sslstrip w/ My Wired-Wireless Network
I have the following setup works
# Victim
[My Laptop@10.0.0.2] < ---- > [My PC@10.0.0.1 & Gateway@10.0.0.138]
Works fine running sslstrip & bt4 vm on my pc as the attacker on my eth0 interface.
What im finding difficult is this setup, it effectively DoS attacks my router.
# Victim on XP [My Laptop@10.0.0.2]
>>>>>>>>>>>>>>>>>>>>>>> [Gateway@10.0.0.138]
# bt4 VMware [My Laptop@10.0.0.4]
- Victim on XP is connected to the gateway on my 1490 Mini WLAN Card.
- bt4 VMware is using my ALFA'36H to connect to the gateway, so both wireless.
arpspoof between XP@10.0.0.2 & Gateway@10.0.0.138 with interface wlan0 works. But as soon as i do the iptables i effectivly DoS the router and the victim cannot surf the net, so the attack becomes useless.
Code:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
So all im left with is a forum post from remote exploit i found the other day i cannot find again which breifly mentioned not needing sslstrip to do an attack like this because it is only encrypted with wpa/wep not ssl yet and that i can just run airdecap-ng to take off the encryption.
So how can i get this working using either method.
And going back to my original scenario with 1 client. If i reversed roles and used bt4 vmware on the laptop would i be able to do this sslstrip attack on the PC? or is it only limited to being ran from the wired side of the network?
Re: sslstrip w/ My Wired-Wireless Network
Re: sslstrip w/ My Wired-Wireless Network
Was the arp spoof successful? Did traffic flow normally without running ssl strip through your "attacking" pc (can use wireshark to verify)? At times when I played with Cain and Abel, it would only do a "one way" spoof because it couldn't complete it. Whether it be windows firewall or the router's firewall or other router/gateway settings that are hindering the arp poison.
Quote:
And going back to my original scenario with 1 client. If i reversed roles and used bt4 vmware on the laptop would i be able to do this sslstrip attack on the PC? or is it only limited to being ran from the wired side of the network?
Not sure how your wireless router/gateway handles the wireless side. It might put it the wireless on it's own little vlan and not allow it to talk to the rest of the network?
I just got a setup working with a Fonera router with Jasager installed (which is basically karma/karmetasploit) which is wired to my laptop and then the laptop connects to an AP wirelessly. All traffic of clients to the Fon goes through the BT4 laptop which I can run SSL Strip just fine.
Re: sslstrip w/ My Wired-Wireless Network
Stupid question: are you poisoning both caches? gw - target + target - gw
Re: sslstrip w/ My Wired-Wireless Network
im running this arpspoof command, same as i did for eth0 on my wired side.
Code:
arpspoof -i wlan0 -t <targetIP> <GatewayIP>
Re: sslstrip w/ My Wired-Wireless Network
You have to run it twice, one for gw->client, one for client->gw.
Re: sslstrip w/ My Wired-Wireless Network
Ahh thank you very much, i will try that and see how i go.
Re: sslstrip w/ My Wired-Wireless Network
Yep, the arp poisoning both ways is what did the trick for me. Thanks.
Re: sslstrip w/ My Wired-Wireless Network
Ettercap already does arp poisoning both ways. I advice to try it.
Re: sslstrip w/ My Wired-Wireless Network
Yea i gave ettercap a go and it wouldnt do it for me either, even though it has similar setup as cain & abel i stilll couldnt get it working that way.
