Quick and dirty ngrep credential (username/password) sniffer
Some time ago I’ve posted a quick (and dirty too!) command-liner using tcpdump to sniff plaintext credentials over the wire. Now I’ve acomplished the same thing with a shorter regex and ngrep tool. ngrep '[&\s?](?:login|user(?:name|)|p(ass(?:word|wd|)|w|wd))[\s:=]\s?([^&\s]*)' -q -iWhere -i is for case-insensitive and -q for more precise output. See man ngrep…