Shulou(Shulou.com)05/31 Report--

This article is about what kind of tool Espionage is. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Introduction to Espionage tools

Espionage is a powerful network packet sniffer that can intercept large amounts of data transmitted through an interface. The tool allows users to run regular and detailed traffic analysis to display real-time traffic and to understand packet flow, protocols, flags, and so on. In addition, Espionage can also perform ARP spoofing attacks, so all data sent by the target is redirected by the attacker (man-in-the-middle attack). Espionage is written in the Python 3.8 environment, and the current version of Espionage also supports the Python 3.6 environment. The current version is the first version of the Espionage tool, and if you want to contribute to this and want to add more functionality to Espionage, please contact the developer. Note: this is not a Scapy wrapper, the function of scapylibd is only to assist in the processing of HTTP protocol requests and ARP. The current version of Espionage supports IPv4,TCP / UDP,ICMP and HTTP protocols.

Tool installation

Researchers can use the following commands to clone the source code of the project locally:

Git clone https://www.github.com/josh0xA/Espionage.gitcd Espionage

After the download is complete, you can use the following command to install dependent components and view help information:

Sudo python3-m pip install-r requirments.txtsudo python3 espionage.py-- help tool uses the command 1:sudo python3 espionage.py-- normal-- iface wlan0-f capture_output.pcap

Command 1 performs the packet analysis and outputs the analysis data, and saves the output to the pcap file provided by the project. You can also replace wlan0 with any network interface.

Command 2:sudo python3 espionage.py-- verbose-- iface wlan0-f capture_output.pcap

Command 2 will perform a more detailed packet analysis and save the output to the pcap file provided by the project.

Command 3:sudo python3 espionage.py-- normal-- iface wlan0

Command 3 still performs packet analysis, but this does not save the data to the pcap file provided by the project. We suggest that the analyzed data be saved locally.

Command 4:sudo python3 espionage.py-- verbose-- httpraw-- iface wlan0

Command 4 performs a detailed packet analysis and displays the raw http / tcp packet data in bytes.

Command 5:sudo python3 espionage.py-- target-- iface wlan0

Command 5 will perform an ARP spoofing attack on the target ip address, and all sent data will be routed back to the attacker-controlled computer (the local host).

Command 6:sudo python3 espionage.py-- iface wlan0-- onlyhttp

Command 6 will analyze and display only the HTTP protocol packets intercepted by the tool on port 80.

Command 7:sudo python3 espionage.py-- iface wlan0-- onlyhttpsecure

Command 7 will analyze and display only the HTTPS protocol packets intercepted by the tool on port 443.

Command 8:sudo python3 espionage.py-- iface wlan0-- urlonly

Command 8 will only block URL packets accessed by the target user. (it works better with sslstrip).

Note: press the shortcut key Ctrl + C to stop packet interception and write the output to a file.

Tools menu usage: espionage.py [- h] [--version] [- n] [- v] [- url] [- o] [- ohs] [- hr] [- f FILENAME]-I IFACE [- t TARGET] optional arguments:-h,-help displays a help message and exits-- version returns the version of the data analysis tool-n -- normal performs blocking task-- v,-- verbose (recommended) performs deeper packet interception-- url,-- urlonly analyzes accessed URL-o only through http/https,-- onlyhttp only analyzes tcp/http data, returns accessed URL-ohs,-- onlyhttpsecure parses https data only, (port 443port)-hr -- httpraw displays the original packet data received or sent on port 80 (byte order) (recommended) data output (.pcap): parameter-f FILENAME,-- filename FILENAME stores the output file name (generates the extension '.pcap'). (required) execute the required parameters:-I IFACE,-- iface IFACE specific network interfaces (such as wlan0, eth0, wlan1, etc.) (ARP Spoofing) perform ARP spoofing attacks on the parameters required by the utility:-t TARGET,-- target TARGET thank you for reading! This is the end of this article on "what a tool Espionage is". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.