Re: Script for sniffing traffic.
Hi comaX. many thanks for this wonderful script. I have read through all 18 pages of comments and also had watched the video. I have downloaded and installed the script in my machine. Everything seems to run smooth however when I login to twitter / hotmail (I am manually typing the login / password) I do not get these captured. Please note that I have also use yamas -e option too. I am sure there is some settings in my machine which needs to be fixed but I just do not know which needs fixing.
My Machine:
BackTrack 5 R2 Gnome 64 bit : Linux bt 3.2.6 x86_64 GNU/Linux : HDD installed.
Note the messages as I launch yamas
Code:
[+] Cleaning iptables
[-] Cleaned.
[+] Activating IP forwarding...
[-] Activated.
[+] Configuring iptables...
To what port should the traffic be redirected to? (default = 8080)
Port 8080 selected as default.
From what port should the traffic be redirected to? (default = 80)
Port 80 selected as default.
Traffic from port 80 will be redirected to port 8080
[-] Traffic rerouted
[+] Activating sslstrip...
Choose filename to output : (default = yamas)
Sslstrip will be listening on port 8080 and outputting log in /tmp/yamas.txt
sslstrip 0.9 by Moxie Marlinspike running...
[-] Sslstrip is running.
[+] Activating ARP cache poisoning...
Gateway : 192.168.1.1 Interface : wlan0
Enter IP gateway adress or press enter to use 192.168.1.1.
192.168.1.1 selected as default.
What interface would you like to use? It should match IP gateway as shown above. Press enter to use wlan0.
wlan0 selected as default.
We will target the whole network as default. You can discover hosts and enter IP(s) manually by entering D.
Press enter to default.
Targeting the whole network on 192.168.1.1 on wlan0 with ARPspoof
[-] Arp cache poisoning is launched. Keep new window(s) running.
Attack should be running smooth, enjoy.
Attack is running. You can :
1. Rescan network.
2. Add a target (useless if targeting whole network).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.
Enter the number of the desired option.
Please note the interface and gateway ip are correct.
Many thanks again.
Re: Script for sniffing traffic.
Try using mon0 after setting up wlan0 to run in monitor mode with airmon-ng.
Re: Script for sniffing traffic.
Quote:
Originally Posted by
ShadowMaster
Try using mon0 after setting up wlan0 to run in monitor mode with airmon-ng.
Hey thanks but how would being mon0 work. mon0 is to sniff traffic and it cannot associate with an AP. In order to sniff logins/passwords you need to be MITM and mon0 cannot do that.
Re: Script for sniffing traffic.
Since when can mon0 not associate with an AP? All monitor mode does is enable the ability to sniff raw packet frames from the ether. This is the first I ever heard about monitor mode decreasing functionality...
Re: Script for sniffing traffic.
Quote:
Originally Posted by
hannah
Hi comaX. many thanks for this wonderful script. I have read through all 18 pages of comments and also had watched the video. I have downloaded and installed the script in my machine. Everything seems to run smooth however when I login to twitter / hotmail (I am manually typing the login / password) I do not get these captured. Please note that I have also use yamas -e option too. I am sure there is some settings in my machine which needs to be fixed but I just do not know which needs fixing.
My Machine:
BackTrack 5 R2 Gnome 64 bit : Linux bt 3.2.6 x86_64 GNU/Linux : HDD installed.
Please note the interface and gateway ip are correct.
Many thanks again.
Hi, thanks for reading it all before posting, even I wouldn't go this far. You say it doesn't work for hotmail / twitter. Does it work for others ? Have you tried in private browsing mode to avoid anything being transmitted via cookies for instance ? Did you make sure you were not on an https connection ? Some sites like gmail enforce this type of connection, rendering sslstrip/ettercap useless.
Since you're using ettercap, have you tried using sslstrip ?
As for the mon0/wlan0, it's not really relevant here. Indeed I don't think you can associate with an AP in monitor mode, but what you can do is being connected with wlan0 to an AP, and have a pseudo-interface mon0 in monitor mode. In a nutshell, mon0 itself doesn't connect, but the wireless interface can be connected, and in monitor mode.
But once again, I don't really see how that is relevant here, so unless you guys explain in more details, let's just forget that.
I have some more ideas, but more troubling too, so I'll wait for your feedback before conjecturing horrid stuff :p
//
Quote:
I'll risk getting my ass kicked because it's absolutely irrelevant to Backtrack, but there is this project I started that needs help growing :
http://msimdb.comax.fr It's a database of movie quotes in music. It suffers greatly from content and anything non-metal. So if you guys are willing to help in anyway you can think of, I'll be super glad ! Mods, sorry for doing this.
Re: Script for sniffing traffic.
Quote:
Originally Posted by
comaX
Hi, thanks for reading it all before posting, even I wouldn't go this far. You say it doesn't work for hotmail / twitter. Does it work for others ? Have you tried in private browsing mode to avoid anything being transmitted via cookies for instance ? Did you make sure you were not on an https connection ? Some sites like gmail enforce this type of connection, rendering sslstrip/ettercap useless.
Since you're using ettercap, have you tried using sslstrip ?
BTW: I am running version 20120213
First of all I have tried both option with yamas, I mean the default is with sslstrip and with yamas -e (which activates ettercap). I now have used a browser with all cookies cleared. Have tried https and http authentication site.
Password box does not show me anything.
I am sure this script works as it's working with everyone else as it seems. Is there a debug option in this script. Help file does not say of there is any. Any idea will be appreciated.
@ShadowMaster
Now in regards to mon0 issue, what I meant that you cannot get ip address from an AP through mon0. Hence no gateway and this script is not going to work. Please correct me if I am wrong here.
Always willing to learn.
Regards
Re: Script for sniffing traffic.
@comaX Ideas are always welcome, no matter how troubling they may be.
@hannah Why not do what comaX said, which is what I meant, just in more detail. Basically associate with wlan0 and create a pseudo-interface mon0? Also, setting your own default gateway is really not hard... route gw {ip} or some thing very similar, don't remember off hand sorry. I'd be more worried about the no ip, which is also easy to set...
Re: Script for sniffing traffic.
Quote:
Originally Posted by
ShadowMaster
@comaX Ideas are always welcome, no matter how troubling they may be.
The troubling idea would be that they changed the authentication process and I might have to change the parser, which was a pain in the arse back then, and now that I don't have everything in mind, I fear it would be again, with the necessity to first understand what I wrote back then... So yeah, it's troubling :p
@Hannah : you didn't tell me if it worked for other sites or not. Are you using a local connection page maybe ? (fr.msn.com ; us.msn.com... I just made them up, but you know what I mean)
Re: Script for sniffing traffic.
comaX, I know that fell bro. I am writing a perl script to help with ASM ghostwriting automation, and since I don't really know perl, and refuse to write it in py, I basically lost track of the number of times I've had to rewrite portions and figure out what I wanted to do with them. Incidentaly, anyone who knows perl and is willing to help would be amazing. I don't want to post it in the forums until its done though.
Re: Script for sniffing traffic.
Quote:
Originally Posted by
comaX
@Hannah : you didn't tell me if it worked for other sites or not. Are you using a local connection page maybe ? (fr.msn.com ; us.msn.com... I just made them up, but you know what I mean)
No so far it did not work for any other sites either. Yes I have tried sites like http://www.backtrack-linux.org/ as well which is not https. Anyway is there any config file (e.g; etter.conf ) I need to manually change or does your script do that automatically.
What I am thinking now to get sslstrip / ettercap manually working in my machine and then proceed.
@ShadowMaster: Will heed your advice.
