Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 38

Thread: [NEW TOOL] How to get wifizoo running on backtrack 2

  1. #21
    Junior Member
    Join Date
    Mar 2007
    Posts
    47

    Default

    Well, I have an ipw2200 and have made a little progress, so maybe I can help get you started. Since you have to bring up the rap0 iface as well, perhaps these commands look familiar to you. I'm not to savvy with your exact chipset.

    Here are the commands I use -

    rmmod ipw2200

    modprobe ipw2200 rtap_iface=1

    ifconfig rtap0 up

    In the wifizoo.py I edited line 48 or whatever it is to rtap0.

    This lets me see all the essids and the graphs, but I still havn't been able to capture cookies off my secondary laptop. (I tested my gmail account.)

    Anyone notice what steps I am missing to actually capture data?

    Thanks

  2. #22
    Junior Member
    Join Date
    Mar 2007
    Posts
    47

    Default

    I noticed someone posted that they had to set the proxy in firefox...Also, I havn't tried to set up the channel hopping through kismet. Perhaps this is why I'm not gathering data?

  3. #23

    Default

    you can do the following user17 I tested it with my own laptop that has that same wireless card.

    Code:
    bt ~ # iwconfig
    lo        no wireless extensions.
    
    eth0      no wireless extensions.
    
    wmaster0  no wireless extensions.
    
    wlan0     IEEE 802.11g  Nickname:""
              Mode:Monitor  Frequency:2.417 GHz  Tx-Power=27 dBm
              Retry min limit:7   RTS thr:off   Fragment thr=2346 B
              Encryption key:off
              Power Management:off
              Link Quality:0  Signal level:0  Noise level:0
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    
    
    bt ~ # airmon-ng start wlan0
    
    
    Interface       Chipset         Driver
    
    wlan0                   iwl4965 - [phy0]/usr/local/sbin/airmon-ng: line 338: /sys/class/ieee80211/phy0/add_iface: Permission denied
    mon0: ERROR while getting interface flags: No such device
    
                                    (monitor mode enabled on mon0)
    
    
    bt ~ # airodump-ng wlan0
    
     CH  2 ][ BAT: 2 hours 4 mins ][ Elapsed: 4 s ][ 2007-12-26 11:20
    
     BSSID              PWR  Beacons    #Data, #/s  CH  MB  ENC  CIPHER AUTH ESSID
    
     00:18:39:xx:xx:xx  165        2        0    0   6  48  OPN              linksys
     00:30:BD:xx:xx:xx  183       10        0    0  11  48  OPN              belkin54g
     
    
     BSSID              STATION            PWR   Rate  Lost  Packets  Probes
    
    
    bt ~ # airodump-ng --chanel 6 wlan0
    bt ~ # cd /pentest/wireless/wifizoo/
    bt wifizoo # ./wifizoo.py
    /usr/lib/python2.5/site-packages/Gnuplot/PlotItems.py:88: Warning: 'with' will become a reserved keyword in Python 2.6
    /usr/lib/python2.5/site-packages/Gnuplot/PlotItems.py:89: Warning: 'with' will become a reserved keyword in Python 2.6
    WifiZoo v1.2, complains to Hernan Ochoa (hernan@gmail.com)
    Waiting...
    Launching Web Interface..
    WifiZoo Web GUI Serving HTTP on 127.0.0.1 port 8000 ...
    WifiZoo HTTP Proxy on 127.0.0.1 port 8080 ...
    in my laptop the card is wlan0 witch is the entry in wifizoo.py so I didn;t had to make any modifications, remember the following
    • Wifizoo only works on open networks.

    • Wifizoo uses relative paths in its code so run it in its folder

    • Remember that clients have to be connected to the open network so you can capture info, and only information in the clear can be capture no SSL, SSH or any other encrypted traffic.

    • more information can be found in the log folder in the directory where wifizoo is located such as MSN traffic and general http traffic so check those logs also.

    • ignore the error when running airmon-ng

    • when you identify the target network with airodump-ng kill it with crtl-c and then use the --channel switch to fix the capture to that channel so you will not loose any data do to channel hooping.

