0

I'm looking at the sourcecode of Xerosploit, and there is a piece of code I don't understand:

cmd_snif = os.system("xettercap " + target_parse + target_ips + "
    -P MYSQL, SNPP, DHCP, WHATSAPP, RLOGIN, IRC, HTTPS, POST, PGSQL, NNTP, DICT, HTTPAUTH, TEAMVIEWER, MAIL, SNMP, MPD, COOKIE, NTLMSS, FTP, REDIS
    -I " + up_interface + " --gateway " + gateway + " -O,
    --log /opt/xerosploit/xerosniff/" + filename + ".log
    --sniffer-output /opt/xerosploit/xerosniff/" + filename + ".pcap")

What exactly is xettercap? What do the options of -P (i.e. "MYSQL, SNPP, DHCP, ...") do? What do they refer to in the sniff logs?

Which options should I use if I want to see just the important things, such as POST data (usernames, passwords, etc.)?

Ahmed Ezzat
  • 3
  • 2

1 Answers1

0

xettercap is part of xerosploit and a wrapper around the now legacy ruby implementation of bettercap.

As such, all the options are just passed down to bettercap. Here is a quick rundown of the options you asked for:

-P, --parsers PARSERS

Comma separated list of packet parsers to enable, * for all ( NOTE: will enable the sniffer ), available:

  • COOKIE
  • CREDITCARD
  • DHCP
  • DICT
  • FTP
  • HTTPAUTH
  • HTTPS
  • IRC
  • MAIL
  • MPD
  • MYSQL
  • NTLMSS
  • PGSQL
  • POST
  • REDIS
  • RLOGIN
  • SNMP
  • SNPP
  • URL
  • WHATSAPP

Default is * (enable all)

As for which options to choose if you want to see "important" things depends on what you define as important. You specifically mentioned post data, so I recommend using -P POST at least. The documentation mentioned that enabling all parsers is the default, so I think you can't go wrong with that.

Community
  • 1
  • Xettercap can run on windows as well right? As long as windows has Ruby support – Ahmed Ezzat Apr 12 '19 at 11:09
  • The documentation as linked in the answer states: "Moreover, it is fully compatible with GNU/Linux, Mac OS X and OpenBSD platforms." They don't mention support for Windows, so I doubt that it would work without putting serious effort in. Then again, you can download VM software free for personal use, together with Kali Linux. I see no reason to pentest on windows unless you have a good reason to do so. –  Apr 12 '19 at 11:16
  • I really need to sniff using Windows for some reasons what can i do? – Ahmed Ezzat Apr 12 '19 at 20:39
  • I think this is out-of-scope for this question. I would suggest you to create a new question like "Can Xerosploit run on Windows?" –  Apr 15 '19 at 08:09