sslstrip w/ My Wired-Wireless Network

[MassAppeal]

I have the following setup works


# Victim
[My Laptop@10.0.0.2] < ---- > [My PC@10.0.0.1 & Gateway@10.0.0.138]

Works fine running sslstrip & bt4 vm on my pc as the attacker on my eth0 interface.

What im finding difficult is this setup, it effectively DoS attacks my router.

# Victim on XP [My Laptop@10.0.0.2]
>>>>>>>>>>>>>>>>>>>>>>> [Gateway@10.0.0.138]
# bt4 VMware [My Laptop@10.0.0.4]


- Victim on XP is connected to the gateway on my 1490 Mini WLAN Card.
- bt4 VMware is using my ALFA'36H to connect to the gateway, so both wireless.

arpspoof between XP@10.0.0.2 & Gateway@10.0.0.138 with interface wlan0 works. But as soon as i do the iptables i effectivly DoS the router and the victim cannot surf the net, so the attack becomes useless.

Code:

 iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

So all im left with is a forum post from remote exploit i found the other day i cannot find again which breifly mentioned not needing sslstrip to do an attack like this because it is only encrypted with wpa/wep not ssl yet and that i can just run airdecap-ng to take off the encryption.

So how can i get this working using either method.

And going back to my original scenario with 1 client. If i reversed roles and used bt4 vmware on the laptop would i be able to do this sslstrip attack on the PC? or is it only limited to being ran from the wired side of the network?

[MassAppeal]

Anyone =[ ?

[Mr-Protocol]

Was the arp spoof successful? Did traffic flow normally without running ssl strip through your "attacking" pc (can use wireshark to verify)? At times when I played with Cain and Abel, it would only do a "one way" spoof because it couldn't complete it. Whether it be windows firewall or the router's firewall or other router/gateway settings that are hindering the arp poison.

And going back to my original scenario with 1 client. If i reversed roles and used bt4 vmware on the laptop would i be able to do this sslstrip attack on the PC? or is it only limited to being ran from the wired side of the network?

Not sure how your wireless router/gateway handles the wireless side. It might put it the wireless on it's own little vlan and not allow it to talk to the rest of the network?

I just got a setup working with a Fonera router with Jasager installed (which is basically karma/karmetasploit) which is wired to my laptop and then the laptop connects to an AP wirelessly. All traffic of clients to the Fon goes through the BT4 laptop which I can run SSL Strip just fine.

[trellis]

Stupid question: are you poisoning both caches? gw - target + target - gw

[MassAppeal]

im running this arpspoof command, same as i did for eth0 on my wired side.

Code:

arpspoof -i wlan0 -t <targetIP> <GatewayIP>

[trellis]

You have to run it twice, one for gw->client, one for client->gw.

[MassAppeal]

Ahh thank you very much, i will try that and see how i go.

[MassAppeal]

Yep, the arp poisoning both ways is what did the trick for me. Thanks.

[Snayler]

Ettercap already does arp poisoning both ways. I advice to try it.

[MassAppeal]

Yea i gave ettercap a go and it wouldnt do it for me either, even though it has similar setup as cain & abel i stilll couldnt get it working that way.