[Wireshark v1.10.0 RC2] The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.10.0 RC 2

Wireshark 1.10.0rc2 has been released. Installers for Windows, OS X, and source code are now available. This is the first release candidate for Wireshark 1.10.0.

New and Updated Features

The following features are new (or have been significantly updated) since version 1.8:

• Wireshark on 32- and 64-bit Windows supports automatic updates.
• The packet bytes view is faster.
• You can now display a list of resolved host names in “hosts” format within Wireshark.
• The wireless toolbar has been updated.
• Wireshark on Linux does a better job of detecting interface addition and removal.
• It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work.
• The Windows installers ship with WinPcap 4.1.3, which supports Windows 8.
• USB type and product name support has been improved.
• All Bluetooth profiles and protocols are now supported.
• Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added.
• The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes.
• Capinfos now prints human-readable statistics with SI suffixes by default.
• It is now possible to open a referenced packet (such as the matched request or response packet) in a new window.
• Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x.
• Wireshark can be compiled using GTK+ 3.
• The Wireshark application icon, capture toolbar icons, and other icons have been updated.
• Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y.
• Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway.
• Wireshark dropped the left-handed settings from the preferences. This is still configurable via the GTK settings (add “gtk-scrolled-window-placement = top-right” in the config file, which might be called /.gtkrc-2.0 or /.config/gtk-3.0/settings.ini).
• Wireshark now ships with two global configuration files: Bluetooth, which contains coloring rules for Bluetooth and Classic, which contains the old-style coloring rules.

Full changelog: here

Download Wireshark v1.10.0 RC2

[Wireshark v1.8.7] The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.8.7

What’s New

Bug Fixes

The following vulnerabilities have been fixed.

• wnpa-sec-2013-23The RELOAD dissector could go into an infinite loop. Discovered by Evan Jensen. (Bug 8364, (Bug 8546) Versions affected: 1.8.0 to 1.8.6.
  CVE-2013-2486
  CVE-2013-2487
• wnpa-sec-2013-24The GTPv2 dissector could crash. (Bug 8493) Versions affected: 1.8.0 to 1.8.6.
• wnpa-sec-2013-25The ASN.1 BER dissector could crash. (Bug 8599) Versions affected: 1.8.0 to 1.8.6, 1.6.0 to 1.6.14.
• wnpa-sec-2013-26The PPP CCP dissector could crash. (Bug 8638) Versions affected: 1.8.0 to 1.8.6.
• wnpa-sec-2013-27The DCP ETSI dissector could crash. Discovered by Evan Jensen. (Bug 8231, bug 8540, bug 8541) Versions affected: 1.8.0 to 1.8.6.
• wnpa-sec-2013-28The MPEG DSM-CC dissector could crash. (Bug 8481) Versions affected: 1.8.0 to 1.8.6.
• wnpa-sec-2013-29The Websocket dissector could crash. Discovered by Moshe Kaplan. (Bug 8448, Bug 8499) Versions affected: 1.8.0 to 1.8.6.
• wnpa-sec-2013-30The MySQL dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8458) Versions affected: 1.8.0 to 1.8.6.
• wnpa-sec-2013-31The ETCH dissector could go into a large loop. Discovered by Moshe Kaplan. (Bug 8464) Versions affected: 1.8.0 to 1.8.6.

The following bugs have been fixed:

