Page 4 of 9 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 88

Thread: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

  1. #31
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Thumbs up Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    IMPORTANT This post only applies to airssl 1.0, ignore this post if using 2.0


    Using the rtl8187 driver may be so slow that addresses arent even handed out, to check if this applies to you simply issue
    Code:
    airmon-ng
    if you can now see rtl8187 try flipping over to r8187.
    Code:
    kate /etc/modprobe.d/blacklist
    Now at the bottom hash the r8187 driver (add a # with no space, i.e. #r8187), and beneath it add "rtl8187", without quotes, this will blacklist the rtl8187 driver and use the r8187 driver. Below is an example
    Code:
    blacklist snd_pcsp
    blacklist rt73
    blacklist ath_pci
    #blacklist r8187
    blacklist rtl8187
    Now save the file and close.
    Now remove you device/s that were using the rtl8187 driver and enter the commands below before plugging it back in.
    Code:
    modprobe -r rtl8187
    modprobe r8187
    Now when you issue
    Code:
    airmon-ng
    you should see the device is now using the r8187 driver instead.
    The r8187 driver is much much better for internet use, than the rtl8187, also now if you choose to, (do not hold me responsible for any damages or any legality issues), you may turn on high power mode by issuing
    Code:
    iwpriv "dev" highpower 1
    you may now use iwconfig to boost power up to it`s maximum by issuing
    Code:
    iwconfig "dev" txpower 35
    "dev" of coarse being the name of the device using the driver i.e. wlan0

    I see alot of people complaining about MITM attacks being slow, or sslstrip slowing down the network, well I can use 2 alfa awus036h for this attack, and connected clients can browse at full speeds using the r8187 driver. Give this a go and tell me if anything improves, also you may want to fire up the script, get to the end of it and then choose y, to make airssl clean up, after that try running it again in exactly the same way, sometimes this works for me, if the script plays up.
    Last edited by killadaninja; 11-20-2010 at 06:49 AM.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  2. #32
    Just burned their ISO
    Join Date
    Jul 2010
    Posts
    23

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Now it really works great now

    Thanks a lot

  3. #33
    Senior Member MikeCa's Avatar
    Join Date
    Jan 2010
    Location
    DC
    Posts
    129

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    I did a fair bit of experimenting with this script today and here are my experiences.

    If you are running module rtl8187 then you need to add the bit where you start airmon-ng and change fakeap_interface to mon0. This is because when wlan0 (the wifi device that creates the fake ap) goes into monitor mode it creates a new device called mon0. If you are running r8187 then this device is not created: wlan0 goes into monitor mode, no new devices are created.

    There is some outstanding issue with blank network names being created. On a macbook with a wifi dongle the network appeared with no name, but I was able to connect, get an IP address and everything worked. With my iPhone I can actually see the network named properly but I can not get an IP address. On a Windows XP machine the name is corrupted, usually it never shows up but sometimes the name appears as a series of boxes. If this happens then I can connect and get an IP address. So there appears to be an issue with creating the fake AP. I wonder if it is related to the -y switch in airbase-ng. There seems to be some discussion around the Internet about this, I could not get it to make a difference though with a lot of experimenting.

    I am using the r8187 module, a alfa for the fake AP, and using eth0 for the Internet connection.

  4. #34
    Junior Member
    Join Date
    Aug 2010
    Posts
    48

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Hello,

    I have been playing with this script and tryint to get it to work with my rtl8187. I followed the tut in the post a couple of posts up, in regards to blacklisting the RTL8187 and using the r8187 instead.

    The process was sucesfull but the output was not. All wireless connections then shows a -1% strength within Wcid.

    I believe this may be the key to unlocking a consistant internet connection with the RTL8187, so if anyone can give me a hand it would be great. My internet connections are so rediculous sometimes that it makes me want to pull my hair out.

    I am running Backtrack 4 R1 and a RTL8187 wlan chipset which has no problems injecting packets into networks on the brink of its wifi coverage. I find it to be strange.

  5. #35
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    IMPORTANT This post only applies to airssl 1.0, ignore this post if using 2.0



    Quote Originally Posted by RexBudman View Post
    Hello,

    I have been playing with this script and tryint to get it to work with my rtl8187. I followed the tut in the post a couple of posts up, in regards to blacklisting the RTL8187 and using the r8187 instead.

    The process was sucesfull but the output was not. All wireless connections then shows a -1% strength within Wcid.

    I believe this may be the key to unlocking a consistant internet connection with the RTL8187, so if anyone can give me a hand it would be great. My internet connections are so rediculous sometimes that it makes me want to pull my hair out.

    I am running Backtrack 4 R1 and a RTL8187 wlan chipset which has no problems injecting packets into networks on the brink of its wifi coverage. I find it to be strange.
    using the r8187 module will cause this to happen, it`s just an error in the pwr reading in wicd, if you fire up airodump-ng you will see all is well.




    Quote Originally Posted by MikeCa View Post
    I did a fair bit of experimenting with this script today and here are my experiences.

    If you are running module rtl8187 then you need to add the bit where you start airmon-ng and change fakeap_interface to mon0. This is because when wlan0 (the wifi device that creates the fake ap) goes into monitor mode it creates a new device called mon0. If you are running r8187 then this device is not created: wlan0 goes into monitor mode, no new devices are created.
    The reason why I do not want to hard code mon0 into the script is because, What if someone is using mon0 for something else?, i.e. internet connection, a 3rd card doing something else etc etc, it would cause more problems than it would be worth.

