ppa/ubuntu xenial/main Translation-en [308 B]
Fetched 23.9 kB in 3s (7,043 B/s)
Reading package lists… Done
- Type sudo apt-get install justniffer
root@ubuntu:/home/iicybersecurity/Downloads# sudo apt-get install justniffer
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
libboost-program-options1.58.0 libboost-regex1.58.0
The following NEW packages will be installed:
justniffer libboost-program-options1.58.0 libboost-regex1.58.0
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 524 kB of archives.
After this operation, 2,196 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 https://us.archive.ubuntu.com/ubuntu xenial/main amd64 libboost-program-options1.58.0 amd64 1.58.0+dfsg-5ubuntu3 [138 kB]
Get:2 https://ppa.launchpad.net/oreste-notelli/ppa/ubuntu xenial/main amd64 justniffer amd64 0.5.15-0~131~ubuntu16.04.1 [125 kB]
Get:3 https://us.archive.ubuntu.com/ubuntu xenial/main amd64 libboost-regex1.58.0 amd64 1.58.0+dfsg-5ubuntu3 [261 kB]
Fetched 524 kB in 3s (147 kB/s)
Selecting previously unselected package libboost-program-options1.58.0:amd64.
(Reading database … 184176 files and directories currently installed.)
Preparing to unpack …/libboost-program-options1.58.0_1.58.0+dfsg-5ubuntu3_amd64.deb …
Unpacking libboost-program-options1.58.0:amd64 (1.58.0+dfsg-5ubuntu3) …
Selecting previously unselected package libboost-regex1.58.0:amd64.
Preparing to unpack …/libboost-regex1.58.0_1.58.0+dfsg-5ubuntu3_amd64.deb …
Unpacking libboost-regex1.58.0:amd64 (1.58.0+dfsg-5ubuntu3) …
Selecting previously unselected package justniffer.
Preparing to unpack …/justniffer_0.5.15-0~131~ubuntu16.04.1_amd64.deb …
Unpacking justniffer (0.5.15-0~131~ubuntu16.04.1) …
Processing triggers for libc-bin (2.23-0ubuntu10) …
Processing triggers for man-db (2.7.5-1) …
Setting up libboost-program-options1.58.0:amd64 (1.58.0+dfsg-5ubuntu3) …
Setting up libboost-regex1.58.0:amd64 (1.58.0+dfsg-5ubuntu3) …
Setting up justniffer (0.5.15-0~131~ubuntu16.04.1) …
Processing triggers for libc-bin (2.23-0ubuntu10) …
- If your are using any other Linux distros. Type wget https://sourceforge.net/projects/justniffer/files/justniffer_0.5.15.tar.gz/download
- Type tar -xvzf justniffer_0.5.15.tar.gz
- Make sure you installed all the required libraries. The below mentioned libraries can be installed using sudo apt-get update && sudo apt-get install <libraries>
- Libraries are :
- patch
- tar
- autotools
- make
- libc6
- libpcpap0.8
- g++
- gcc
- libboost-iostreams
- libboost-porogram-options
- libboot-regex
- After installation type justniffer –version to check if it is installed.
root@ubuntu:/home/iicybersecurity# justniffer --version
justniffer 0.5.14
Written by Oreste Notelli oreste.notelli@plecno.com
Copyright (c) 2007- 2016 Plecno s.r.l.
- Justniffer works with network interface. For knowing network interface of you Linux distros type ifconfig
root@ubuntu:/home/iicybersecurity# ifconfig
ens33 Link encap:Ethernet HWaddr 00:0c:29:d7:ed:a1
inet addr:192.168.1.6 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::eddd:700e:2477:8da0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25129 errors:0 dropped:0 overruns:0 frame:0
TX packets:18127 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18736101 (18.7 MB) TX bytes:2536084 (2.5 MB)
- In this scenario ens33 is the network interface which will be used in justniffer.
- Type justniffer -l “%response.time.begin”
- -l is used to show output in log form.
root@ubuntu:/home/iicybersecurity/Downloads# justniffer -l "%response.time.begin"
0.285771
0.306928
0.304552
0.278160
0.289295
0.276613
0.314918
- After executing the above query, Server response with the requested URL. At that time above query begins and records time from server to the client.
