Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: arpspoof or iptables, something is wrong here!

  1. #1
    Member
    Join Date
    Jan 2010
    Location
    Netherlands
    Posts
    84

    Default arpspoof or iptables, something is wrong here!

    he guys,

    This weekend, I installed Backtrack 5 R1. Now I wanted to play a prank on a guy in my class, who is playing with my class mates internets (redirecting to other sites bla bla bla) now I know that g0tm1lk made a video april fools video, playing with traffic (squid).
    on backtrack 4 this was working great! Now on backtrack 5 I can't get it to work!

    g0tmi1k: [Video] Playing With Traffic (Squid)
    this is the post where I am talking about, now I did everthing there and it all seems to work.... arp my victim is working, but he isn't getting redirected.... Can you guys help me out?

    what to do ?

  2. #2
    Just burned his ISO silentplayer's Avatar
    Join Date
    Jan 2011
    Location
    Karachi, Pakistan
    Posts
    15

    Default Re: arpspoof or iptables, something is wrong here!

    You must have missed some steps or configuration. Can you tell us where are you stuck exactly?

  3. #3
    Member
    Join Date
    Jan 2010
    Location
    Netherlands
    Posts
    84

    Default Re: arpspoof or iptables, something is wrong here!

    well the final part, everything seems to work, so the victim has internet trough my PC (internet) but the victim doesn't get redirected to port 3128 for what I can tell, don't realy know how to test this part....

    so or squid(3) isn't working or my iptables isn't redirecting the users, how can I diagnose what is wrong ?

  4. #4
    Just burned his ISO silentplayer's Avatar
    Join Date
    Jan 2011
    Location
    Karachi, Pakistan
    Posts
    15

    Default Re: arpspoof or iptables, something is wrong here!

    Your victim is able to access website using your proxy server which you just configured? Validate this to make sure the gateway is spoofed.

  5. #5
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: arpspoof or iptables, something is wrong here!

    hi,
    i'm testing now(the g0tm1lk waylay traffic with squid) in bt5r1 32kde(hdd instal) vs xp sp3 (virtualbox eth0 bridge+host)l
    for me work well!!
    i'm using asciiImages.pl
    replaceImages.pl
    flipImages.pl
    blurImages.pl
    these seem to work well !!
    others i've not time for test!!! bye! thanks g0tm1lk!!

  6. #6
    Junior Member
    Join Date
    Jan 2010
    Posts
    29

    Default Re: arpspoof or iptables, something is wrong here!

    Worked fine for me as well.. Have you tried starting with a clean slate all over again..

  7. #7
    Member
    Join Date
    Jan 2010
    Location
    Netherlands
    Posts
    84

    Default Re: arpspoof or iptables, something is wrong here!

    Yes that was the funny part about it lol it was a clean install, dual boot with windows 7 and tested on Backtrack 5 R1 64 bit GNOME. Meby it is a 32 bit error that squid isn't running well on 64 bit ?

    btw: thanks for testing guys!

  8. #8
    Member
    Join Date
    Jan 2010
    Location
    Netherlands
    Posts
    84

    Default Re: arpspoof or iptables, something is wrong here!

    oke after sometesting, and reinstalling backtrack (fresh download of R1 KDE, 32 bits) installed it with a DVD. Installed squid3:
    Code:
    apt-get install -y squid3
    then without any changes to the squid.conf I used: (offcourse my iptables are correct etc.)
    Code:
    arpspoof -i wlan0 -t 10.19.132.150(friend of my) 10.19.132.1(router)
    now he gets redirected to a squid site that there is nothing configured. So I did the following:

    Code:
    kate -> Open: /etc/squid3/squid.conf
    Edit (Line 588): acl localnet src 10.0.0.0/8
    Edit (Line 644): http_access allow localnet
    Edit (Line 868): http_port 3128 transparent
    Still not sure if my acl localnet src is right, because my router is: 10.19.132.1 and my subnet 255.255.254.0, so any suggestions on that?

    but still no problem, getting now a denny messages so it's kinda working.
    then I add:
    Code:
    Add (Line: *end*): url_rewrite_program /root/asciiImages.pl
    and boom, no internet.... then to be sure:
    Code:
    Add (Line: *end*): #url_rewrite_program /root/asciiImages.pl
    I have internet.............. so what is wrong here?
    Last edited by nivong; 10-03-2011 at 10:21 AM.

  9. #9
    Member
    Join Date
    Jan 2010
    Location
    Netherlands
    Posts
    84

    Default Re: arpspoof or iptables, something is wrong here!

    uhm after some testing I used the following command:

    Code:
    iptables -t nat -A PREROUTING -i wlan0 -p tcp --destination-port 80 -j REDIRECT --to-port 3128 -v
    
    REDIRECT  tcp opt -- in wlan0 out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:80 redir ports 3128
    is it normal that it states 0.0.0.0

    this is my ifconfig:
    Code:
    inet addr:10.19.132.103  Bcast:10.19.133.255  Mask:255.255.254.0
              inet6 addr: fe80::21e:65ff:fe24:8cce/64 Scope:Link

  10. #10
    Member
    Join Date
    Jan 2010
    Location
    Netherlands
    Posts
    84

    Default Re: arpspoof or iptables, something is wrong here!

    Uhm after doing some more research on the subject I found out that ettercap, simple filtering isn't working also... some users are reporting that B5R1 is blocking ARP attacks by, I think, blocking ports.... To be precise it's the kernel that B5R1 is using, so will install the R0 (?) version and will test this asap!

    Ps. can somebody confirm this ?

Page 1 of 2 12 LastLast

Similar Threads

  1. Problems regarding arpspoof
    By rmdashrf in forum BackTrack 5 General Topics
    Replies: 0
    Last Post: 08-04-2011, 05:48 PM
  2. arpspoof problem
    By imported_vvpalin in forum OLD Newbie Area
    Replies: 0
    Last Post: 04-26-2009, 06:06 AM
  3. Arpspoof help
    By tntcoda in forum OLD Newbie Area
    Replies: 2
    Last Post: 04-05-2008, 11:34 AM
  4. Arpspoof help
    By darkevil011 in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-17-2007, 11:45 PM
  5. Arpspoof with Ettercap
    By -LoX- in forum OLD Pentesting
    Replies: 0
    Last Post: 05-25-2007, 09:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •