On 2/29/2012 7:22 AM, Robin Wood wrote:
Hi
Is anyone still using Hamster and Ferret? I was trying to play with it
but ferret just keeps seg faulting on me and so never gives any data
to hamster. This is the crash:
$ ./ferret -r sniff-2012-02-29-eth.pcap
[0] ./ferret
[1] -r
[2] sniff-2012-02-29-eth.pcap
-- FERRET 1.2.0 - 2008 (c) Errata Security
-- build = Feb 28 2012 15:07:17 (64-bits)
-- libpcap version 1.2.1
sniff-2012-02-29-eth.pcap
proto="DNS", query="A", ip.src=[192.168.0.2], name="bsides.2bli2.com"
unknown record type
Segmentation fault
From the debugging I've managed to do it looks like something to do
with the unknown record type getting parsed somewhere and causing the
problem but my C isn't good enough to work out what the unknown record
is and how to kill it off before it gets parsed.
You need to compile it with the "-g3 -ggdb" flags, then run it inside
gdb. Something like:
# gdb ferret
gdb> run -r sniff-2012-02-29-eth.pcap
When it crashes, issue a "bt" to show the backtrace of where it crashed.
You can probably just comment out the DNS parser.
I use WiFiSheep on my Kindle Fire for an alternative catch-all-cookies
sidejacking attack. Otherwise I use Firesheep with Firefox 3.6.12 and
write my own handlers.
-Josh
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