- The above query can be used to check the response time in network pentesting.
- Type justniffer -l “%request.header.cookie”
- -l is used to show output in log form.
root@ubuntu:/home/iicybersecurity# justniffer -l "%request.header.cookie"
_ga=GA1.2.336292582.1550218454; _gid=GA1.2.2094894364.1550218454; __gads=ID=b5f4a681f0a23b12:T=1550218454:S=ALNI_MbarcPt5qZsZ9DdYG2s3MXp3_qf8g
- Above output shows request cookie which is send by the server in response to HTTP request. This can be used in network to sniff all cookie and perform cookie stealing as sone by malwares that steals session cookies.
- Type justniffer -i ens33 -p “port 80”
- -i is used to enter the network interface.
- -p is used to enter the port number.
root@ubuntu:/home/iicybersecurity# justniffer -i ens33 -p "port 80"
192.168.1.6 - - [-] "" - 0 "" ""
192.168.1.6 - - [-] "" - 0 "" ""
192.168.1.6 - - [-] "" - 0 "" ""
192.168.1.6 - - [15/Feb/2019:02:37:53 -0800] "GET /js/side-bar.js HTTP/1.1" 302 215 "https://www.iicybersecurity.com/ethical-hacking.html" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
192.168.1.6 - - [-] "" - 0 "" ""
192.168.1.6 - - [-] "" - 0 "" ""
192.168.1.6 - - [15/Feb/2019:02:38:10 -0800] "GET /teams/baseball HTTP/1.1" 302 416 "https://www.azpreps365.com/sections/beach-volleyball" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
192.168.1.6 - - [15/Feb/2019:02:38:11 -0800] "GET /teams/baseball/6a HTTP/1.1" 200 0 "https://www.azpreps365.com/sections/beach-volleyball" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
192.168.1.6 - - [-] "" - 0 "" ""
192.168.1.6 - - [15/Feb/2019:02:38:13 -0800] "GET /account/session HTTP/1.1" 200 0 "https://www.azpreps365.com/teams/baseball/6a" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
192.168.1.6 - - [15/Feb/2019:02:38:33 -0800] "GET /program-operators/logos/64x64/westview-knights-98aafb.png HTTP/1.1" 200 4829 "https://www.azpreps365.com/teams/baseball/1481-alhambra/115144-varsity" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
192.168.1.6 - - [15/Feb/2019:02:38:33 -0800] "GET /program-operators/logos/64x64/pinnacle-pioneers-2a4ebe.png HTTP/1.1" 200 5218 "https://www.azpreps365.com/teams/baseball/1481-alhambra/115144-varsity" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
192.168.1.6 - - [15/Feb/2019:02:38:33 -0800] "GET /program-operators/logos/64x64/copper-canyon-aztecs-43e8a5.png HTTP/1.1" 200 7963 "https://www.azpreps365.com/teams/baseball/1481-alhambra/115144-varsity" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
- Above query shows GET response from the server. In GET response it retrives with What HTTP version is used.
- Above query has also fetched the user agent with its ID. The above query is also downloading some images.
- Type justniffer -l “%dest.ip”
- -l is used to show output in log form.
root@ubuntu:/home/iicybersecurity# justniffer -l "%dest.ip"
172.217.167.206
172.217.167.206
216.58.203.132
216.58.203.132
172.217.167.206
216.58.203.132
109.63.142.253
109.63.142.253
- After executing above query, justniffer has gather dest IP addresses. The above information can be used to verifiy URL IP address. The above information can also be used in other hacking activities.
Now to Grabbing Images of users on Network :-
- For downloading images use query grap-http-traffic. The query does not come pre-installed in justniffer.
- For downloading query type git clone https://github.com/onotelli/justniffer
root@ubuntu:/home/iicybersecurity# git clone https://github.com/onotelli/justniffer
Cloning into 'justniffer'…
remote: Enumerating objects: 1287, done.
remote: Total 1287 (delta 0), reused 0 (delta 0), pack-reused 1287
Receiving objects: 100% (1287/1287), 2.94 MiB | 735.00 KiB/s, done.
Resolving deltas: 100% (932/932), done.
