1
00:00:01,410 --> 00:00:02,630
Welcome back.

2
00:00:02,640 --> 00:00:05,130
Let's continue with our passport sniffer.

3
00:00:05,130 --> 00:00:10,560
So the first function out of these two which we mentioned that we are going to need is this one.

4
00:00:10,770 --> 00:00:16,560
We want to first of all pass the packets and filter them should they say so we want to filter for the

5
00:00:16,560 --> 00:00:22,130
specific packets that might contain the user name and password and then on the after this is done we're

6
00:00:22,140 --> 00:00:28,510
going to paste the content of those packets into this get log and password function and dysfunction

7
00:00:28,610 --> 00:00:31,980
function we're going to extract the username and password.

8
00:00:31,980 --> 00:00:32,650
All right.

9
00:00:32,700 --> 00:00:38,940
So let's start off with the packet password first thing that we need to specify right here is we need

10
00:00:38,940 --> 00:00:43,260
to check for whether this packet has the DCP layer.

11
00:00:43,260 --> 00:00:50,330
Now we can simply just do that if we specify give packet DOT has layer.

12
00:00:50,850 --> 00:00:53,130
And this is a function that exists since KP.

13
00:00:53,970 --> 00:00:59,240
We simply specify in the brackets which layer we want to look for in our case DCP.

14
00:00:59,240 --> 00:00:59,730
All right.

15
00:01:00,270 --> 00:01:04,910
So if packet has this layer then we're going to filter it forward.

16
00:01:04,920 --> 00:01:14,130
There is another layer that you should have and that is packet that has layer rock and this roll there

17
00:01:14,670 --> 00:01:17,640
is just a sub layer of the DCP layer.

18
00:01:17,730 --> 00:01:26,090
So if there is a role error there is for sure going to be at DCP layer well in most cases.

19
00:01:26,110 --> 00:01:35,270
Now another thing that we want to specify right here is if it also has the IP layer.

20
00:01:35,510 --> 00:01:40,640
Now if these three statements are satisfied then that is the packet that we are looking for.

21
00:01:40,640 --> 00:01:46,390
So we're going to type right here two dots and you might notice the trade here.

22
00:01:46,520 --> 00:01:48,780
These names are read underlined.

23
00:01:48,980 --> 00:01:52,210
Well some of them don't worry about that.

24
00:01:52,220 --> 00:01:54,290
We're going to worry about that later on.

25
00:01:54,350 --> 00:01:58,100
It almost like to even work without us having to fix anything right here.

26
00:01:58,100 --> 00:02:00,640
And that is just some problem with the pitch arm itself.

27
00:02:00,650 --> 00:02:02,810
So no need to worry about that at the moment.

28
00:02:02,810 --> 00:02:05,990
If there is anything that we need to fix later on we are going to fix it.

29
00:02:05,990 --> 00:02:06,770
All right.

30
00:02:06,830 --> 00:02:12,990
So now that we've got these statement right here if that statement is fulfilled what we want to do is

31
00:02:12,990 --> 00:02:19,670
we want to extract the body of the packet since in the body of the packet there is going to be all the

32
00:02:19,670 --> 00:02:23,790
information that we are looking for such as usernames and passwords.

33
00:02:23,810 --> 00:02:24,740
How can we do that.

34
00:02:24,740 --> 00:02:28,210
Well we can simply specify a variable which will be called body.

35
00:02:28,810 --> 00:02:35,280
And that variable will be equal to the string of the packet DCP part.

36
00:02:35,300 --> 00:02:40,760
So we selected like this in the square brackets and then we want to select that payload.

37
00:02:40,760 --> 00:02:41,230
All right.

38
00:02:41,750 --> 00:02:48,170
So we're selecting the packet taking the DCP part and inside of the payload of the DCP layer.

39
00:02:48,320 --> 00:02:54,200
There is going to be a user name and password in case the target's tried to log into some page.

40
00:02:54,200 --> 00:03:00,110
Now what we want to do is we want to send this body to our second function which is going to be get

41
00:03:00,110 --> 00:03:01,050
logged in pass.

42
00:03:01,700 --> 00:03:10,760
So let's call the function get log in underscore pass and we will pass the body straight to that function.

43
00:03:10,850 --> 00:03:16,360
So let's go over this once again we live on our interface which is 88 0.

44
00:03:16,400 --> 00:03:21,690
Then we check for each and every packet if it has layer DCP if it has layer rock.

45
00:03:21,890 --> 00:03:27,770
And if it has layer IP if all of these three conditions are met then we select the body variable to

46
00:03:27,770 --> 00:03:31,160
be equal to the payload of the DCP layer.

47
00:03:31,160 --> 00:03:38,750
Once we select that we send this body to our second function which is get log in pass now inside of

48
00:03:38,750 --> 00:03:39,920
this function.

49
00:03:39,920 --> 00:03:43,760
What we need to do is we first of all need the need for select two different variables.

50
00:03:43,760 --> 00:03:46,550
First one is going to be user to be equal to none.

51
00:03:48,050 --> 00:03:55,730
And password to be equal to not now not simply means that we do not have any value at the moment inside

52
00:03:55,730 --> 00:03:57,260
of these two variables.

53
00:03:57,410 --> 00:04:03,020
And hopefully at the end of this function we should have the user name and password stored right here.

54
00:04:03,020 --> 00:04:08,750
So let's end our tutorial here and we are going to continue in the next lecture with the coding of our

55
00:04:08,750 --> 00:04:10,220
two functions.

56
00:04:10,220 --> 00:04:11,210
Take care by.