WebSpy Lab

FacebookTwitterGoogle+LinkedInEmail
Description
[toggle_content title="Transcript"] Hi Leo Dregier here in this lab I want to talk to you about webspy is kind of powered from spying on web traffic but I have actually also been able to use it as denial of service tool. So I will show you both - so the first thing we can do is basically a manual for web spy and you can see displayed sniffed URLs in netscape in real time now I think the trick here is that the netscape component. If you use this with other browsers. It can basically result in a denial of service attacks. I will show you that as well - so web sites URL sniff from a client or your local netG browser before display is updated in real time. So somebody else goes to the browser and on their machine it opens up in your browser would you try to do this locally basically an infinite loop happens and that is what the denial service is going to come in play. Netscape must be running on your local X display ahead of time. So you have to kind of set this up - your browser and then send the web spy to the target. So when they open theirs when the traffic gets sent to you. You already have the tools to basically open it up. In other words if your web browser is not open the code is just going to get sent to you and dropped because you don't have Netscape basically open - so basically you set the interface. You can read the traffic from a pcap file, process traffic from the pcap instead of on the network. So that is good for replaying and analyzing and then specify the web client to spy on. So it is a relatively easy sniffing of the traffic if you will. So let us go ahead and type in web spy if you just type it. It will basically tell you the quick help file. So all we need to do is choose our interface web spy -i ethernet0 and then the host we want to actually spy on. So check this out if we use our server here 192.168.1.8 basically we can listen for that servers traffic. Now this gets hit or miss or in this case I want to try and sniff on a remote target when I go over to my Windows 2000 server and I am not using Netscape. So let us just go ahead and search for Leo Dregier comes over and you can see basically nothing comes back on the target. But if we were using Netscape this browser. This screen here would be basically in our own client get opened up just to kind of show you if we had Netscape opened and you know we were at some page like Google and then you go to some other page when you target. So I am going to search again the results would come back in here. But again you have to use the right version - so what I am going to do now is change this up just a little bit to show you to use this tool a little bit differently and I will show you how some of the processing gets used for this. So instead of doing a remote interface. I am going to basically do myself – so first thing I want to do is check my IP address. I have config ethernet0 and I am on 92.130 so let us look at that and let us do a web spy and then change that to 92.130 so I am effectively sniffing myself at this point and so web spy is running. Here is the cool part as soon as I open up any web page and go to something simple like leodregier.com it goes official site not found here but if you notice what is in the website says basically the iopen - this interface here. Not too exciting I can prove that it works, and I basically get a one open URL watch happens when I go to basically URL on the destination. If they open up a web browsing session and they go a site that has a whole bunch of links being processed in it like for example GMail.com now watch what happens over here. And that was probably a bad example - I didn't see any of them earlier. So let us try that here you go now you can start seeing some of the infinite loops that are happening. So it is trying to warn, read it from the target and open it up from my own browser I get this infinite loop that is happening until basically the web browser crashes and then I have to kind of stop this. So I have to do this really quickly - I have to come back over and Control+C for it to happen. So let us kind of scroll back to the top and see if we can see what happened here. So what happens is in that session - I went to basically my website. I went to a basic website and then as it is trying to relay the information back here is all the cnn has got. It is kind of fetching it from your target. Grabbing it locally adding it into your browser which is supposed to be remote and then goes and gets it. Then adds it back in and that starts the infinite loop. So effectively what you can do is you can use this not only as a sniffing tools but also as a denial of service tool because of the way that it handles the processing and ultimately all of the data is just going ot dumped right here. All that infinite loops an all of the proxy redirecting that happens that effectively denial of service attack. So I thought that was pretty interesting just in the way that this tool just happens to work now instead of my client browser opening I actually if i notice here. I can highlight this I can actually click in this a open it up in a windows. So it is click - not just terminal information but you can click it. So it is pretty cool tool - it is a sniffing tool we are sniffing web requests. But we are also can do this remotely - and then we also if we get strategic with it. We can set it up to run as a denial of service tool and infinite loop. Now for most of us infinite loops haven't happened for some time. You may remember back in the day you would go to a browser and it will start this infinite loop popup mess and that was just a pain in you know what. So if I do ahead and try to close out here. Are you sure you want to close the 92 tabs - so effectively what I did is denial of service myself. Just before the point of crashing and it starts to get two or three hundred. You can imagine how that basically denial of service a system - two fold here. One sniffing tool and then also reconfiguring it to use that as a denial of service tool. I just close out all the browsers at once and then I can go ahead and take this captured output file - I will put it somewhere and do something with this traffic here. So the name of the tool was web spy it can be used as a sniffing tool and as a denial of service tool. If you set it to configure it basically correctly. So hope you enjoyed I will see you in the next video! [/toggle_content] The final simulation lab in our Sniffing Traffic series is WebSpy. Web Spy is a scripting sniffing tool that tracks web traffic. In this lab, you’ll learn how to use it for analyzing all types of web log data from web browsing to application use and email traffic --- you see every transaction there is to see between the client and the network.  In this lab, you’ll also learn how to use WebSpy as a “denial of service” and a “denial of service attack” tool and analyze those finding to identify vulnerabilities. WebSpy is a powerfully revealing traffic sniffing tool because you literally monitor and spy on network traffic by viewing the traffic log.
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel