easy-creds 3.3-BT5 Released

[ericmilam]

I'm jealous
Joke apart, congrats man ! You deserve it

Thanks man...still a little bit of work to do on it. Need to add some deauth options for the AP stuff. Also, need to get ettercap ironed out...which is slow going since I dont know c.

[comaX]

Yeah, I saw ettercap getting crazy one or two times when working along sslstrip, that's pretty ugly ! Fortunately, I don't have much problems using the two together. The famous errors happened only once when doing DNS spoofing with ettercap (which for some reason is much more reliable than dnsspoof...)

Good luck !

[mfilter]

Eric..luv your script but i got an error at ettercap windows

SEND L3 ERROR: 40 byte packet (0800:06) destined to 7613.15.54 was not forwarded

i already set echo 1 > /proc/sys/net/ipv4/ip_forward

please help...

when i visiting a https site the pop-up come "unsecure bla...bla..bla.. do you want to continue...."


please help...i really like the script

good job mate

[ericmilam]

Yeah...this is a known issue with the latest kernel 2.6.39 that is on BT5R1. Everything still works, but those errors are annoying. There is another post on here (SSLStrip not playing nice with Ettercap in BT5R1) where I've asked others for input or suggestions. As far as I can see, everything still works fine, but the errors are annoying.

The insecure for 443 sites is normal. It's because the certificate you're presenting is not a valid certificate for the site. That's normal for any arp poisoning tool. (i.e. Cain, etc) If the user acepts the cert, then all traffic is encrypt/decrypted with your cert so you can see/read everything.

The script does the echo 1 function so you don't have to.

Thanks for the kudos, working on AP DoS for the wireless options.

Happy hunting,
Eric

[mfilter]

Erick,

Thank you very much for the explanation... keep it going

at the URL Snarf window, the script capture all my internet source eth0 not the at0 data...

[ericmilam]

Erick,

Thank you very much for the explanation... keep it going

at the URL Snarf window, the script capture all my internet source eth0 not the at0 data...

I'll look into that...I believe it captures everything for those ports. I never reanalyzed it for the wireless function. It should catch all data across ethx or wlanx, whatever you set up as your nic connected to the internet.

Like I said...I'll see if I can't specify it grab at0 for the wireless options.

Thanks again!

[ericmilam]

Erick,

Thank you very much for the explanation... keep it going

at the URL Snarf window, the script capture all my internet source eth0 not the at0 data...

Item fixed, coded so that if $wireless == 1 then use $TUNIFACE value instead of $IFACE value

Will be out in v3.6. Trying to get it all done before I demo at Derbycon.

Thanks,
Eric

[destro23]

quick question.. if i have client isolation up and running on my wireless lan... it successfully stops me from arpspoofing my VM's and using nmap to find anything other then the router... would the next best thing to do is just spoof my ap with EvilTwin? have it boot everyone off the AP and then try and sniff the vm's?

[ericmilam]

quick question.. if i have client isolation up and running on my wireless lan... it successfully stops me from arpspoofing my VM's and using nmap to find anything other then the router... would the next best thing to do is just spoof my ap with EvilTwin? have it boot everyone off the AP and then try and sniff the vm's?

Absolutely, isolation encrypts the transmission of each client, etc so you don't see anyone but the gateway.

You can then do a few things:
Set up a fake AP with the same ESSID as the victim AP and see if someone connects.
Set up an eviltwin to see if someone connects, but if they are already connected to the victim AP, they won't just hop over to yours.

I'm testing easy-creds 3.6, hoped to have it done by Derbycon, but I still have a few bugs and functionality to fix first. e-c 3.6 includes MDK3, so when you set up your fake AP attack, you can then use MDK3 to DoS clients (deauths them from the BSSIDS you give it)

Right now, it'll pop airodump for 5 mins, show you the ESSIDS its found, you select one and it build a black list and MDK3 deauths all clients from the BSSIDs in the black list. The hopes are that they will connect to you either automatically, or manually.

I've also coded in a last man standing which will whitelist your BSSIDs and deauth's everything else it can reach.

[tuxnator]

ericmilam, have you thought about changing the easy-creds to save the pcap file in order to make possible more in-depth analysis?