• The Windows installer and uninstaller does a better job of detecting running executables.
• Library mismatch when compiling on a system with an older Wireshark version. (Bug 6011)
• SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO. (Bug 7359)
• A console window is never opened. (Bug 7755)
• GSM_MAP show malformed Packets when two IMSI. (Bug 7882)
• Fix include and libs search path when cross compiling. (Bug 7926)
• PER dissector crash. (Bug 8197)
• pcap-ng: name resolution block is not written to file on save. (Bug 8317)
• Incorrect RTP statistics (Lost Packets indication not ok). (Bug 8321)
• Decoding of GSM MAP E164 Digits. (Bug 8450)
• Silent installer and uninstaller not silent. (Bug 8451)
• Replace use of INCLUDES with AM_CPPFLAGS in all Makefiles to placate recent autotools. (Bug 8452)
• Wifi details are not stored in the Decryption Key Management dialog (post 1.8.x). (Bug 8446)
• IO Graph should not be limited to 100k points (NUM_IO_ITEMS). (Bug 8460)
• geographical_description: hf_gsm_a_geo_loc_deg_of_long 24 bit field truncated to 23 bits. (Bug 8532)
• IRC message with multiple params causes malformed packet exception. (Bug 8548)
• Part of Ping Reply Message in ICMPv6 Reply Message is marked as “Malformed Packet”. (Bug 8554)
• MP2T wiretap heuristic overriding ERF. (Bug 8556)
• Cannot read content of Ran Information Application Error Rim Container. (Bug 8559)
• Endian error and IP:Port error when decoding BT-DHT response message. (Bug 8572)
• “ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY” should be “ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY”. (Bug 8575)
• wireshark crashes while displaying I/O Graph. (Bug 8583)
• GTPv2 MM Context (UMTS Key, Quad, and Quint Decoded) incorrectly. (Bug 8596)
• DTLS 1.2 uses wrong PRF. (Bug 8608)
• RTP DTMF digits are no longer displayed in VoIP graph analysis. (Bug 8610)
• Universal port not accepted in RSA Keys List window. (Bug 8618)
• Wireshark Dissector bug with HSRP Version 2. (Bug 8622)
• LISP control packet incorrectly identified as LISP data based when UDP source port is 4341. (Bug 8627)
• Bad tcp checksum not detected. (Bug 8629)
• AMR Frame Type uses wrong Value String. (Bug 8681)

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

AMR, ASN.1 BER, BAT, Bluetooth DHT, BSSGP, DTLS, E.164, Ericsson A-bis OML, GSM A, GSM MAP, HDFSDATA, ICMP, ICMPv6, ixveriwave, IRC, KDSP, LISP Data, MMS, NFS, OpenWire, PPP, RELOAD, RTP, SASP, SIP, SSL/TLS, TCP, UA3G

New and Updated Capture File Support

Endace ERF, NetScreen snoop.

Full Changelog: here

Download Wireshark v1.8.7

[Wireshark v1.10.0 RC1] The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.10.0 RC1

Wireshark 1.10.0rc1 has been released. Installers for Windows, OS X, and source code are now available. This is the first release candidate for Wireshark 1.10.0.

New and Updated Features

The following features are new (or have been significantly updated) since version 1.8:

• Wireshark on 32- and 64-bit Windows supports automatic updates.
• The packet bytes view is faster.
• You can now display a list of resolved host names in “hosts” format within Wireshark.
• The wireless toolbar has been updated.
• Wireshark on Linux does a better job of detecting interface addition and removal.
• It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work.
• The Windows installers ship with WinPcap 4.1.3, which supports Windows 8.
• USB type and product name support has been improved.
• All Bluetooth profiles and protocols are now supported.
• Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added.
• The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes.
• Capinfos now prints human-readable statistics with SI suffixes by default.
• It is now possible to open a referenced packet (such as the matched request or response packet) in a new window.
• Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x.
• Wireshark can be compiled using GTK+ 3.
• The Wireshark application icon, capture toolbar icons, and other icons have been updated.
• Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y.
• Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway.

Download Wireshark v1.10.0 RC1

[DroidSheep] Aplicación de Android para hackear contraseñas en red WIFI

Si usted no sabe una de estas herramientas, voy a tratar de explicar lo que es DroidSheep.

Tal vez conozcas a Bob. Bob es una persona muy conocida y Bob le gusta el café. Cada mañana, se lleva su computadora portátil y una visita los famosos bares de café verde, tiene un “grande latte de vainilla” y escribe mensajes a sus amigos de Facebook. Para hacer esto, Bob utiliza las barras de café WiFi – porque es gratis y rápido.

Una mañana, Bob está escribiendo un mensaje a su novia, Eva entra en la cafetería. Eva tiene un teléfono con Android y Eva utiliza DroidSheep. Después de pedir un “caramelo macchiato venti”, Eva se sienta, toma su teléfono y empieza a navegar por Facebook. Usando la identidad de Bob. Se puede ver a sus amigos. Leer sus mensajes. Escribir mensajes. Escribe artículos de la pared. Quitar amigos. Eliminar cuenta Bobs. Sin entrar nunca en contacto con Bob.

¿Qué pasó?

