Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: is a mitm penetration needed for this?

  1. #1
    Member
    Join Date
    Nov 2008
    Posts
    62

    Default is a mitm penetration needed for this?

    I do not know if this is the right place to ask this. I want to monitor the activity of the ipad in my lan. I know the wpa2 password (because I set it up). I would like to use another console (can you tell how old i am?) to intercept the traffic from the ipad to the router. Is wireshark the appropriate tool? Or is there a better way?

    tnx.

  2. #2
    Good friend of the forums gunrunr's Avatar
    Join Date
    Jan 2010
    Location
    shining my spoon
    Posts
    265

    Default Re: is a mitm penetration needed for this?

    you can use wireshark if you want, just make sure that the interface that you are listening on is connected to the same lan as the ipad is, and is in promiscuous mode. With wireshark you should be able to see all the remote connections, and the tcp syn and acks. if you to want to pick up more data such as logins and other information you could use ettercap and sslstrip, but if you were going to do that you would experience a bit of drain on the bandwidth for your ipad.
    Wielder of the spoon of doom
    Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
    Come hang out with hackers on twitter @gunrunr556

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: is a mitm penetration needed for this?

    If its your LAN why not just setup a span port?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Member
    Join Date
    Nov 2008
    Posts
    62

    Default Re: is a mitm penetration needed for this?

    Quote Originally Posted by thorin View Post
    If its your LAN why not just setup a span port?
    i guess because i'm stupid and don't know how to implement a span port on a cheap home router. But actually, i am using an actiontec MI424WR if that helps you explain what i should do.

    also, i seem to remember an app that would reconstruct the packets so that i'd see a mirror image of what the target ip was seeing. but i forgot that trick. anyone remember?

  5. #5
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: is a mitm penetration needed for this?

    well you can set your wlan device to monitor mode and capture and decrypt traffic of do a mitm using arpspoof or ettercap

  6. #6
    Member
    Join Date
    Nov 2008
    Posts
    62

    Default Re: is a mitm penetration needed for this?

    Quote Originally Posted by halfdone View Post
    well you can set your wlan device to monitor mode and capture and decrypt traffic of do a mitm using arpspoof or ettercap
    Well, it turns out the problem i was having is related to the fact that the ipad (and iphone) turn off wifi as soon as it goes to sleep. So, i can reconnect and arp poison and read the http packets just fine.

    But does anyone remember the app that reconstructs what the user is seeing from all the packets?

  7. #7
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    10

    Default Re: is a mitm penetration needed for this?

    Upside-Down-Ternet

    Haven't tried I myself yet but I think this is what you want.

  8. #8
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: is a mitm penetration needed for this?

    Quote Originally Posted by bwana
    i guess because i'm stupid and don't know how to implement a span port on a cheap home router.
    Sorry I was thinking a business setting. Though some home routers will let you do it as well, you have to lookup model specific info or go with dd-wrt or something similar.

    But does anyone remember the app that reconstructs what the user is seeing from all the packets?
    I'm pretty sure Wireshark has plugins for that or maybe you're thinking of something like Netwitness

    NetWitness Investigator Software Download

    The network is yours, we'll assume the iPad is yours (or you should simply prevent the person from connecting) so why not just run Wireshark (or similar) right on the iPad? (There's gotta be "an app for that")
    Last edited by thorin; 07-05-2010 at 07:32 PM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  9. #9
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: is a mitm penetration needed for this?

    Why do you want to do this? If its just out of interest in what the iPad sends you could temporarily turn off the wireless encryption and sniff that way. Or you could sniff the traffic after it gets to the Wireless Access Point given the correct hardware/software setup. Or you could try this guide to decrypting 802.11 traffic in Wireshark.

    Wireshark will let you reconstruct certain sessions in the capture once the traffic is decrypted....
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  10. #10
    Member
    Join Date
    Nov 2008
    Posts
    62

    Default Re: is a mitm penetration needed for this?

    Quote Originally Posted by lupin View Post
    Why do you want to do this? ...
    My kids use the ipad and unfortunately you cant install anything like netnanny,etc. to restrict surfing from it. Of course, I could put the forbidden websites into the router--there is a facility for that--but then all pcs in the house are blocked. So basically, I want to be able to check on where they've been on the net from time to time.

Page 1 of 2 12 LastLast

Similar Threads

  1. Penetration Challenge
    By vityav in forum OLD Pentesting
    Replies: 9
    Last Post: 03-06-2010, 07:12 PM
  2. Best Penetration E book with the URL
    By Sharabh Sharma in forum OLD General IT Discussion
    Replies: 6
    Last Post: 01-08-2010, 03:14 PM
  3. PLC/BPL penetration
    By skor78 in forum OLD Newbie Area
    Replies: 1
    Last Post: 07-20-2009, 11:50 PM
  4. Penetration tools?
    By kingwillowviii in forum OLD Newbie Area
    Replies: 3
    Last Post: 07-22-2007, 09:37 PM
  5. Further penetration after cracking WEP key
    By Itssid in forum OLD Pentesting
    Replies: 36
    Last Post: 07-16-2007, 12:01 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •