[papad] Publicly Available PAssworDs
About
|
Requirements
|
Project Page on Sourceforge.
|
Downloads
|
Mailing Lists
About papad
papad is a program to capture cleartext passwords from the network.
It is a useful tool to assess the security of network software at your site.
The original papad was just a simple hack written in C in a single man day.
It was just an experiment to check out the internals of a sniffer. Therefore no
planning had gone into it and it remains only as an example of bad code. But,
it works. It also demonstrates how to sniff. As of today, the program
can capture telnet, FTP, POP and IMAP passwords.
We have given up on the original code and gone back to the drawing board to
design a modular content capture system. Check out the current requirements.
Hopefully we'll turn them into features before long.
Requirements
-
To capture TCP sessions and make their data available to application
protocol aware modules for detailed analysis.
-
To capture UDP datagrams and make their data available to application
protocol aware modules for detailed analysis.
-
Application aware modules should have a uniform view of the system. A
library will be provided to write application aware modules without
worrying about layer 4 and below.
-
There should be sufficient primitives to ask connections destined towards
a specific port to be made available for inspection once they are
established. The requirement is not just a static association between
application and port, but something more dynamic to allow for active and
passive transfers in FTP which is a very common application.
-
Create analysis reports which can be displayed in a uniform way by the
system.
-
We expect papad to have many contributions from the open source community.
The goal is that the core design should be so robust that it never needs to
change. It should be possible to add application aware modules without
recompiling the main executable.
-
Supporting functionality like modules specific help, options, listing etc.
should be consistent with dynamic module loading. This in effect means that
the API/library for writing the application aware modules needs to have
support for all these functions.
-
To do all off the above with very high performance. Most LANs carry a large
amount of traffic. Irrelevant traffic will have to be filtered out as early
as possible. We hope to leverage packet filtering capability of the Linux
(and other Unices) kernel by using kernel level filters.