Mon May 21 20:40:07 CEST 2001 *
http://bugzpl.team.com.pl/arkth/progs/ssv1-1.tar.gz





                           Session Sniffer  v1.1
		         ~~~~~~~~~~~~~~~~~~~~~~~~~~
							    



1. OVERVIEW:
    Session Sniffer is a tool to help in monitoring users behavior.
    It can be also usefull in gathering information about attacker.
    

2. INSTALLATION:
    bash# gcc ss.c -o ss


3. USAGE:

bash# ./ss -h
Session Sniffer v1.00 written by Bartosz Bogacki <arkth@team.com.pl>

usage:
    ss [options][<arguments>]
	
options:
 -h                     this help screen :>
 -s <hostname>          show payload of packets from this host
 -p <port1,port2,...>   show payload of packets from this ports
 -b <port1,port2,...>   bypass this ports while sniffing
 -e <expr1,expr2,...>   match expressions to packets payload
                        [exprs are separated with "," (comma)]
				     
examples:
    ./ss
    ./ss -s shf.dhs.org -b 22,443,80
    ./ss -s dsi.pl -p 110 -e USER,PASS

    ...or let's see an example:

bash# ./ss -e 'bartek,admin to dupa'

------------------------------------------------------------------------
bash$ telnet 0
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.

Welcome to winter, an i486 running BOGUS Release 1.0.1 Linux 1.1.90

login: arkth
Password:
Last login: Mon May 21 19:20:14 from localhost.localdomain
bash$ ls -l bartek
ls: bartek: No such file or directory
bash$ echo 'admin to dupa' > antek
bash$ cat antek
admin to dupa
bash$ _
------------------------------------------------------------------------
...and what have we got?

[127.0.0.1:23 -> 0.0.0.0:1101]
.[00mls: bartek: No such file or directory
.[mbash$
[127.0.0.1:23 -> 0.0.0.0:1101]
admin to dupa
bash$
------------------------------------------------------------------------  

    You can log gathered information with 'tee' command.

example:
    bash# ./ss -e root:,/etc/shadow,/etc/passwd| tee /var/log/sessionlog


4. SUPPORTED PLATFORMS
        o       Linux           [tested on: RedHat 6.2, 5.1, Debian]
	
7. FINAL NOTES:

     Warning!
     All hosts used in examples are fictious and any relation to the
     real world (if such exist) was not in the author's intention...
	       
	       
8. GREETZ & THX:
	       
     BugzPl, SigSegv, #hackingpl, nth, crashkill, Buczer, magdac,
     shf, r4z0r, rys4, nmz, cinu, aphazel, ntr, MIV, jerry, dzambo,
     p3rry, galas, wiaderko, kook, neil, ...\"Olka Najlepsza\" :-*
  
     [ visit - http://bugzpl.team.com.pl/arkth for more stuff... ]


					    mailto: arkth@team.com.pl
										   