    I do however strongly advise against using this script with an RTL8187 chipset based dongle, running the RTL8187 driver. Please refer to POST 31.
    Also, this is why I mention cleaning up and restarting the script, the problem should be eliminated the second go round, i have a little idea on how to fix this problem without causing mess, ill do it soon as I get a moment.


    Quote Originally Posted by RexBudman View Post
    There is some outstanding issue with blank network names being created. On a macbook with a wifi dongle the network appeared with no name, but I was able to connect, get an IP address and everything worked. With my iPhone I can actually see the network named properly but I can not get an IP address. On a Windows XP machine the name is corrupted, usually it never shows up but sometimes the name appears as a series of boxes. If this happens then I can connect and get an IP address. So there appears to be an issue with creating the fake AP. I wonder if it is related to the -y switch in airbase-ng. There seems to be some discussion around the Internet about this, I could not get it to make a difference though with a lot of experimenting.

    I am using the r8187 module, a alfa for the fake AP, and using eth0 for the Internet connection.
    The corrupt beacons/ESSID problem is a fault of airbase-ng with certain drivers, I think the reason ESSID`s get truncated is something to do with generation of probe responses, I have not looked at the script yet, should I go and fix airbase-ng up to make AIRSSL that little bit better?
    Last edited by killadaninja; 11-20-2010 at 06:50 AM.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  6. #36
    Senior Member MikeCa's Avatar
    Join Date
    Jan 2010
    Location
    DC
    Posts
    129

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Excuse me if I mis-read but I am sensing a bit of hostility in your response.

    1) I agree you shouldn't hard code mon0 into the script, especially when it is caused by using rtl8187. I repeated it only to show what I saw not to stress that you should be doing something about it.

    2) Yea, rtl8187 stinks, don't use that thing.

    3) No, you shouldn't necessarily fix airbase-ng, but this thread is populated with quite a few people having issues so further discussing our findings should be useful discussion. We might be seeing the same issue as has been reported to aircrack-ng (http://trac.aircrack-ng.org/ticket/535)

    Mike

  7. #37
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Quote Originally Posted by MikeCa View Post
    Excuse me if I mis-read but I am sensing a bit of hostility in your response.

    1) I agree you shouldn't hard code mon0 into the script, especially when it is caused by using rtl8187. I repeated it only to show what I saw not to stress that you should be doing something about it.

    2) Yea, rtl8187 stinks, don't use that thing.

    3) No, you shouldn't necessarily fix airbase-ng, but this thread is populated with quite a few people having issues so further discussing our findings should be useful discussion. We might be seeing the same issue as has been reported to aircrack-ng (#535 (airbase-ng doesn't send correctly beacons with r8187))

    Mike
    Mike sorry you felt some hostility from me, the post contained none what so ever, I totally agree to and welcome any input to the thread, TY. Was just trying to answer your questions directly, maybe you thought the third part was sarcastic, well i was actually being serious maybe ill take a look at airbase and see whats causing this problem and see if i can include the fix in AIRSSL
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  8. #38
    Just burned his ISO
    Join Date
    Aug 2010
    Posts
    1

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Hi killadaninja, first of all, thanks for making this script.
    However, I've run into some troubles.

    The client can't get an IP address.

    Here's my config
    Router: Netgear (dhcp enabled)
    interface connected to internet : eth0 wired
    fakeap interface : wlan0 (mon0, I added the two lines from a post in this thread)

    Client : alfa 036h, win7
    Attacker : agn 4965 on my laptop

    GW: 192.168.1.1
    I had some trouble with : access denied (*)/dh..pid. Fixed by chmodding /var/usr


    Outputs:
    DHCP :
    DHCPDISCOVER from {client mac} at at0
    DHCPOFFER on 10.0.0.20 to {client mac} (cod9-PC) via at0
    Sometimes I get ...at0 : wrong network in DHCP window.

  9. #39
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    22

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    killadaninja,

    I tried your script with a internal broadcom b43 and usb awus036h rtl8187, it didn't work.

    I tried the rtl8187 mod in post 31. Then it all worked with no problems.

    Question is, does the rtl8187 mod apply only to your script? or does it apply in general to all BT4 apps?

    I never had to modify it before, and with the mod, my wicd power levels show -1

    Its not a big deal, but just wondering...

  10. #40
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default Re: NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh

    Quote Originally Posted by bbford View Post
    killadaninja,

    I tried your script with a internal broadcom b43 and usb awus036h rtl8187, it didn't work.

    I tried the rtl8187 mod in post 31. Then it all worked with no problems.

    Question is, does the rtl8187 mod apply only to your script? or does it apply in general to all BT4 apps?

    I never had to modify it before, and with the mod, my wicd power levels show -1

    Its not a big deal, but just wondering...
    I think ill edit the script to write a temp blacklist and use the r8187 driver, I didn't initially want to do this, but it seems it will benefit the majority. Rtl8187 module is fine for injection, but no good for surfing.
    Last edited by killadaninja; 08-31-2010 at 02:00 PM.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

Page 4 of 9 FirstFirst ... 23456 ... LastLast

Similar Threads

  1. Replies: 44
    Last Post: 04-08-2011, 02:30 AM
  2. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  3. sslstrip with ettercap or airspoof not capturing password
    By danielgc in forum OLD BackTrack 4 General Support
    Replies: 3
    Last Post: 08-29-2009, 10:29 PM
  4. Capturing passwords on a big LAN!
    By dxi5t in forum OLD Pentesting
    Replies: 5
    Last Post: 06-10-2008, 05:05 PM
  5. Wifiopn-cap: automated OPN Network capturing script
    By teknecal in forum OLD Tutorials and Guides
    Replies: 2
    Last Post: 04-21-2008, 01:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •