NetRipper is a fairly recent one tool which is based on Windows and uses a number of approaches to extract sensitive data.
Uses an API connection to monitor network traffic encrypted by a guest user, being able to capture both simple traffic and encrypted traffic before encryption / others and after decryption. This tool was first introduced at Defcon 23 in Vegas.
Installation
root@ddos:~/Desktop# git clone https://github.com/NytroRST/NetRipper.git
root@ddos:~/Desktop# cd NetRipper/Metasploit/
root@ddos:~/Desktop/NetRipper/Metasploit# cp netripper.rb /usr/share/metasploit-framework/modules/post/windows/gather/netripper.rb
root@ddos:~/Desktop/NetRipper/Metasploit# mkdir /usr/share/metasploit-framework/modules/post/windows/gather/netripper
root@ddos:~/Desktop/NetRipper/Metasploit# g++ -Wall netripper.cpp -o netripper
root@ddos:~/Desktop/NetRipper/Metasploit# cp netripper /usr/share/metasploit-framework/modules/post/windows/gather/netripper/netripper
root@ddos:~/Desktop/NetRipper/Metasploit# cd ../Release/
root@ddos:~/Desktop/NetRipper/Release# cp DLL.dll /usr/share/metasploit-framework/modules/post/windows/gather/netripper/DLL.dll
Use
Create FUD payload to Shellter
1. Download and run the Shellter
2. Select Operation Mode and Target [executable file for backdoor integration], in this wizard I am going to use the plink.exe file
3. Configure your payload by setting the LHOST, RPORT parameter
4. We run it Metasploit
5. We send the backdoored file to our victim and wait for it to run
6. I am going to Injectable firefox.exe. You can also do the same in Google Chrome.
7. And now all the data from these processes start to be stored in the user's temporary directory.
8. Now, you can get all the victim traffic (include traffic HTTPS)
Video guide
Application snapshots
You will find the program here