tag:blogger.com,1999:blog-37798047.post7416492208983699065..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: Hamster 2.0 and Ferret 2.0David Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger51125tag:blogger.com,1999:blog-37798047.post-43912996700930882672014-05-29T16:42:25.133-04:002014-05-29T16:42:25.133-04:00Same question as Jeroen Jacobs, i'm using Hams...Same question as Jeroen Jacobs, i'm using Hamster on RaspberryPi and would like to access the proxy from another machine without the need of an SSH tunnel.<br /><br />Great tool!! 5 years later and it still rocks.Pukyhttps://www.blogger.com/profile/07923453835491539734noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-53031464807958557792013-04-25T09:57:55.642-04:002013-04-25T09:57:55.642-04:00Ferret & Hamster for win
(compiled on VS6):
ht...Ferret & Hamster for win<br />(compiled on VS6):<br />http://www.sendspace.com/file/13ogi2<br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-61503331923626989662013-03-19T08:59:44.516-04:002013-03-19T08:59:44.516-04:00The DNS hasn't propagated yet. ahem.The DNS hasn't propagated yet. ahem.Logicfishhttp://logicfish.me.uknoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-44965920100813202042012-09-01T11:12:26.767-04:002012-09-01T11:12:26.767-04:00Great stuff! I managed to compile Ferret and Hamst...Great stuff! I managed to compile Ferret and Hamster on a PandaBoard now (has a ARM cpu) without problems.<br /><br />One quick question: Is it possible to have hamster bind on all available ip addresses instead of 127.0.0.1? My pandaboard has no gui, so I can't use a browser on the machine itself.Jeroen Jacobshttps://www.blogger.com/profile/09409403890433652786noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-3601304707718884472012-06-21T17:07:03.711-04:002012-06-21T17:07:03.711-04:00Backtrack5 r1 still had the tools, they are very n...Backtrack5 r1 still had the tools, they are very nice. I am tweaking Ubuntu12.04 and wishing those tools were available. It is nice to show the SoHo how vulnerable they can be, especially on an insecure wireless connection. Most of my customers do not believe it until they see it.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-89774104236560071042012-05-28T01:04:48.180-04:002012-05-28T01:04:48.180-04:00@Dan Cooper
it's not too late, the .zip link...@Dan Cooper <br /><br />it's not too late, the .zip link works. I found 2.0 for windows last year but i can't remember where i got them. The ones in the .zip link I believe are for linux. It's a nice program , very easy commands, which reminds me , the guy who asked about the net adaptor problem, 'ferret -w' should list your adaptors and use the number next tot he one u want to use.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-87991333643143868672011-07-04T13:56:21.748-04:002011-07-04T13:56:21.748-04:00Is it too late to try these tools out? The downloa...Is it too late to try these tools out? The download links are dead.Dan Cooperhttps://www.blogger.com/profile/10219718271894450231noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-14252001487611083402011-04-14T10:10:45.702-04:002011-04-14T10:10:45.702-04:00I've just downloaded Hamster and Ferret for OS...I've just downloaded Hamster and Ferret for OSX. I'm running them as root through terminal. They are in the same directory. I keep getting execle(ferret): No such file or directory error message everytime I choose an adapter to monitor. Am I missing something?e_tietzehttps://www.blogger.com/profile/07476312010090620547noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-56764695974856330192011-02-27T12:45:21.667-05:002011-02-27T12:45:21.667-05:00Hello, first, please excuse my english : I am Fren...Hello, first, please excuse my english : I am French.