NetRipper 1.1.24 release: Smart traffic sniffing for penetration testers

NetRipper – this is a fairly recent tool that is positioned for the post-operating system based on Windows and uses a number of non-standard approaches to extract sensitive data. It uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. This tool was first demonstrated at the Defcon 23 in Vegas.


Version 1.1.24:

  • Added support for Opera and SecureCRT

Version 1.1.23:

  • Added support for Slack x64

Version 1.1.22:

  • Added support for Chrome 70 x64

Installing NetRipper in Kali Linux

root@ddos:~/Desktop# git clone

root@ddos:~/Desktop# cd NetRipper/Metasploit/

root@ddos:~/Desktop/NetRipper/Metasploit# cp netripper.rb /usr/share/metasploit-framework/modules/post/windows/gather/netripper.rb

root@ddos:~/Desktop/NetRipper/Metasploit# mkdir /usr/share/metasploit-framework/modules/post/windows/gather/netripper

root@ddos:~/Desktop/NetRipper/Metasploit# g++ -Wall netripper.cpp -o netripper

root@ddos:~/Desktop/NetRipper/Metasploit# cp netripper /usr/share/metasploit-framework/modules/post/windows/gather/netripper/netripper

root@ddos:~/Desktop/NetRipper/Metasploit# cd ../Release/

root@ddos:~/Desktop/NetRipper/Release# cp DLL.dll /usr/share/metasploit-framework/modules/post/windows/gather/netripper/DLL.dll


How to use NetRipper

Generating FUD payload with Shellter

  1. Download and run shellter
  2.  Choose Operation Mode  and Target [executable file to embed backdoor], on this tutorial, I am going to use plink.exe file
  3. Configure your payload, setting LHOST, RPORT parameter
  4. Start Metasploit listener
  5. Send backdoored-file to your victim and wait until it starts
  6. You /post/windows/gather/netripper module, and setting the parameter. I am going to inject firefox.exe process. You can also inject Google Chrome process.
  7. And now all the data from these processes are beginning to be saved in the temporary directory of the user.
  8. Now, you can get all victim traffic (include HTTPS traffic)


Copyright (C) NytroRST