intercepter-ios

[alizanda]

Hello everypne . I'd like to show you guys a MITM tool I found for iOS.

The tool is called intercepter-ng. As previously stated, it is a MITM (man in the middle) tool and allows an attacker to sniff passwords, see live chat messages from clients such as Yahoo Messenger and Windows Live and much more. On the website (http://sniff.su/), this is the official list of features: (NOTE: features such as promiscuous mode are incompatible with the iPhone)
   
   + Sniffing passwords\hashes of the types:
       ICQ\IRC\AIM\FTP\IMAP\POP3\SMTP\LDAP\BNC\SOCKS\HTTP\WWW\NNTP\CVS\TELNET\MRA\DC++\VNC\MYSQL\ORACLE\NTLM
    + Sniffing chat messages of: ICQ\AIM\JABBER\YAHOO\MSN\IRC\MRA
    + Reconstructing files from:  HTTP\FTP\IMAP\POP3\SMTP\SMB
    + Promiscuous-mode\ARP\DHCP\Gateway\Smart Scanning
    + Capturing packets and post-capture (offline) analyzing\RAW Mode
    + Remote traffic capturing via RPCAP daemon
    + NAT\SOCKS\DHCP
    + ARP\DNS over ICMP\DHCP\SSL\SSLSTRIP\WPAD\SMBRelay MiTM\DNS Spoofing


I'm sure many of you have at least heard of it, since it is quite popular on Windows and is included in the Backtrack suite. I have personally been using this on Windows and Backtrack since some time last year. But today, after finally updating my Backtrack, I took a look at the intercepter-ng folder and noticed intercepter_ios. I then took a look at the readme (http://ge.tt/9pbmYsP/v/0) and noticed it offered instructions for installation on iOS .


INSTALLATION AND USAGE:
-----------------------------------

(either follow this guide http://www.villacorp.com/blog/2012/09/spying-live-messenger-msn-on-iphone-ipad/
or just read how I put it on [really simple])

1. Make sure you have libpcap from Cydia installed (you most probably will have it if you have any tools from the iNinjas repo)
2. download intercepter_ios http://ge.tt/86ybasP/v/0
3.  SSH into your device (or use iFile) and move intercepter_ios into your destination of choice. Mine is in /var/mobile/pentest/exploits/
4. Open mobile Terminal, login as root, browse to the location of intercepter_ios and type the following: chmod +x intercepter
5. run it by typing " ./intercepter_ios -h " (or for the GUI, leave the '-h', but I don't advise this as it doesn't work nicely on iPhone)
6. From here on, usage is simple. You will have a list of interfaces. en0 should be 1, so to run intercepter on en0 to sniff traffic including plaintext passwords, type " ./intercepter -ng 1 1 "
7. it will now do it's job 

Here is the README: http://ge.tt/9pbmYsP/v/0
Here is intercepter_ios: http://ge.tt/86ybasP/v/0
Here is the official website: http://sniff.su/
Here are some screenshots of my iPhone sniffing passwords and normal traffic: http://imgur.com/a/a3kzY

It's also compatible with Android, so it can be cross-posted to the Android section too if anyone wants

[[null]]

Wow!! Awesome find and tut! This looks awesome! +1!

[grinch]

Why would they include iOS instructions? It is useless. Can not do any of those activities without Promisc
Can't do any of the sniffing, any of the capturing. The only thing it looks like you can do is reconstruct sessions, but since you can not capture them on the device, this is just making more work

[alizanda]

@grinch Maybe try reading the entire post?

At the very least, it serves as an alternative to iPwn/Pirni Pro for sniffing traffic and credentials. It has less dependencies, which obviously makes life a lot easier and requires only one command to set the process into full, automated swing.

Try show me one tool for iPhone which allows a user to see a live stream of URLs accessed and credentials entered in a neat and understandable manner. I understand iPwn caters for this, but I have personally never had success to the extent that I have with intercepter.

And, again, if you read the entire post, you would have noticed that I mentioned it is also compatible with Android, Linux and Windows - in which case all the features will be usable.

If you don't like it, you have no reason to downplay it and moan. Maybe I am in the wrong because I posted it in iHacking instead of Hacking, but I assumed people would be more interested in the fact that an interesting tool is available for iOS and not the mainstream Operating Systems.

Please refer to: http://www.urbandictionary.com/define.php?term=Sandy%20Vagina

[grinch]

No, it will not capture of sniff. You need to put a network device in promiscuous mode in order for it to not ignore any packet not addressed to it. That is the definition of promiscuous mode.

Maybe if you actually tried this, you would realize how useless this is for iOS, instead of wasting your time commenting on my opinion.

I voice my opinions often. You do not have to agree with them, but watch your attitude and language

[Apetrick]

No, it will not capture of sniff. You need to put a network device in promiscuous mode in order for it to not ignore any packet not addressed to it. That is the definition of promiscuous mode.

Maybe if you actually tried this, you would realize how useless this is for iOS, instead of wasting your time commenting on my opinion.

I voice my opinions often. You do not have to agree with them, but watch your attitude and language

su
alpine
ifconfig en0 promisc
That usually works for me :/

[B0mb3d]

do you know what port interceptor feeds to? id like to try sslstrip im only getting traffic

eh. no promisc huh -.-

[B0mb3d]

i cant seem to get this working on the N900. i run chmod -x intercepter_linux and chmod 777 intercepter_linux and it still wont give the permissions denied

[Apetrick]

It should be chmod +x Unless your trying to make it give you that error.

[Intercepter]

Hello guys, im the author of intercepter-ng.

I would appreciate if questions will be asked on it's own forum.

Though, some notes here...

1. Nokia n900 runs on ARM processor, while intercepter_linux build on Intel. You have to try android build (it's ARM based).
2. Promisc mode != Monitor mode, learn it. Usual sniffing and arp poisoning is working on any iOS devices.
3. Interactive mode works perfect on any devices too, you just have to install ncurses (install mc from cydia).
4. Besides sniffing passwords and chat messages it reconstructs complete files from network stream.

[B0mb3d]

android didnt work either.

no avail on n900..but confirmed on SGSII. had to revert back to cm9 ics from jellybean though -.-

[darrenliew96]

I thought that iOS have promisc mode via the worm repo? the edited version of network-cmds?
BTW can it sniff facebook password by stripping off the  HTTPS on the website?

[Apetrick]

I thought that iOS have promisc mode via the worm repo? the edited version of network-cmds?
BTW can it sniff facebook password by stripping off the  HTTPS on the website?

The network-cmds works from the ininjas repo to.

[Intercepter]

I thought that iOS have promisc mode via the worm repo? the edited version of network-cmds?
BTW can it sniff facebook password by stripping off the  HTTPS on the website?

there are no problems with promisc mode, it works just fine.
before asking a question about intercepter's functionality at least check description, intercepter-ng console edition do not
strip ssl.

[Pasky]

Thank-you  i've been having fun with it for the past month and yes it captures everything except ssl and i never had to promisc dont know why !
What i usualy do is  save all the pcap files than when home i slide it over intercepter-ng  for windows and see all parsing credentials  !