First of all …
And keep in mind : it is the first time it is used outside my test environment. It is quite likely that you will stumble over one of the major bugs.
What is AyCarrumba
AyCarrumba is a tool to analyze the data packets that are sent over the LAN you are connected to. This are the most important features that it supports:
- It poisons the ARP cache of the other systems in the LAN (including the default gateway) and reads and motifies the passing data packets.
- It redirects IP connections by poisoning clients DNS cache
- It acts as a HTTP(S) reverse proxy that allows to modify the request and response data
- It takes over running sessions (e.g. Facebook, LinkedIn, Hotmail, etc)
- It intercepts usernames and password of the most popular web services
What services are affected
Currently AyCarrumba intercepts the authentication data of the following services
- PayPal (IE only)
- Dropbox
- WordPress
And it can take over sessions of the following services
- Hotmail
- WordPress
In future releases other web services like GMail, Yahoo, eBay, Apple store, etc will also be supported.
The main reason that fishing account data or taking over sessions is feasible at all is not a bug on the side of these companies. Rather it is a combination of several general weaknesses in the network protocols that makes attacks successful.
I published already last week a short, untechnical description where the source of the evil is and what a user can do to protect himself. Well … at least it brings a temporary solution.
Known bugs (version 1.4)
There are still some minor and three known major bugs in it that can cause strange effects. I will address the major bugs next week and publish a fixed version 1.1 as soon as possible.
Here the list with the known bugs sorted by their priority :
| Confusing NIC settings end in crash | Under certain conditions while AyCarrumba is creating the list that contains all active network interfaces the process runs in an unhandled exception. |
| Conflicts with the Desktop Firewall | The local Firewall installation can cause conflicts with the proxy processes. |
| Plugin (de)activation | Was not fully implemented and is in the current version not enabled |
How to use it
There is not really a manual that explains in detail how to use it. On one side because I put my focus on fixing bugs and developing new plugins. On the other side it should be self explaining and intuitive to use. If it is not as intuitive as I thought then here is a little manual that explains the screens and plugins.
Where can I download it
|
Feedback
In case you encounter any problems with the tool, you find a bug, you have suggestions to improve it, or you tested it with a Windows version i’ve not yet tested please drop me an email.
Thanks to …
Thank you Antonio Stano and Dusan Panic for sacrificing your time for testing, giving feedback and making AyCarrumba crash so many times!
it is developed and tested under win7. no idea if it is running under win xp
Do you have it to windows XP?
hey alice
i was tinkering around on a web spider and used AyCarrumba page as referer. you are the first one reacting after 1 day and 50k crawled pages :)
thanks for reacting … let’s see who else finds the way to this place :)
Howdy! In an amusing moment of irony we’ve received in our logs a failed XSRF using this page as a referrer! :D Very interesting tool, by the way. Like a highly advanced version of Firesheep, and mitigated by the same methods: a IDS/IPS router that can detect poisoning attacks. For those interested in preventing these types of attacks I can highly recommend Snort. :)