Cuando Bob está utilizando el WiFi, el portátil envía todos los datos destinados a ser recibidos por facebook, a través del aire con el router inalámbrico de café bares. Como “over the air” significa “captureable por todo el mundo”, Eva (o su teléfono) se pueden leer todos los datos enviados por Bob. Ya que algunos datos son encriptados antes de ser enviado, no sabe leer Bobs contraseña de Facebook, pero para no hacer Bob ingresar su contraseña después de cada clic, facebook envía a Bob un así llamado “session id” después de iniciar la sesión, que Bob envía con cada interacción , haciendo posible que Facebook para identificar a Bob. Por lo general, sólo Bob sabe id, como él lo recibe codificado. Pero cuando Bob utiliza las barras de café, WiFi, extiende sus identificador de sesión en el aire a todo el mundo. Así que Eva tiene este identificador de sesión y la utiliza como la suya – y Facebook no puede determinar, si Bob y Eva usa este identificador.

DroidSheep hace que sea fácil de usar para todos. Simplemente comienza a DroidSheep, haga clic en el botón de inicio y esperar a que alguien usa uno de los sitios web compatibles. Saltando en su sesión sólo necesita un clic más. Eso es todo.

Es necesario un dispositivo con Android, ejecutar al menos la versión 2.1 de Android

• - Es necesario ser root. 
• - Es necesario DroidSheep 

Bueno eso es todo les dejo el link de descarga y un pequeño tutorial, comenten y dejenme ps puntitos.
Link del .apk
http://www.mediafire.com/?eb15h5pxb03mfyq

VIDEO TUTORIAL

[Fuente]

Wireshark corrige 11 vulnerabilidades

Se ha publicado la versión de Wireshark 1.8.4/1.6.12 que soluciona once vulnerabilidades relacionadas con impactos de tipo denegación de servicio o revelación de información.

 

Wireshark es una aplicación de auditoría orientada al análisis de tráfico en redes. Su popularidad es muy elevada, puesto que soporta una gran cantidad de protocolos y es de fácil manejo. Además Wireshark es software libre (sujeto a licencia GPL) y se ejecuta sobre la mayoría de sistemas operativos Unix y compatibles, así como en Microsoft Windows.

 

Se han encontrado once vulnerabilidades en Wireshark que podrían provocar que la aplicación dejara de responder, causando una denegación de servicio o revelar información sobre el host en que se utiliza.

 

Las vulnerabilidades que como impacto conllevan una denegación de servicio de manera remota, están relacionadas con los disectores USB (CVE-2012-5593),  sFlow (CVE-2012-5594), SCTP (CVE-2012-5595), EIGRP (CVE-2012-5596),  iSCSI (CVE-2012-5598), WTP (CVE-2012-5599), RTCP (CVE-2012-5600), RTCP (CVE-2012-5600),  ICMPv6 (CVE-2012-5602), y finalmente ISAKMP (CVE-2012-5597).

 

Mientras que la vulnerabilidad de revelación de información, de tipo local, se relaciona con el modo de gestión de múltiples ficheros 'pcap-ng' (CVE-2012-5592), que podría dar como resultado el descubrimiento de información sobre el host.

Todas las vulnerabilidades podrían ser realizadas a través de la inyección de paquetes en la red, o convenciendo a un usuario para que abriese un fichero de captura de tráfico especialmente manipulado. 

 

Las actualizaciones para las diferentes ramas 1.8.x y 1.6.x se encuentran ya disponibles en:

http://www.wireshark.org/download.html

 

Más información:

 

Wireshark 1.8.4 is now available

http://www.wireshark.org/lists/wireshark-announce/201211/msg00000.html

 

Wireshark 1.6.12 is now available

http://www.wireshark.org/lists/wireshark-announce/201211/msg00001.html


Fuente: http://unaaldia.hispasec.com/2012/12/wireshark-corrige-11-vulnerabilidades.html

[PwnStar] Version with new Exploits

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables.  Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3.

Changes and New Features

• “hotspot_3″ is a simple phishing web page, used with basic menu option 4.
• “portal_simple” is a captive portal which allows you to edit the index.html with the name of the portal eg “Joe’s CyberCafe”. It is used for sniffing.
• “portal_hotspot3″ phishes credentials, and then allows clients through the portal to the internet
• “portal_pdf” forces the client to download a malicious pdf in order to pass through the portal

Updated feature list:

• captive-portal with iptables and php
• more php scripts added
• exploits added
• mdk3 and airdrop deauth

General Features :

• manage interfaces and MACspoofing
• set up sniffing
• serve up phishing or malicious web pages
• launch karmetasploit
• grab WPA handshakes
• de-auth clients
• manage IPtables

Download Here