NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

[lonypny]

this script needs work. at0 interface is hardcoded everywhere

[lonypny]

actually, my bad. at0 is made by airbase.
Nevermind.

Script works, I added

airmon-ng stop mon0
airmon-ng stop $fakeap_interface

after iptables --table nat --delete-chain

[alex88]

I'm trying this script on ubuntu, i think there are no differences, dhcp started manually says it can't read the config file, i've tried to make it 777 but same error, permission denied..any clue?

[eeveeayen]

I'm trying this script on ubuntu, i think there are no differences, dhcp started manually says it can't read the config file, i've tried to make it 777 but same error, permission denied..any clue?

I believe you are referring to the /var/run/dhcpd.pid file. Try setting the permissions on the /var/run folder.

[killadaninja]

Linux flavor should not matter, providing the other modules can be called. The script forcefully creates a working directory to use then writes its own dhcpd conf file, it should (and does for me) work fine with the permission denied error.

this script needs work. at0 interface is hardcoded everywhere

Hi, nice script, however i had to add two lines to get it to work for me (red text is the new line)

read -e internet_interface
echo -n "Enter your interface to be used for the fake AP, for example wlan1: "
read -e fakeap_interface
echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
read -e ESSID

airmon-ng start $fakeap_interface
fakeap_interface="mon0"

might help someone else having trubble with it

Does airbase-ng not create a virtual dev itself?
Anyhow thanks for the contribution hopefully it helps more users, however I dont think the script should be changed, because changing the fakeap_interface variable to a constant, that being mon0, will cause other problems, ie when mon0 is not what is created.

UPDATE AIRSSL 2.0 now uses the rtl8187 driver and thus uses mon0, it would be a smart idea to make sure mon0 is being used solely for this script and doesn't have much else going on.

[{LCD}STELIOS]

When I run it every thing initiates but the fake AP essid is hidden?
I get this error message when DHCP starts
Can't create PIDfile /var/run/dhcpd.pid: permission denied.
Also does the etter.conf file have to be default or with the comments removed?
Thanks.

[JoniBrook]

Hi, i just want to start by saying thank you killadaninja for making such a nice script, however, i'm having some trouble acquiring an ip address on my 'victim' machine and it ends up giving me limited or no connectivity here is what i am running.

Code:

root@bt:~# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0
root@bt:~# ./airssl.sh

AIRSSL 1.0 - killadaninja

Enter the networks gateway IP address, for example 192.168.1.254: 192.168.0.1
Enter your interface thats connected to the internet, for example wlan0: eth0
Enter your interface to be used for the fake AP, for example wlan1: wlan0
Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: Test
[+] Configuring FakeAP....

Airbase-ng will run in its most basic mode, would you like to
configure any extra switches, choose n if your are unsure... y or n
n

[+] Starting FakeAP...
[+] Configuring forwarding tables...
[+] Setting up DHCP...
[+] Starting sslstrip...
[+] Configuring ettercap...

Ettercap will run in its most basic mode, would you like to
configure any extra switches for example to load plugins or filters,
(advanced users only), if you are unsure choose n, y or n
n

[+] Starting ettercap...

[+] Driftnet?

Would you also like to start driftnet to capture the victims images,
(this may make the network a little slower), y or n
n



[+] Activated...
Airssl is now running, after victim connects and surfs, their credentials
will be displayed in ettercap. You may use right/left mouse buttons
to scroll up/down ettercaps xterm shell, ettercap will also save its output
to /pentest/wireless/airssl/passwords unless you stated otherwise.
Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata

[+] IMPORTANT...
After you have finished please close airssl and clean up properly by hitting y,
if airssl is not closed properly ERRORS WILL OCCUR

Thanks in advance

Jonathan

[killadaninja]

When I run it every thing initiates but the fake AP essid is hidden?
I get this error message when DHCP starts
Can't create PIDfile /var/run/dhcpd.pid: permission denied.
Also does the etter.conf file have to be default or with the comments removed?
Thanks.

I cannot understand, after having a quick look, why the fake AP essid would be hidden, makes no sense.
Has for PID files, there useless imho and, at least in this circumstance, definitely not needed.
etter.conf should be default, I have added this to my original post thank you.

Hi, i just want to start by saying thank you killadaninja for making such a nice script, however, i'm having some trouble acquiring an ip address on my 'victim' machine and it ends up giving me limited or no connectivity here i what i am running.

Thanks in advance

Jonathan

Is the victim a virtual machine? If victim is a physical box then what O.S is it running, if it is windows then run the script and connect as usual, whilst all is up and running on the linux machine do an "ifconfig", and on the win box do a "ipconfig /all" and print both results here, so we can see whats going on.
Thank you for taking the time to say thanks.

PS you etter.conf is original correct? maybe you altered your etter.conf to tell it to ipforward?

[ntheother]

Hello,

I have been able to set it up and get it to work at home. However when I'm trying to show a demonstration to my students in the lab, I am not able to access to the internet from the client laptop.

I tried removing the line:

Code:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

I am still unable to access the internet. And when I sniff the network with wireshark I get an ICMP packet right after the DNS query that looks like this:

Code:

Source            Destination         Protocol      Info
10.0.0.28         10.0.0.1            DNS           Standard query A google.com
10.0.0.1          10.0.0.28           ICMP          Destination Unreachable (Port unreachable)

I've searched around and found different iptables forwarding options which seem to bypass this issue:

Code:

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
iptables -X
iptables -F
iptables -A FORWARD -i wlan0 -o eth0 -m state --state NEW -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

from: http://www.backtrack-linux.org/forum...lan0-eth0.html

This allowed me to connect to the fake access point and get transparent access to the internet. However, sslstrip did not work obviously since it monitors port 10000.

I have tried sslstrip to monitor port 443 but that did not work either. I'm sure there is something I am missing. I'm not very well versed in iptables where I think the problem could be (and where it could be fixed).

Is there a way to get sslstrip to work with this iptables set up? Or do you recommend I bridge at0 and wlan1 (internet access device) as an alternate solution (if that would even work)?

[ffix410]

Everythings works exepted for the DHCP, i added the two lines in the script, and still can't get an ip.
If i look at the pakets traffic in the wireless settings, i can see that it's recieving anything ...

Even if the dhcp serv seems to send him an ip.

My router is a Netgear also set to be a dhcp. may it cause troubles ?

Can someone help me ?

Thanx