<br />As you can imagine, I have a problem with Hamster/Ferret.<br /><br />Ferret :<br /><br />louisabraham:~ louisabraham$ sudo /Users/louisabraham/hamster-macosx-2.0.1/ferret -i 3<br />Password:<br />[0] /Users/louisabraham/hamster-macosx-2.0.1/ferret<br />[1] -i<br />[2] 3<br />-- FERRET 1.2.0 - 2008 (c) Errata Security<br />-- build = Mar 9 2009 14:41:47 (32-bits)<br />-- libpcap version 1.0.0<br /> 1 en0 (No description available)<br /> 2 vnic0 (No description available)<br /> 3 en1 (No description available)<br /> 4 vnic1 (No description available)<br /> 5 en2 (No description available)<br /> 6 lo0 (No description available)<br /><br />-- Sniffing on interface "en1"<br />SNIFFING: en1<br />LINKTYPE: 1 Ethernet<br />proto="CUPS", ip.src=[192.168.0.12], type=482901<br />proto="CUPS", ip.src=[192.168.0.12], state=0<br />proto="CUPS", ip.src=[192.168.0.12], uri="e"<br />proto="CUPS", ip.src=[192.168.0.12], location="3"<br />proto="CUPS", ip.src=[192.168.0.12], info="ipp://192.168.0.12:631/printers/Photosmart_C309a_series__0FF278_"<br />proto="CUPS", ip.src=[192.168.0.12], model=""<br /><br />And, then :<br /><br />Error reading capture file header<br />./sniff-2011-02-27-eth.pcap: Resource busy<br /><br />A lot of times : the capture .txt file is 2.3 Mo heavy.<br /><br />So it is normal that Hamster "echoes" :<br />louisabraham:~ louisabraham$ /Users/louisabraham/hamster-macosx-2.0.1/hamster<br />--- HAMPSTER 2.0 side-jacking tool ---<br />Set browser to use proxy http://127.0.0.1:1234<br />DEBUG: set_ports_option(1234)<br />DEBUG: mg_open_listening_port(1234)<br />Proxy: listening on 127.0.0.1:1234<br />begining thread<br />starting adapter en1<br />execle(ferret): No such file or directory<br /><br />And Ferret and Hamster are in the same directory as you can see in the command lines.<br /><br />Can you help me please ?<br /><br />Mac OS X 10.4.6<br /><br />L. ABRAHAMLabohttps://www.blogger.com/profile/08206481541364954975noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-81325478690471610092010-12-29T08:13:29.646-05:002010-12-29T08:13:29.646-05:00Hi all
I'm using hamster in Backtrack4 R1. Ham...Hi all<br />I'm using hamster in Backtrack4 R1. Hamster finds the cookies of Gmail but when I want to load the Gmail (e.g. mail.google.com) in the browser that its proxy has been set to 127.0.0.1:1234 it says: Firefox can't find the server at www.google.com. Even I can load the page www.google.com with grabbed cookies by hamster and the other websites through that browser but I can not go to Gmail. What's the problem?<br />I guess Google detects Hamster proxy and block it.Nimahttps://www.blogger.com/profile/02230640370137602309noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-41637617315560855852010-09-24T19:43:04.729-04:002010-09-24T19:43:04.729-04:00Hello,
I'd like to get some help, because I ha...Hello,<br />I'd like to get some help, because I have a problem when I try to install ferret on linux (10.04), when I "make" (as root) I get many errors such as "../../src/module/pcaplive.c:321: error: for each function it appears in.)<br />../../src/module/pcaplive.c:322: error: ‘struct PCAPLIVE’ has no member named ‘freealldevs’<br />../../src/module/pcaplive.c:322: error: ‘null_PCAP_FREEALLDEVS’ undeclared (first use in this function)<br />../../src/module/pcaplive.c:323: error: ‘struct PCAPLIVE’ has no member named ‘lib_version’<br />../../src/module/pcaplive.c:324: error: ‘struct PCAPLIVE’ has no member named ‘lookupdev’<br />../../src/module/pcaplive.c:325: error: ‘struct PCAPLIVE’ has no member named ‘major_version’<br />../../src/module/pcaplive.c:326: error: ‘struct PCAPLIVE’ has no member named ‘minor_version’<br />../../src/module/pcaplive.c:327: error: ‘struct PCAPLIVE’ has no member named ‘open_live’<br />../../src/module/pcaplive.c:330: error: ‘struct PCAPLIVE’ has no member named ‘can_transmit’<br />". I don't know what to do ... (g++ package is isntalled)(P.S sorry for my approximative english)<br />Thank you !Unknownhttps://www.blogger.com/profile/02964192286836338613noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-86786263714176667482010-04-01T15:36:58.173-04:002010-04-01T15:36:58.173-04:00Hi Logan,
We are no longer officially supporting ...Hi Logan,<br /><br />We are no longer officially supporting the Hamster/Ferret project, but if you would like to email me your contact information at marisa@erratasec.com I can let you know if your question gets answered in a future release.<br /><br />There is a FAQ here: http://www.erratasec.com/research.html under the SIdeJacking.zip link.Marisa Faganhttps://www.blogger.com/profile/01185065599379609480noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-49668427243556660252010-03-31T18:18:17.586-04:002010-03-31T18:18:17.586-04:00I dont know if my last comment went through, my in...I dont know if my last comment went through, my internet cut out. <br /><br /><br />The Im running this on mac, Hamster and ferret are in the same, yet when i attempt to scan in hamster it says that ferret can not be found. I can run ferret on its own, but not through hamster. <br /><br />please help.Unknownhttps://www.blogger.com/profile/13885755242864982271noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-62607657993720794392010-03-31T04:44:31.386-04:002010-03-31T04:44:31.386-04:00same issue, on mac os x. all files in same dire...same issue, on mac os x. all files in same directory, ran as sudo. but hamster still says it cant locate ferret.Unknownhttps://www.blogger.com/profile/13885755242864982271noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-23641359918661670102010-02-25T03:36:23.080-05:002010-02-25T03:36:23.080-05:00@Dave,
Im using a MAC too.
I dont know why, in or...@Dave,<br /><br />Im using a MAC too.<br />I dont know why, in order for you to use bpf* devices (en0, en1,..) to have to manually correct the permissions. <br /><br />try this, sudo chmod go+r /dev/bpf*<br />It works fine for me.<br />But the thing is, the permission will came back to default after you reboot your OS.Adminhttps://www.blogger.com/profile/00584657367795137379noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-58025316355486145152010-01-12T13:25:49.383-05:002010-01-12T13:25:49.383-05:00My mon0 device also switches to channel 6. Is ther...My mon0 device also switches to channel 6. Is there any way to change it once it's started?Primenumbernoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-63005163700726250592009-12-13T18:29:00.568-05:002009-12-13T18:29:00.568-05:00@David, I have the same issue. It always changes t...@David, I have the same issue. It always changes the adapter to chan 6.Micahhttps://www.blogger.com/profile/13151050866443145337noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-56669824837952289542009-11-12T02:11:43.531-05:002009-11-12T02:11:43.531-05:00I am using hamster on Backtrack 4, i run airmon-ng...I am using hamster on Backtrack 4, i run airmon-ng start wlan0 7, to set my card to monitor mode on ch 7<br />i then start hamster, and run firefox and select adapter mon0<br />I can see loads of packets and my own ip address but not my xp machine which i am logging on to my gmail account for testing.<br /><br />I also noticed that after selecting adapter in hamster on the webpage, it changes the channel to 6, but my ap is on ch7.<br /><br />Can any one help ?Unknownhttps://www.blogger.com/profile/04174984968401724546noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-8959944015781801372009-10-01T17:14:22.236-04:002009-10-01T17:14:22.236-04:00Hi Robert,
firstly good effort. Very impressive.
...Hi Robert,<br /><br />firstly good effort. Very impressive.<br /><br />Unfortunately I am having a problem. The target list only shows my own IP (tried on mac os x and bt4). Once it did show another vista machine, but whatever I did on vista (log into gmail, yahoo mail, fbook, etc) no cookies show up. Interestingly the only two cookies it shows are from the vista upnp media server.<br /><br />The capture seems to work as the packet list keeps growing but the cookies from any non-local machine dont show up.<br /><br />Do you know why that may be happening?<br /><br />Thanks!<br />Oliver <br />oliver{AT}ethz{DOT}cho891https://www.blogger.com/profile/00084002941809686612noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-60613612132127678822009-09-27T09:05:21.234-04:002009-09-27T09:05:21.234-04:00it's fantastic tool.
thanks for this great job...it's fantastic tool.<br />thanks for this great jobEdwardhttps://www.blogger.com/profile/09953626861316794198noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-8069642422789084202009-09-10T10:27:30.900-04:002009-09-10T10:27:30.900-04:00If you type ferret -W in windows you will see your...If you type ferret -W in windows you will see your Adapters.<br /><br /><br />So I hope you can help me with my questions:<br /><br />I testet ferret and hamster in windows XP and Backtrack4 pre final.<br />But I dont have success.<br /><br />MY Steps in WINDOWS:<br />I captured the traffic with wireshark. The promiscuous mode works in Windows and BT4. I am using the Alfa USB Adapter 500 mW.<br /><br />So after capturing I saved the file in wireshark to demo.pcap.<br /><br />With ferret -r demo.pcap I extracted it in the hamster directory. Then I run hamster and turnend on the Proxy in Firefox. <br /><br />If I go to http://hamster I can only see the IP as target from the PC I was running wireshark.<br /><br />I cannot see the other Computers on which I logged in to googlemail or facebook. The other Computers are trcked in wireshark, but the IP doesn`t appear.<br /><br />----------------<br /><br />If I use it in BT4 without wireshark, like its described in the Turotial:<br />I see NO IP.<br /><br />It often says 2 Targets but doesnt show the IP ;-( <br /><br /><br />Does it only works in Firefox and not in the Internet Explorer?<br /><br />Does the victim have to close the Browser with X ? It seems so that it even doesnt wor if the victim used the Logout Button!<br /><br />i hoped you can help me, cause I tested a long time without success.<br />I tested my german googlemail account, Ebay, xing and so on ...Unknownhttps://www.blogger.com/profile/07732067189061484250noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-85958906332614804872009-07-30T20:19:34.319-04:002009-07-30T20:19:34.319-04:00I couldn't figure out what the problem was, so...I couldn't figure out what the problem was, so I moved to a Windows machine. Now I feel like an idiot again, because I can't figure out how to identify the adapter names from the Windows command line. I know I used ifconfig on my Mac. Can anyone help?Unknownhttps://www.blogger.com/profile/09563281091304543273noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-80251833756969611012009-07-26T20:27:55.731-04:002009-07-26T20:27:55.731-04:00Hi Robert,
Doing things as root got me past the p...Hi Robert,<br /><br />Doing things as root got me past the problem. Thanks for your help. <br /><br />Now the problem is that within seconds of telling hamster what adapter to pay attention to, I get the following message: "Hamster Proxy crashed or disconnected, err(readystate=1)". Is this a common problem too? <br /><br />DaveUnknownhttps://www.blogger.com/profile/09563281091304543273noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-69267142436534939262009-07-23T02:45:55.174-04:002009-07-23T02:45:55.174-04:00I suspect the problem is that you are not root.
I...I suspect the problem is that you are not root.<br /><br />In order to debug Ferret, get a root prompt, and type "./ferret -i eth1". If you get the same error, then I have to debug it. The /dev/bpf0 confuses me. What version of Linux are you using? The latest Backtrack 4?Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-3186560799019269632009-07-22T22:45:31.839-04:002009-07-22T22:45:31.839-04:00Robert,
I get the following message after specif...Robert, <br /><br />I get the following message after specifying the adapter I want to listen to: <br /><br />"starting adapter en1<br />[...]<br />ERR:libpcap: no adapters found, are you sure you are root?<br /><br />-- Sniffing on interface 'en1'<br />en1: (no devices found) /dev/bpf0: Permission denied<br />-- graceful exit --"<br /><br />I'm not sure what to do with this. Can you help?Unknownhttps://www.blogger.com/profile/09563281091304543273noreply@blogger.com