[papad] Publicly Available PAssworDs

About | Requirements | Project Page on Sourceforge. | Downloads | Mailing Lists

About papad
papad is a program to capture cleartext passwords from the network. It is a useful tool to assess the security of network software at your site.

The original papad was just a simple hack written in C in a single man day. It was just an experiment to check out the internals of a sniffer. Therefore no planning had gone into it and it remains only as an example of bad code. But, it works. It also demonstrates how to sniff. As of today, the program can capture telnet, FTP, POP and IMAP passwords.

We have given up on the original code and gone back to the drawing board to design a modular content capture system. Check out the current requirements. Hopefully we'll turn them into features before long.

Requirements

To capture TCP sessions and make their data available to application protocol aware modules for detailed analysis.

To capture UDP datagrams and make their data available to application protocol aware modules for detailed analysis.

Application aware modules should have a uniform view of the system. A library will be provided to write application aware modules without worrying about layer 4 and below.

There should be sufficient primitives to ask connections destined towards a specific port to be made available for inspection once they are established. The requirement is not just a static association between application and port, but something more dynamic to allow for active and passive transfers in FTP which is a very common application.

Create analysis reports which can be displayed in a uniform way by the system.

We expect papad to have many contributions from the open source community. The goal is that the core design should be so robust that it never needs to change. It should be possible to add application aware modules without recompiling the main executable.

Supporting functionality like modules specific help, options, listing etc. should be consistent with dynamic module loading. This in effect means that the API/library for writing the application aware modules needs to have support for all these functions.

To do all off the above with very high performance. Most LANs carry a large amount of traffic. Irrelevant traffic will have to be filtered out as early as possible. We hope to leverage packet filtering capability of the Linux (and other Unices) kernel by using kernel level filters.