First of all …
And keep in mind : it is the first time it is used outside my test environment. It is quite likely that you will stumble over one of the major bugs.
What is AyCarrumba
AyCarrumba is a tool to analyze the data packets that are sent over the LAN you are connected to. This are the most important features that it supports:
- It poisons the ARP cache of the other systems in the LAN (including the default gateway) and reads and motifies the passing data packets.
- It redirects IP connections by poisoning clients DNS cache
- It acts as a HTTP(S) reverse proxy that allows to modify the request and response data
- It takes over running sessions (e.g. Facebook, LinkedIn, Hotmail, etc)
- It intercepts usernames and password of the most popular web services
What services are affected
Currently AyCarrumba intercepts the authentication data of the following services
- PayPal (IE only)
And it can take over sessions of the following services
In future releases other web services like GMail, Yahoo, eBay, Apple store, etc will also be supported.
The main reason that fishing account data or taking over sessions is feasible at all is not a bug on the side of these companies. Rather it is a combination of several general weaknesses in the network protocols that makes attacks successful.
I published already last week a short, untechnical description where the source of the evil is and what a user can do to protect himself. Well … at least it brings a temporary solution.
Known bugs (version 1.4)
There are still some minor and three known major bugs in it that can cause strange effects. I will address the major bugs next week and publish a fixed version 1.1 as soon as possible.
Here the list with the known bugs sorted by their priority :
|Confusing NIC settings end in crash||Under certain conditions while AyCarrumba is creating the list that contains all active network interfaces the process runs in an unhandled exception.|
|Conflicts with the Desktop Firewall||The local Firewall installation can cause conflicts with the proxy processes.|
|Plugin (de)activation||Was not fully implemented and is in the current version not enabled|
How to use it
There is not really a manual that explains in detail how to use it. On one side because I put my focus on fixing bugs and developing new plugins. On the other side it should be self explaining and intuitive to use. If it is not as intuitive as I thought then here is a little manual that explains the screens and plugins.
Where can I download it
In case you encounter any problems with the tool, you find a bug, you have suggestions to improve it, or you tested it with a Windows version i’ve not yet tested please drop me an email.