ENIGMA CURRY

ECSniff - Introducing the Enigma Curry Network Sniffer

I was talking to my friend Gandhi today. He's taking a really lame computer networking class this semester in order to fulfill graduation requirements. He's confident that he won't be learning a thing in the class.

This worries me a bit. I was told by one of my professors a few years ago that I would not need to take this class. Now Gandhi is being forced into it. Despite my having several years of experience in the field already, soon, I too may be forced into answering questions like "What is an IP address?" or even worse "How does the Internet make our lives easier?"....... shudder and shudder.

Maybe I can prove to them that I really don't need to take the class. I thought of showing them a picture of the server room at work. We have a little under 70 computers in there. All networked and maintained by me. Then again, maybe they think the class will teach me "the deep internals of networking" or something equally untrue of the class. So, I thought if push comes to shove, I'd show them that I can find anyone's email password on the network (assuming I have physical access of course)

So without further ado, here is the Enigma Curry Network Sniffer.

This software is by no means original. There are umpteen different other programs out there that will do similar things. I wrote this one, however, by only reading the RFC documents available on the various protocols used. I wanted to make sure that I knew much more than will ever be taught in this dumb IS course. Plus, it was pretty fun to write.

Right now this software only does two things. It will scan the local network for connections to POP3 email servers and HTTP servers using Basic Authentication. Anytime someone on the network uses one of these very insecure protocols, it will display their username and password on the screen of the person running this program. You can also leave the program running and log the results to a file. For future versions, I think it would be fun to explore some instant messaging protocols like MSN... it would be fun to prove the necessity to some of my friends and coworkers of using Gaim-Encryption.

Go download the software if you'd like to try it out, but please don't get yourself into trouble! I take no responsibility for your actions.