Checking connectivity… done.
- Type cd justniffer & ls
root@ubuntu:/home/iicybersecurity# cd justniffer/
root@ubuntu:/home/iicybersecurity/justniffer# ls
acinclude.m4 build_debian.sh config.sub COPYING include justmonitor ltmain.sh make-release.sh README
aclocal.m4 ChangeLog configure debian info.json justniffer.8 m4 missing src
AUTHORS compile configure.ac depcomp INSTALL justniffer.8.in Makefile.am NEWS test
autom4te.cache config.guess configure.ac.in doc install-sh lib Makefile.in python ws
- Type ./configure
root@ubuntu:/home/iicybersecurity/justniffer# ./config
config.guess config.sub configure
root@ubuntu:/home/iicybersecurity/justniffer# ./configure
checking for a BSD-compatible install… /usr/bin/install -c
checking whether build environment is sane… yes
checking for a thread-safe mkdir -p… /bin/mkdir -p
checking for gawk… no
checking for mawk… mawk
checking whether make sets $(MAKE)… yes
checking whether make supports nested variables… yes
checking whether to enable maintainer-specific portions of Makefiles… no
checking for bash… yes
BASH_F= yes
checking for g++… g++
checking whether the C++ compiler works… yes
checking for C++ compiler default output file name… a.out
checking for suffix of executables…
checking whether we are cross compiling… no
checking for suffix of object files… o
checking whether we are using the GNU C++ compiler… yes
checking whether g++ accepts -g… yes
checking for style of include used by make… GNU
checking dependency style of g++… gcc3
checking dependency style of g++… (cached) gcc3
gcc: fatal error: no input files
compilation terminated.
checking for gcc… gcc
checking whether we are using the GNU C compiler… yes
checking whether gcc accepts -g… yes
checking for gcc option to accept ISO C89… none needed
checking whether gcc understands -c and -o together… yes
checking dependency style of gcc… gcc3
checking dependency style of gcc… (cached) gcc3
checking how to run the C preprocessor… gcc -E
checking for grep that handles long lines and -e… /bin/grep
checking for egrep… /bin/grep -E
checking for ANSI C header files… yes
checking for sys/types.h… yes
checking for sys/stat.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for memory.h… yes
checking for strings.h… yes
checking for inttypes.h… yes
checking for stdint.h… yes
checking for unistd.h… yes
checking sys/time.h usability… yes
checking sys/time.h presence… yes
checking for sys/time.h… yes
checking for an ANSI C-conforming const… yes
checking for inline… inline
checking for strftime… yes
checking for stdbool.h that conforms to C99… yes
checking for _Bool… yes
checking whether time.h and sys/time.h may both be included… yes
checking whether struct tm is in sys/time.h or time.h… time.h
checking netinet/ip.h usability… yes
checking netinet/ip.h presence… yes
checking for netinet/ip.h… yes
checking build system type… x86_64-unknown-linux-gnu
checking host system type… x86_64-unknown-linux-gnu
checking how to print strings… printf
checking for a sed that does not truncate output… /bin/sed
checking for fgrep… /bin/grep -F
checking for ld used by gcc… /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld… yes
checking for BSD- or MS-compatible name lister (nm)… /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface… BSD nm
checking whether ln -s works… yes
checking the maximum length of command line arguments… 1572864
checking whether the shell understands some XSI constructs… yes
checking whether the shell understands "+="… yes
checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format… func_convert_file_noop
checking how to convert x86_64-unknown-linux-gnu file names to toolchain format… func_convert_file_noop
checking for /usr/bin/ld option to reload object files… -r
checking for objdump… objdump
checking how to recognize dependent libraries… pass_all
checking for dlltool… no
checking how to associate runtime and link libraries… printf %s\n
checking for ar… ar
checking for archiver @FILE support… @
checking for strip… strip
checking for ranlib… ranlib
checking command to parse /usr/bin/nm -B output from gcc object… ok
checking for sysroot… no
checking for mt… mt
checking if mt is a manifest tool… no
checking for dlfcn.h… yes
checking for objdir… .libs
checking if gcc supports -fno-rtti -fno-exceptions… no
checking for gcc option to produce PIC… -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works… yes
checking if gcc static flag -static works… yes
checking if gcc supports -c -o file.o… yes
