Hi HD, Thanks for the info. The only thing is, I'm needing access to the sniffed traffic in real-time. For now I just plan to go the route of piping it through netcat. :)
-- Thanks! Bryan On Fri, Feb 13, 2009 at 9:39 AM, H D Moore <h...@metasploit.com> wrote: > On Fri, 2009-02-13 at 08:30 -0700, Bryan Richardson wrote: > > I would love to be able to write an addition to the Meterpreter Net > > extension that provides this sniffing feature. I found a packet > > sniffing SDK that looks to make it possible to be able to create a > > self-contained executable that doesn't rely on libpcap at all (it's > > the SDK used in the stand-alone version of tcpdump for Windows). > > While I'm a pretty avid Ruby developer, I'm not much of a C > > developer. :( Can someone take a look at the SDK I found and let me > > know if it could be used for this? If so, I'll take the time to see > > if I can develop an extension on my own (hopefully with help from this > > list when needed :). > > > Hi Bryan, > > Thanks for the email, keep it coming, its nice to have developer > feedback/suggestions/feature interest, you might get more feedback on > the main framework list, as im not sure how many of the devs are on both > lists right now. > > Regarding the sniffer SDK, the real issue is licensing, the SDK has a > minimal licensing fee of $999 for one developer. We might be able to > trade them a blog post and press for a free license, but I am not sure a > new meterpreter extension is the kind of press they want. > > Personally, I have had success uploading the static tcpdump.exe to a > remote box, capturing traffic, compressing it with makecab, and pulling > it back down. I believe there is a metepreter script out there to > automate that process as well. > > -HD > > _______________________________________________ > Framework-Hackers mailing list > Framework-Hackers@spool.metasploit.com > http://spool.metasploit.com/mailman/listinfo/framework-hackers >
_______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
