Dark-Alex-17/kapow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remote tcpdump demo

Browse Source
This commit is contained in:
Roberto Abdelkader Martínez Pérez
2019-09-06 13:11:52 +02:00
parent d3e719af66
commit 04014e1254
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
poc/examples/tcpdump/README.md
+11
View File
@@ -0,0 +1,11 @@
Remote tcpdump sniffer with source filtering
============================================
1. Add any filter you want to the tcpdump command inside `tcpdump.pow`.
2. For the sake of simplicity run `sudo kapow server tcpdump.pow`. In a
production environment tcpdump should be run with the appropiate permissions
but kapow can (and should) run as an unprivilieged user.
3. In your local machine run `curl http://localhost:8080/sniff/wlp2s0 | sudo
wireshark -k -i -` if you don't want to run Wireshark as root follow this
guide: https://gist.github.com/MinaMikhailcom/0825906230cbbe478faf4d08abe9d11a
4. Profit!
poc/examples/tcpdump/tcpdump.pow
+1
View File
@@ -0,0 +1 @@
kapow route add /sniff/{iface} -c 'tcpdump -i "$(kapow get /request/matches/iface)" -U -s0 -w - "not port 8080" | kapow set /response/stream'