Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
IMPORTANT This post only applies to airssl 1.0, ignore this post if using 2.0
Using the rtl8187 driver may be so slow that addresses arent even handed out, to check if this applies to you simply issue if you can now see rtl8187 try flipping over to r8187.
Code:
kate /etc/modprobe.d/blacklist
Now at the bottom hash the r8187 driver (add a # with no space, i.e. #r8187), and beneath it add "rtl8187", without quotes, this will blacklist the rtl8187 driver and use the r8187 driver. Below is an example
Code:
blacklist snd_pcsp
blacklist rt73
blacklist ath_pci
#blacklist r8187
blacklist rtl8187
Now save the file and close.
Now remove you device/s that were using the rtl8187 driver and enter the commands below before plugging it back in.
Code:
modprobe -r rtl8187
modprobe r8187
Now when you issue you should see the device is now using the r8187 driver instead.
The r8187 driver is much much better for internet use, than the rtl8187, also now if you choose to, (do not hold me responsible for any damages or any legality issues), you may turn on high power mode by issuing
Code:
iwpriv "dev" highpower 1
you may now use iwconfig to boost power up to it`s maximum by issuing
Code:
iwconfig "dev" txpower 35
"dev" of coarse being the name of the device using the driver i.e. wlan0
I see alot of people complaining about MITM attacks being slow, or sslstrip slowing down the network, well I can use 2 alfa awus036h for this attack, and connected clients can browse at full speeds using the r8187 driver. Give this a go and tell me if anything improves, also you may want to fire up the script, get to the end of it and then choose y, to make airssl clean up, after that try running it again in exactly the same way, sometimes this works for me, if the script plays up.
Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
Now it really works great now
Thanks a lot
Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
I did a fair bit of experimenting with this script today and here are my experiences.
If you are running module rtl8187 then you need to add the bit where you start airmon-ng and change fakeap_interface to mon0. This is because when wlan0 (the wifi device that creates the fake ap) goes into monitor mode it creates a new device called mon0. If you are running r8187 then this device is not created: wlan0 goes into monitor mode, no new devices are created.
There is some outstanding issue with blank network names being created. On a macbook with a wifi dongle the network appeared with no name, but I was able to connect, get an IP address and everything worked. With my iPhone I can actually see the network named properly but I can not get an IP address. On a Windows XP machine the name is corrupted, usually it never shows up but sometimes the name appears as a series of boxes. If this happens then I can connect and get an IP address. So there appears to be an issue with creating the fake AP. I wonder if it is related to the -y switch in airbase-ng. There seems to be some discussion around the Internet about this, I could not get it to make a difference though with a lot of experimenting.
I am using the r8187 module, a alfa for the fake AP, and using eth0 for the Internet connection.
Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
Hello,
I have been playing with this script and tryint to get it to work with my rtl8187. I followed the tut in the post a couple of posts up, in regards to blacklisting the RTL8187 and using the r8187 instead.
The process was sucesfull but the output was not. All wireless connections then shows a -1% strength within Wcid.
I believe this may be the key to unlocking a consistant internet connection with the RTL8187, so if anyone can give me a hand it would be great. My internet connections are so rediculous sometimes that it makes me want to pull my hair out.
I am running Backtrack 4 R1 and a RTL8187 wlan chipset which has no problems injecting packets into networks on the brink of its wifi coverage. I find it to be strange.
Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
IMPORTANT This post only applies to airssl 1.0, ignore this post if using 2.0
Quote:
Originally Posted by
RexBudman
Hello,
I have been playing with this script and tryint to get it to work with my rtl8187. I followed the tut in the post a couple of posts up, in regards to blacklisting the RTL8187 and using the r8187 instead.
The process was sucesfull but the output was not. All wireless connections then shows a -1% strength within Wcid.
I believe this may be the key to unlocking a consistant internet connection with the RTL8187, so if anyone can give me a hand it would be great. My internet connections are so rediculous sometimes that it makes me want to pull my hair out.
I am running Backtrack 4 R1 and a RTL8187 wlan chipset which has no problems injecting packets into networks on the brink of its wifi coverage. I find it to be strange.
using the r8187 module will cause this to happen, it`s just an error in the pwr reading in wicd, if you fire up airodump-ng you will see all is well.
Quote:
Originally Posted by
MikeCa
I did a fair bit of experimenting with this script today and here are my experiences.
If you are running module rtl8187 then you need to add the bit where you start airmon-ng and change fakeap_interface to mon0. This is because when wlan0 (the wifi device that creates the fake ap) goes into monitor mode it creates a new device called mon0. If you are running r8187 then this device is not created: wlan0 goes into monitor mode, no new devices are created.
The reason why I do not want to hard code mon0 into the script is because, What if someone is using mon0 for something else?, i.e. internet connection, a 3rd card doing something else etc etc, it would cause more problems than it would be worth.
I do however strongly advise against using this script with an RTL8187 chipset based dongle, running the RTL8187 driver. Please refer to POST 31.
Also, this is why I mention cleaning up and restarting the script, the problem should be eliminated the second go round, i have a little idea on how to fix this problem without causing mess, ill do it soon as I get a moment.
Quote:
Originally Posted by
RexBudman
There is some outstanding issue with blank network names being created. On a macbook with a wifi dongle the network appeared with no name, but I was able to connect, get an IP address and everything worked. With my iPhone I can actually see the network named properly but I can not get an IP address. On a Windows XP machine the name is corrupted, usually it never shows up but sometimes the name appears as a series of boxes. If this happens then I can connect and get an IP address. So there appears to be an issue with creating the fake AP. I wonder if it is related to the -y switch in airbase-ng. There seems to be some discussion around the Internet about this, I could not get it to make a difference though with a lot of experimenting.
I am using the r8187 module, a alfa for the fake AP, and using eth0 for the Internet connection.
The corrupt beacons/ESSID problem is a fault of airbase-ng with certain drivers, I think the reason ESSID`s get truncated is something to do with generation of probe responses, I have not looked at the script yet, should I go and fix airbase-ng up to make AIRSSL that little bit better?
Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
Excuse me if I mis-read but I am sensing a bit of hostility in your response.
1) I agree you shouldn't hard code mon0 into the script, especially when it is caused by using rtl8187. I repeated it only to show what I saw not to stress that you should be doing something about it.
2) Yea, rtl8187 stinks, don't use that thing.
3) No, you shouldn't necessarily fix airbase-ng, but this thread is populated with quite a few people having issues so further discussing our findings should be useful discussion. We might be seeing the same issue as has been reported to aircrack-ng (http://trac.aircrack-ng.org/ticket/535)
Mike
Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
Quote:
Originally Posted by
MikeCa
Excuse me if I mis-read but I am sensing a bit of hostility in your response.
1) I agree you shouldn't hard code mon0 into the script, especially when it is caused by using rtl8187. I repeated it only to show what I saw not to stress that you should be doing something about it.
2) Yea, rtl8187 stinks, don't use that thing.
3) No, you shouldn't necessarily fix airbase-ng, but this thread is populated with quite a few people having issues so further discussing our findings should be useful discussion. We might be seeing the same issue as has been reported to aircrack-ng (
#535 (airbase-ng doesn't send correctly beacons with r8187))
Mike
Mike sorry you felt some hostility from me, the post contained none what so ever, I totally agree to and welcome any input to the thread, TY. Was just trying to answer your questions directly, maybe you thought the third part was sarcastic, well i was actually being serious maybe ill take a look at airbase and see whats causing this problem and see if i can include the fix in AIRSSL
Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
Hi killadaninja, first of all, thanks for making this script.
However, I've run into some troubles.
The client can't get an IP address.
Here's my config
Quote:
Router: Netgear (dhcp enabled)
interface connected to internet : eth0 wired
fakeap interface : wlan0 (mon0, I added the two lines from a post in this thread)
Client : alfa 036h, win7
Attacker : agn 4965 on my laptop
GW: 192.168.1.1
I had some trouble with : access denied (*)/dh..pid. Fixed by chmodding /var/usr
Outputs:
Quote:
DHCP :
DHCPDISCOVER from {client mac} at at0
DHCPOFFER on 10.0.0.20 to {client mac} (cod9-PC) via at0
Sometimes I get ...at0 : wrong network in DHCP window.
Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
killadaninja,
I tried your script with a internal broadcom b43 and usb awus036h rtl8187, it didn't work.
I tried the rtl8187 mod in post 31. Then it all worked with no problems.
Question is, does the rtl8187 mod apply only to your script? or does it apply in general to all BT4 apps?
I never had to modify it before, and with the mod, my wicd power levels show -1
Its not a big deal, but just wondering...
Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
Quote:
Originally Posted by
bbford
killadaninja,
I tried your script with a internal broadcom b43 and usb awus036h rtl8187, it didn't work.
I tried the rtl8187 mod in post 31. Then it all worked with no problems.
Question is, does the rtl8187 mod apply only to your script? or does it apply in general to all BT4 apps?
I never had to modify it before, and with the mod, my wicd power levels show -1
Its not a big deal, but just wondering...
I think ill edit the script to write a temp blacklist and use the r8187 driver, I didn't initially want to do this, but it seems it will benefit the majority. Rtl8187 module is fine for injection, but no good for surfing.