checking if gcc supports -c -o file.o… (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries… yes
checking whether -lc should be explicitly linked in… no
checking dynamic linker characteristics… GNU/Linux ld.so
checking how to hardcode library paths into programs… immediate
checking whether stripping libraries is possible… yes
checking if libtool supports shared libraries… yes
checking whether to build shared libraries… yes
checking whether to build static libraries… yes
checking how to run the C++ preprocessor… g++ -E
checking for ld used by g++… /usr/bin/ld -m elf_x86_64
checking if the linker (/usr/bin/ld -m elf_x86_64) is GNU ld… yes
checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries… yes
checking for g++ option to produce PIC… -fPIC -DPIC
checking if g++ PIC flag -fPIC -DPIC works… yes
checking if g++ static flag -static works… yes
checking if g++ supports -c -o file.o… yes
checking if g++ supports -c -o file.o… (cached) yes
checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries… yes
checking dynamic linker characteristics… (cached) GNU/Linux ld.so
checking how to hardcode library paths into programs… immediate
checking for pcap_open_live in -lpcap… no
checking for boostlib >= 1.46… configure: We could not detect the boost libraries (version 1.46 or higher). If you have a staged boost library (still not installed) please specify $BOOST_ROOT in your environment and do not give a PATH to --with-boost option. If you are sure you have boost installed, then check your version number looking in . See https://randspringer.de/boost for more documentation.
checking whether the Boost::Regex library is available… no
checking whether the Boost::Program_Options library is available… no
checking whether the Boost::IOStreams library is available… no
checking for lib/libnids-1.21_patched/README.original… yes
./configure: line 17253: AX_PYTHON: command not found
checking that generated files are newer than configure… done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating python/Makefile
config.status: creating include/config.h
config.status: executing depfiles commands
config.status: executing libtool commands
=== configuring in lib/libnids-1.21_patched (/home/iicybersecurity/justniffer/lib/libnids-1.21_patched)
configure: running /bin/bash ./configure.gnu --disable-option-checking '--prefix=/usr/local' --cache-file=/dev/null --srcdir=.
checking build system type… x86_64-unknown-linux-gnu
checking host system type… x86_64-unknown-linux-gnu
checking target system type… x86_64-unknown-linux-gnu
checking for gcc… gcc
checking whether the C compiler works… yes
checking for C compiler default output file name… a.out
checking for suffix of executables…
checking whether we are cross compiling… no
checking for suffix of object files… o
checking whether we are using the GNU C compiler… yes
checking whether gcc accepts -g… yes
checking for gcc option to accept ISO C89… none needed
checking for ranlib… ranlib
checking for a BSD-compatible install… /usr/bin/install -c
checking how to run the C preprocessor… gcc -E
checking for grep that handles long lines and -e… /bin/grep
checking for egrep… /bin/grep -E
checking for ANSI C header files… yes
checking for sys/types.h… yes
checking for sys/stat.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for memory.h… yes
checking for strings.h… yes
checking for inttypes.h… yes
checking for stdint.h… yes
checking for unistd.h… yes
checking sys/time.h usability… yes
checking sys/time.h presence… yes
checking for sys/time.h… yes
checking syslog.h usability… yes
checking syslog.h presence… yes
checking for syslog.h… yes
checking for unistd.h… (cached) yes
checking for an ANSI C-conforming const… yes
checking for inline… inline
checking whether time.h and sys/time.h may both be included… yes
checking whether byte ordering is bigendian… no
checking for gettimeofday… yes
checking for socket in -lsocket… no
checking for gethostbyname in -lnsl… yes
checking for libpcap… configure: error: libpcap not found
configure: error: ./configure.gnu failed for lib/libnids-1.21_patched
- If it shows above error type apt-get install libpcap-dev
root@ubuntu:/home/iicybersecurity/justniffer# apt-get install libpcap-dev
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
libpcap0.8-dev
The following NEW packages will be installed:
libpcap-dev libpcap0.8-dev
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 216 kB of archives.
