WEBVTT 00:01.760 --> 00:04.640 Welcome to Packet Sniffer program. 00:05.080 --> 00:10.960 In this program, we are going to build a program that capture the data that is flowing to our computer. 00:11.280 --> 00:17.120 In the previous section we learned how to create a Arpspoof program. 00:17.600 --> 00:20.480 In that section we created this program. 00:20.520 --> 00:21.120 Okay. 00:21.160 --> 00:35.160 That was uh, making this victim and also access point or forcing them to or fooling them to, uh, 00:35.200 --> 00:38.920 to send their data through this hacker computer. 00:38.960 --> 00:39.880 Okay. 00:39.920 --> 00:46.440 We were we were able to receive the data that is, uh, coming from victim. 00:46.480 --> 00:46.640 Okay. 00:46.720 --> 00:53.600 And then we were sending it back to this access point, and also we were receiving data from access 00:53.600 --> 00:57.040 point and then sending it back to victim. 00:57.080 --> 01:05.570 Now, in this section, we are going to build a program that is, um, capturing the data that is flowing 01:05.570 --> 01:07.930 through our computer, which is a hacker computer. 01:07.970 --> 01:08.730 Okay. 01:08.770 --> 01:12.850 We will be able to capture the data that is coming from victim. 01:12.890 --> 01:13.130 Okay. 01:13.170 --> 01:20.650 Here we will be able to capture it, modify it, and then send it back right here to the access point. 01:21.170 --> 01:23.650 So how can we do that? 01:23.730 --> 01:25.050 Let's come back to here. 01:25.290 --> 01:28.890 Here I created a folder called Packet sniffer. 01:28.930 --> 01:29.850 Okay. 01:29.890 --> 01:33.450 And I created a file called packet sniffer.py. 01:33.490 --> 01:36.330 Again here we are going to use from Scapy. 01:36.370 --> 01:37.010 Okay. 01:37.050 --> 01:46.810 So let's import the Scapy Scapy dot all as Scapy. 01:48.210 --> 01:48.970 What happened? 01:52.730 --> 01:53.130 Okay. 01:53.410 --> 01:57.090 Now I just imported this and now it is time to use it. 01:57.130 --> 01:57.570 Okay. 01:57.930 --> 02:03.630 So here I need to create a function that sniff the packet. 02:03.670 --> 02:04.070 Okay. 02:04.390 --> 02:08.270 So let's create that function or that method or define that method. 02:08.270 --> 02:09.670 I'm going to name it sniff. 02:09.710 --> 02:13.710 You want you can and name it anything you want okay. 02:13.710 --> 02:18.670 Here I need to get the interface okay. 02:19.110 --> 02:22.070 So interface will be provided here as an argument. 02:22.510 --> 02:28.190 And here this escape has a function called sniff. 02:28.870 --> 02:33.630 And here it has a what is it called. 02:33.670 --> 02:36.910 It has an argument it called Iface okay. 02:36.950 --> 02:41.950 Iface is the interface the interface that we are providing from argument. 02:41.950 --> 02:46.390 And in the argument right now you see that we have something called interface. 02:46.430 --> 02:47.110 Okay. 02:47.150 --> 02:49.710 So we are going to write that here. 02:49.830 --> 02:53.950 So interface very beautiful. 02:54.550 --> 02:55.710 And what is next. 02:55.750 --> 03:00.800 The next thing that we are going to provide is something called stir. 03:00.840 --> 03:04.640 I don't want to store the data that is flowing through my computer. 03:04.640 --> 03:07.120 So I'm going to define this to false. 03:07.160 --> 03:07.800 Okay. 03:07.840 --> 03:09.480 I will assign this to false. 03:09.880 --> 03:16.280 So that means any packet that is coming and moving through my computer, I will not store it in my computer 03:16.280 --> 03:20.920 because it is bringing too many load to my computer. 03:21.400 --> 03:26.000 So the next part is something called PRN. 03:26.000 --> 03:26.240 Okay. 03:26.280 --> 03:36.560 This PRN is equal to any function, any callback function that anytime you capture, uh, something 03:36.600 --> 03:37.240 okay. 03:37.280 --> 03:40.320 Anything uh, a packet. 03:40.600 --> 03:47.120 So here you will be, uh, okay. 03:47.160 --> 03:53.560 Anytime you, you capture a packet, this function that you're providing will be called. 03:53.600 --> 03:54.040 Okay. 03:54.920 --> 04:00.860 So here you will provide a function and a callback function that later you can create it. 04:00.860 --> 04:02.300 Okay I'm here. 04:03.100 --> 04:12.780 Process sniffer or sniffed package is a callback function that I will provide right now. 04:12.780 --> 04:16.980 You see that it is not provided, so it is giving me an error. 04:17.980 --> 04:27.540 No problem here I will provide that function and I am going to name this this function that is called 04:27.540 --> 04:28.180 process. 