Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: wireless MITM

  1. #1
    Member
    Join Date
    Jun 2008
    Posts
    56

    Default wireless MITM

    hi
    i have a question
    suppose we have a open AP (no encryption)
    and a client associate with this AP ,
    and a " bactrack 4 "in the middle between the AP and the client .

    the BT4 can be a man in the middle between AP and the client WITHOUT connecting to the AP (for example the BT4 make a dns spoofing to google.com
    but when the client connect to google.com the BT4 redirect the client to other site for example his apache server...)
    ((WITHOUT CONNECTING TO THE AP))
    thanks...

  2. #2

    Default

    Quote Originally Posted by samer View Post
    hi
    i have a question
    suppose we have a open AP (no encryption)
    and a client associate with this AP ,
    and a " bactrack 4 "in the middle between the AP and the client .

    the BT4 can be a man in the middle between AP and the client WITHOUT connecting to the AP (for example the BT4 make a dns spoofing to google.com
    but when the client connect to google.com the BT4 redirect the client to other site for example his apache server...)
    ((WITHOUT CONNECTING TO THE AP))
    thanks...
    ...and your question based on this statement is?

  3. #3
    Member
    Join Date
    Jun 2008
    Posts
    56

    Default

    my question is :
    we can make a wireless MITM without connecting to the AP ?

  4. #4

    Default

    we can make a wireless MITM without connecting to the AP ?
    Another statement, but I will assume that English is not your primary language.
    Let's try it this way:

    can we make a wireless MITM without connecting to the AP ?
    Yes. If not connecting to the existing AP is a requirement, you will need to create your own rogue AP and force the client to connect to it. There is an active thread on this subject in the BT3 Howto section.

  5. #5
    Member
    Join Date
    Jun 2008
    Posts
    56

    Default

    this scenario can be done: (without creacting a rogue AP)
    i put my wifi in monitor mode i capture packet for a specific mac
    and i use airtun-ng ,to create a at0 interface and i direct this interface to wireshark ,ettercap... (or other tools that can modify packets) .then i re-inject the new output packet created into the AP or the client ??
    (assuming that the BT4 is not far from the AP)
    physically like this:
    AP-------------------BT4----------------------client

  6. #6
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Well somehow you have to connect to the AP else how do you think you could send anything through it?

    The little "picture" is contradicting the text you wrote above it. In the end you want to send the packets through the original AP so you have to connect to it in some way.
    Tiocfaidh ár lá

  7. #7
    Member Vagabond's Avatar
    Join Date
    Feb 2010
    Posts
    50

    Default

    @samer: yes..sniffing traffic withouht being connected can be done the way you descibed it..try also dsniff, and the other ones on your tab interface !

    Reinjection i never tried..if you have any news on this, i´m glad to hear from you !

  8. #8
    Member
    Join Date
    Jun 2008
    Posts
    56

    Default

    i have mentioned about the picture that:
    this is the PHYSICAL location.(i mean that the BT4 is more near to the AP compared to the CLIENT).

    about the NO direct connection with the AP (i mean the BT4 DON'T make
    iwconfig wlan0 essid ...
    iwconfig wlan0 key ...
    dhclient wlan0)
    :
    can we use aireplay-ng to re-inject our captured packet after modifying it??(in this scenario we should be more quickly by sending the packet to the AP compared to the client .)
    I DON'T mean modifying all the packets captured only few of them .

  9. #9
    Senior Member Shatter's Avatar
    Join Date
    Jan 2010
    Posts
    192

    Default

    I think he means whether its possible to setup BT4 in a way to act as a real access point, but bt4 itself isn't really connected to the internet (wired nor wireless). Instead, it uses its own internal apache server to provide the HTTP content based on the DNS query (eg www.google.com) to users that associated to this fake AP and would like to surf online.
    I have the card in me head, but you have the memory problems?

  10. #10
    Member
    Join Date
    Jun 2008
    Posts
    56

    Default

    all what i am trying to say is :

    i want to use only these tools:
    aireplay-ng
    airodump-ng
    airtun-ng
    wireshark
    ettercap

    i DON'T want to create a FAKE AP with airbase-ng .
    ONLY i want to capture packets with airodump-ng ,modifying it with ettercap THEN RE-INJECTING it (the new modified packet) with aireplay-ng
    this can be done??

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •