there be ferrets running amok on the wireless nets

The news of this tool is making the rounds, so I thought I’d post quick. Errata Security has partially released a tool called Ferret which purports to show what all is being leaked through your wireless connection everytime you use it.

How do you run it? Download the file and pull out the pre-compiled ferret.exe. Run it from a command line without options and it will tell you your network interfaces. Pick your interface and run ‘ferret.exe -i#’ to use that interface. Incidentally, you can use a wired or wireless connection if you’d like. (You might need winpcap, but I don’t know since I always have it installed anyway.)

The bottomline is this current tool is not as revolutionary as some news and mailing lists are stating. It is really just a sniffer that is only looking for specific data including broadcasts and some application data; things that anyone running any sniffer would be looking for (such as cleartext IMs, passwords, usernames, sites you visit…). Since this is meant for wireless networks, this stuff is typically “broadcast” anyway, due to the medium.

The real beauty will be in the next part of Ferret that they release, the visual/correlating tool.

Check it out, but if you’re used to looking at packet captures, don’t expect to be wowed right now.