148
◾
Ethical Hacking and Penetration Testing Guide
This is what the output will be like: we can clearly see that the victim is browsing google.com.
The “facebook hacked” image is basically from my blog, since I accessed my blog from the victim’s
browser to demonstrate this tool.
Urlsnarf and Webspy
Urlsnarf and webspy is part of the dsniff toolset; urlsnarf tells us about the URL that the victim has
visited, whereas the webspy tool will open up all the web pages that the
victim has visited in our
browser.
An example of attacker running urlsnarf to sniff the URLs that victim has visited. The web-
snarf works the same way; however, we need to specify additional arguments. Here is how the
command would look like:
root@bt:~# webspy –i eth0 192.168.75.142
where eth0 is the interface and 192.168.75.142 is the IP address of the victim.
Network Sniffing
◾
149
As urlsnarf keeps track of the URL’s
visited by the victim, as soon as the victims connects to
a new url using his browser or browser would automatically connect to it too, we would know
what pages the victim is curently on. As you can
see from the above screenshot, the victim (on his
machine) has connected to facebook.com and our browser has automatically opened up Facebook.
Dostları ilə paylaş: 
