Ferret Lab

[toggle_content title="Transcript"] Hey Leo Dregier here. I want to show you a really, really cool tool which comes from the hamster and ferret suite. The classic sniffing and web application pen testing and session high jacking tools. So basically what I did is I copied the tools in the suite to the windows system 33 directory. This way I can just run the tool from the command prompt. So it is hamster ferret cascading style sheets and some java script files. So let us open up the command prompt and type ferret. Once you do that it will give you the syntax in which to actually use in this case. Ferret-i and the interface number where the number is the interface to monitor. A real easy way to check this is to do a IP config in windows and basically there are numerically an order so look a connection would be one that tunneling adapters and everything else would secretly go to 3,4,5 etc. So we will clear the screen let us do it again ferret and then we are going to do a ferret -i and I am going to do it for my ethernet interface and just hit enter here and basically you can see give you a quick idea of ferret 1.2.0 the name of the company which made it. The actual build which it is it is actually using the wind p cap traffic analysis and sniffing driver which is just package dll and the specific version. Now in the older days of windows and hacking when p-cap versioning mattered for most part I just install nowadays and whatever it is just seems to work. But that is based on the UNIX lib p cap device it also says the device so if I was curious by guessing in the dark and saying you could say 1. it is the intel network card that happened in the system. & sniffing on that interface it is an Ethernet interface and it is seeing in traffic. So what I am going to do basically is just open any webpage. We are just going to go to CNN.com and basically minimize that and you would be able to see the flood of traffic that basically gets dumped this captures and analyzes. Now not too much of interest in the fact that it is actually flooded but what I would do is actually capture this stuff that is going through my terminal and basically redirect that to like a aesthetic file where I could throw it nicely and dissect it and then I can search because you see some basic stuff like http traffic and then the host who that host is equal to in the URL and again it is not in an easy format much we can look at or review or analyze etc. So I would probably want to import the log file that I created by capturing into a file and then importing into a comma separated value. Choose that because of all of these commas that I see here. So that is how I would store the information in the file and I once I have it in the format in a particular file and then I can import that with another program and actually be able to store all of the host fields etc. or use excel where I could basically do some really good filtering a lot easier than you could a text file anyway. But nonetheless you can see just by opening the CNN home page. All sorts of stuff gets fired off. So you can source addresses names. All sort of stuff in here it is really to take you good half hour 45 minutes to really dig through this at least manually and start trying to make some sense out of what realistically is going on. But I said the value here is actually being able to filter this information. Ultimately you would be looking for things like this like this cookie that is here and if you can determine some of the parameters in the cookies or anything that is stored on the client machines etc. So that is it ferret the basic sniffing tool for application settings and if you want to kind of go away from the command line stuff here and then into realistically a GUi tool I want you to understand the basic of ferret and the types of information that ferret collects. Then you can move over to the burp suit and actually look at the stuff and not so command prompt type away. So that is it for this video my name is Leo Dregier. Don't forget to check us out on Facebook, LinkedIn, YouTube and Twitter. [/toggle_content] This lab session talks about Ferret. You'll observe a demonstration of Ferret being used to gain information.  Ferret gives you the syntax to use and includes information such as the interface number to monitor when using IPCONFIG.      
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?