wireless MITM

[samer]

hi
i have a question
suppose we have a open AP (no encryption)
and a client associate with this AP ,
and a " bactrack 4 "in the middle between the AP and the client .

the BT4 can be a man in the middle between AP and the client WITHOUT connecting to the AP (for example the BT4 make a dns spoofing to google.com
but when the client connect to google.com the BT4 redirect the client to other site for example his apache server...)
((WITHOUT CONNECTING TO THE AP))
thanks...

[imported_cybrsnpr]

hi
i have a question
suppose we have a open AP (no encryption)
and a client associate with this AP ,
and a " bactrack 4 "in the middle between the AP and the client .

the BT4 can be a man in the middle between AP and the client WITHOUT connecting to the AP (for example the BT4 make a dns spoofing to google.com
but when the client connect to google.com the BT4 redirect the client to other site for example his apache server...)
((WITHOUT CONNECTING TO THE AP))
thanks...

...and your question based on this statement is?

[samer]

my question is :
we can make a wireless MITM without connecting to the AP ?

[imported_cybrsnpr]

we can make a wireless MITM without connecting to the AP ?

Another statement, but I will assume that English is not your primary language.
Let's try it this way:

can we make a wireless MITM without connecting to the AP ?

Yes. If not connecting to the existing AP is a requirement, you will need to create your own rogue AP and force the client to connect to it. There is an active thread on this subject in the BT3 Howto section.

[samer]

this scenario can be done: (without creacting a rogue AP)
i put my wifi in monitor mode i capture packet for a specific mac
and i use airtun-ng ,to create a at0 interface and i direct this interface to wireshark ,ettercap... (or other tools that can modify packets) .then i re-inject the new output packet created into the AP or the client ??
(assuming that the BT4 is not far from the AP)
physically like this:
AP-------------------BT4----------------------client

[KMDave]

Well somehow you have to connect to the AP else how do you think you could send anything through it?

The little "picture" is contradicting the text you wrote above it. In the end you want to send the packets through the original AP so you have to connect to it in some way.

[Vagabond]

@samer: yes..sniffing traffic withouht being connected can be done the way you descibed it..try also dsniff, and the other ones on your tab interface !

Reinjection i never tried..if you have any news on this, i´m glad to hear from you !

[samer]

i have mentioned about the picture that:
this is the PHYSICAL location.(i mean that the BT4 is more near to the AP compared to the CLIENT).

about the NO direct connection with the AP (i mean the BT4 DON'T make
iwconfig wlan0 essid ...
iwconfig wlan0 key ...
dhclient wlan0)
:
can we use aireplay-ng to re-inject our captured packet after modifying it??(in this scenario we should be more quickly by sending the packet to the AP compared to the client .)
I DON'T mean modifying all the packets captured only few of them .

[Shatter]

I think he means whether its possible to setup BT4 in a way to act as a real access point, but bt4 itself isn't really connected to the internet (wired nor wireless). Instead, it uses its own internal apache server to provide the HTTP content based on the DNS query (eg www.google.com) to users that associated to this fake AP and would like to surf online.

[samer]

all what i am trying to say is :

i want to use only these tools:
aireplay-ng
airodump-ng
airtun-ng
wireshark
ettercap

i DON'T want to create a FAKE AP with airbase-ng .
ONLY i want to capture packets with airodump-ng ,modifying it with ettercap THEN RE-INJECTING it (the new modified packet) with aireplay-ng
this can be done??