After this operation, 734 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 https://us.archive.ubuntu.com/ubuntu xenial/main amd64 libpcap0.8-dev amd64 1.7.4-2 [212 kB]
Get:2 https://us.archive.ubuntu.com/ubuntu xenial/main amd64 libpcap-dev all 1.7.4-2 [3,394 B]
Fetched 216 kB in 1s (131 kB/s)
Selecting previously unselected package libpcap0.8-dev.
(Reading database … 184194 files and directories currently installed.)
Preparing to unpack …/libpcap0.8-dev_1.7.4-2_amd64.deb …
Unpacking libpcap0.8-dev (1.7.4-2) …
Selecting previously unselected package libpcap-dev.
Preparing to unpack …/libpcap-dev_1.7.4-2_all.deb …
Unpacking libpcap-dev (1.7.4-2) …
Processing triggers for man-db (2.7.5-1) …
Setting up libpcap0.8-dev (1.7.4-2) …
Setting up libpcap-dev (1.7.4-2) …
- Then again type ./configure
- make && make install
- Type cd python
- Type ./setup.py
- Type ./justniffer-grab-http-traffic
root@ubuntu:/home/iicybersecurity/justniffer/python# ./justniffer-grab-http-traffic
Usage: justniffer-grab-http-traffic [options]
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-d DIRECTORY, --directory=DIRECTORY
MANDATORY: directory where to save files
-p PACKET_FILTER, --packet-filter=PACKET_FILTER
packet filter (tcpdump filter syntax), default ='port
80'
-U USER, --user=USER user to impersonate when saving files, cannot be root
user
-i INTERFACE, --interface=INTERFACE
network interface to listen on (e.g. eth0, en1, etc.)
-f FILECAP, --filecap=FILECAP
input file in 'tcpdump capture file format'
-s MAX_TCP_STREAMS, --max-tcp-streams=MAX_TCP_STREAMS
Max concurrent tcp streams
-D MAX_FRAGMENTED_IP, --max-fragmented-ip=MAX_FRAGMENTED_IP
Max concurrent fragmented ip host
-F, --force-read-pcap
force the reading of the pcap file ignoring the
snaplen value. WARNING: could give unexpected results
-P PARSER_SCRIPT, --parser_script=PARSER_SCRIPT
parser script to execute, default is
/usr/share/justniffer/scripts/http_parser.py
- Now do mkdir /tmp/justniffer
- Above directory is created where images and other files will be captured.
- Type chmod 777 /tmp/justniffer
- Above query will grant permission to the justniffer directory.
- Type ./justniffer-grab-http-traffic -i ens33 -U iicybersecurity -d /tmp/justniffer/
- -i is used to enter network interface. ens33 is the network interface.
- -U is used to enter Linux distros username. iicybersecurity is the username.
- -d is used to save all the grabbed files.
root@ubuntu:/home/iicybersecurity/justniffer/python# ./justniffer-grab-http-traffic -i ens33 -U iicybersecurity -d /tmp/justniffer/
from GET www.iicybersecurity.com /images/seguridad%20de%20aplicaciones%20web.png
of type 'image/png'
from GET www.iicybersecurity.com /images/news_arrow.png
of type 'image/png'
from GET www.iicybersecurity.com /seguridad-informatica.html
of type 'text/html'
from GET www.iicybersecurity.com /information-security.html
of type 'text/html'
from GET www.iicybersecurity.com /js/jquery.myHint.js
of type 'application/javascript'
from GET www.iicybersecurity.com /ethical-hacking.html
of type 'text/html'
- After executing the above query http-grab-traffic will grab all the contents of the URL. including images, javascript and many other files.
- Files can be accessed go to directory : tmp
- Go to directory : justniffer
- Above are the files which are grabbed after executing the above query. There are some images which are downloaded by justniffer.
- Above is the list of the images which has been grabbed by the justniffer.
- Now if you run this on the network you can grab images of all user’s and find out what images they are visiting on the network, and remember this work for images flowing on the network in HTTP mode (or accessed images accessed using HTTP).
Cyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist & investigator. He is a cyber-security researcher with over 25 years of experience. He has served with the Intelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development of cyber security solutions. He has aided the government and many federal agencies in thwarting many cyber crimes. He has been writing for us in his free time since last 5 years.