04:30.500 --> 04:31.180 Sniffed. 04:36.220 --> 04:38.820 Packet function. 04:39.420 --> 04:43.340 And I'm going to give that packet as argument okay. 04:46.140 --> 04:46.740 Packet. 04:47.420 --> 04:47.900 Good. 04:49.220 --> 04:54.180 And you can do anything you want into these process. 04:54.180 --> 04:56.380 Sniffed packet function okay. 04:56.430 --> 05:05.990 So here, right now I am going to just print this packet and let's see that while we are capturing the 05:06.150 --> 05:06.910 packet. 05:07.390 --> 05:08.670 And how does it look like. 05:08.710 --> 05:10.150 Okay I want to print that. 05:10.590 --> 05:16.030 And also let's call this new function here and give the interface what is our interface. 05:16.750 --> 05:16.990 Okay. 05:17.030 --> 05:19.750 You know it is ETH zero. 05:19.750 --> 05:20.870 For me it is zero. 05:20.910 --> 05:28.590 If you're in a wireless LAN or LAN network you can use w uh lan okay. 05:29.630 --> 05:36.670 So I'm going to save this and let's open this. 05:38.790 --> 05:39.590 Right here. 05:41.630 --> 05:44.590 CD I want to come back here. 05:44.710 --> 05:46.310 Use LZ packet sniffer. 05:46.310 --> 05:46.950 Do you have. 05:46.990 --> 05:50.910 Yes CD packet sniffer. 05:52.670 --> 05:54.550 Uh, Alice we have it. 05:54.550 --> 05:55.770 Let's use clear. 05:56.250 --> 06:04.850 Now let's use a pseudo python code snippet dot p y. 06:04.890 --> 06:06.090 Provide this. 06:06.890 --> 06:08.890 And right now you see nothing. 06:08.930 --> 06:09.370 Okay. 06:09.690 --> 06:12.770 That is because we are not capturing anything. 06:12.810 --> 06:13.250 Okay. 06:13.690 --> 06:16.490 So right now here I'm not going to be man in the middle. 06:16.530 --> 06:19.210 Okay I'm going to test this on my own browser. 06:19.410 --> 06:23.330 Later we will be able to test it on other stuff. 06:23.370 --> 06:24.130 Okay. 06:24.170 --> 06:24.410 Here. 06:24.450 --> 06:32.490 Let's, uh, if we have network access, uh, I want to access something. 06:32.490 --> 06:32.970 Anything. 06:32.970 --> 06:34.770 Like being Google anything. 06:34.810 --> 06:42.170 And let's see if we are able to capture the data into the there or not. 06:42.210 --> 06:43.170 Let's use Bing. 06:46.410 --> 06:46.770 Okay. 06:46.770 --> 06:47.890 We are able to. 06:47.930 --> 06:49.010 We are not able to. 06:49.050 --> 06:49.810 Okay. 06:49.850 --> 06:52.210 It looks like I don't have internet connection. 06:52.450 --> 06:54.490 I will provide that connection. 06:54.540 --> 06:56.540 and then we'll be back. 06:59.940 --> 07:03.460 Okay, now it looks like we have internet connection. 07:03.860 --> 07:05.460 And let's go back here. 07:05.460 --> 07:07.140 I want to re-execute this. 07:07.180 --> 07:07.620 Okay. 07:07.660 --> 07:13.100 So Python packet sniffer.py hit enter. 07:13.500 --> 07:15.860 Provide your password which is calling okay. 07:16.140 --> 07:17.820 Right now you see nothing here. 07:18.020 --> 07:23.340 Let's come back here I want to again try to search for Bing. 07:24.220 --> 07:24.900 Hit enter. 07:28.740 --> 07:34.140 Uh, right now you see that we capture a lot of thing here. 07:34.340 --> 07:34.780 You see? 07:36.780 --> 07:39.260 Row row row row row a lot of thing. 07:40.380 --> 07:45.460 And all these are udps okay UDP UDP packet. 07:45.500 --> 07:47.100 These are TCP packets. 07:47.700 --> 07:50.700 And also you see we have https. 07:52.900 --> 07:55.880 And also we have google.com. 07:55.960 --> 08:00.560 These are some um links that we captured. 08:00.880 --> 08:03.080 We have bing okay. 08:03.720 --> 08:04.520 Google.com. 08:04.720 --> 08:06.480 These are all the packets. 08:06.480 --> 08:11.480 That is that is that we are able to capture. 08:11.520 --> 08:12.040 Okay. 08:12.080 --> 08:16.880 Anything that we see here, these are packets that we capture. 08:17.400 --> 08:17.720 Okay. 08:19.360 --> 08:21.000 Right now you see this. 08:21.760 --> 08:28.120 And later we will be able to do a lot of cool stuff with this program. 08:28.160 --> 08:29.360 Okay. 08:29.400 --> 08:32.680 And right now you see a lot of thing here. 08:32.680 --> 08:37.400 But you may not understand, uh, what are these all thing? 08:37.440 --> 08:38.400 Okay. 08:38.440 --> 08:46.040 We will be analyzing them and modifying them and capture what we want. 08:46.080 --> 08:47.440 Again, not everything. 08:48.040 --> 08:48.960 Okay. 08:49.000 --> 08:50.560 In some lectures. 08:51.040 --> 08:53.040 So let's go and see that.