dsniff
======

[dsniff][1] is a collection of tools for network auditing and penetration
testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively
monitor a network for interesting data (passwords, e-mail, files, etc.).
arpspoof, dnsspoof, and macof facilitate the interception of network traffic
normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm
and webmitm implement active monkey-in-the-middle attacks against redirected
SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

## docker-compose.yml

```yaml
dsniff:
  image: vimagick/dsniff
  net: host
  volumes:
    - ./data:/data
  working_dir: /data
  tty: yes
  restart: unless-stopped
```

## Server Setup

```bash
$ docker-compose up -d
$ docker-compose exec dsniff tmux ls
$ docker-compose exec dsniff tmux a
>>> echo -e '192.168.31.1\twww.baidu.com' >> hosts
>>> dnsspoof -i eth0 -f hosts
>>> arpspoof -i eth0 -t 192.168.31.1 192.168.31.102
>>> arpspoof -i eth0 -t 192.168.31.102 192.168.31.1
```

## Client Setup

```bash
$ ping www.baidu.com
$ curl www.baidu.com
```

[1]: https://www.monkey.org/~dugsong/dsniff/