Soft AP / Phishing Script [Release]

[VulpiArgenti]

I'm not intending to upgrade my main rig, so I can't comment yet. I'll have a play with R3 in a VM and get back to you in a few days. Do you think this is a specific problem with the script, or a general problem with dhcp3-server ie does dhcp work when you run it manually?

[parrotface]

dhcp3-server won't run manually either. Not tried it in VM.

[lokitround1]

having an issue, or i'm just incredibly stupid (most likely the latter) probably an easy fix.

trying to start an ap (ie; free public wifi) to capture usernames and passwords that are put into the fields of the given HTML page.

WITHOUT giving internet access.

I go on my test machine, connect, and then i try going to a url (google, or anything else)

I get nothing, as if there is no internet connection

What am i doing wrong?

if you guys can help me with this, ill write somthing that auto re-sizes all of the 9999 terminals that pop up to match your resolution

along with a GUI if you guys want

Thank you in advance!

what i do
1. selection : (simple web server)
2.no, i would not like to give internet access
3.i put in my interface (wlan1, random macs)
4. no, i do not want to find target channel?
- why would this be important for what im doing? any channel will show up when looking for a wifi hotspot. im not trying to emulate being a pre-set one.
5.i choose (bullseye), to make my ESSID "Free Public wifi"

now,

6. i select the directory "hotspot_3" (the one provided)
7. Asks me if i want "all adresses" or "use custom host file" , i press all adresses
8. Do you want to tail credentials? "no"

says "web server attack is running"

[vsboost]

Is it normal when you tail sslstrip.log the window pops up for half a second and disappears?

[parrotface]

The DHCP problem seems to be with the /tmp/dhcpd.conf line 10 unexpected end of file.
the last part of the dhcpd.conf is as follows:-


subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.255
option routers 192.168.0.1;
option domain-name-servers ;
}

[VulpiArgenti]

@lokitround1

You appear to be setting appropriate options, but the client is not seeing the hotspot webpage, correct?
There are many steps involved in this process, and I need you to narrow down the possible sources of error.
First, check you can see the hotspot page when you browse to localhost on the attacking machine.
Next check the victim has an IP address, and his DNS requests are showing up in the dnsspoof eterm.
If this is all good, then you are probably confounded by dns-cacheing: see post #96

[VulpiArgenti]

Is it normal when you tail sslstrip.log the window pops up for half a second and disappears?

No.

This suggests sslstrip is not running. Have you installed it properly with install.py? (read the script for more details)

[VulpiArgenti]

Hi parrotface,

The script is not reading your nameserver from your home network. This usually fails if you don't have a local nameserver (eg 10.1.1.1), and use a remote server such as google.
There are a few posts discussing this eg #51, #103, #104.
You can setup a local nameserver as a workaround. At some point I will re-write the parsing of /etc/resolv.conf to fix this issue.

[vsboost]

No.

This suggests sslstrip is not running. Have you installed it properly with install.py? (read the script for more details)

tried to run ./setup.py in sslstrip directory, this failed but running "python /pentest/web/sslstrip/setup.py install" seemed to have configured it, however the sslstrip tail still disapears after half a second.

[VulpiArgenti]

Is sslstrip running? If not, can you start it manually? Does /root/sslstrip.log exist?