    • remember to run airodump-ng in a separate terminal


    I hope all of this helps.

  4. #24
    Junior Member user17's Avatar
    Join Date
    Nov 2007
    Posts
    47

    Smile wifizoo ipw3945

    thanks so much badkarmapr for the information, im gonna try this as soon as i hop on my bt box and will post how it goes.

    UPDATE: So I was able to capture information with your help BadKarmaPR, cookies, everything. My problem was that I had unnecessarily changed the capture device in wifizoo.py. Thanks for all the help.

    Any tips on what to look for in the cookie info to see which one will take me to my other computers gmail account. I am trying to reproduce what I see in the Backtrack 3 teaser without success. I have tried most of the cookie links with no luck.

    One more thing. I'm not sure if this is significant enough to point out but when i start to capture data I get Channel: Unavailable (No PrismHeaders) along with every line of capture.

  5. #25
    Junior Member
    Join Date
    Dec 2007
    Posts
    27

    Default

    Yeah, I have an Atheros chipset as well. I followed the tutorial, but it seems I have the same problem everyone else is having: configration. I supplied a screenshot, and I experimented with different devices and in monitor mode (airmon-ng stop atho, airmon-ng start wifi0). I don't know whether to use wifi0 or ath0, and I have an Atheros chipset as well, with the madwifi drivers of course. Heres a screenshot:

    [IMG]i194.photobucket.com/albums/z23/Fishbones11/Problem.png[/IMG]

  6. #26

    Default

    you need to set as the interface in your script ath0
    Code:
    bt ~ # iwconfig
    lo        no wireless extensions.
    
    eth0      no wireless extensions.
    
    eth1      radio off  ESSID:off/any
              Mode:Managed  Channel:0  Access Point: Not-Associated
              Bit Rate:0 kb/s   Tx-Power=off   Sensitivity=8/0
              Retry limit:7   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:off
              Link Quality:0  Signal level:0  Noise level:0
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    
    wifi0     no wireless extensions.
    
    ath0      IEEE 802.11g  ESSID:""  Nickname:""
              Mode:Managed  Channel:0  Access Point: Not-Associated
              Bit Rate:1 Mb/s   Tx-Power:20 dBm   Sensitivity=1/1
              Retry:off   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:off
              Link Quality=0/70  Signal level=-92 dBm  Noise level=-92 dBm
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    
    bt ~ # airmon-ng stop ath0
    
    
    Interface       Chipset         Driver
    
    wifi0           Atheros         madwifi-ng
    eth1            Centrino b/g    ipw2200
    ath0            Atheros         madwifi-ng VAP (parent: wifi0) (VAP destroyed)
    
    bt ~ # airmon-ng start wifi0
    
    
    Interface       Chipset         Driver
    
    wifi0           Atheros         madwifi-ng
    eth1            Centrino b/g    ipw2200
    ath0            Atheros         madwifi-ng VAP (parent: wifi0) (monitor mode enabled)
    
    bt ~ # cd /pentest/wireless/wifizoo/
    bt wifizoo # vi wifizoo.py
    bt wifizoo # ./wifi
    wifizoo.py   wifizoo.py~
    bt wifizoo # ./wifizoo.py
    /usr/lib/python2.5/site-packages/Gnuplot/PlotItems.py:88: Warning: 'with' will become a reserved keyword in Python 2.6
    /usr/lib/python2.5/site-packages/Gnuplot/PlotItems.py:89: Warning: 'with' will become a reserved keyword in Python 2.6
    WifiZoo v1.2, complains to Hernan Ochoa (hernan@gmail.com)
    Waiting...
    Launching Web Interface..
    WifiZoo Web GUI Serving HTTP on 127.0.0.1 port 8000 ...
    WifiZoo HTTP Proxy on 127.0.0.1 port 8080 ...
    Channel: 11
    bssid=00:30:bd:xx:xx:xx src=00:30:bd:xx:xx:xx dst=01:00:5e:xx:xx:xx
    UDP: 192.168.2.1.1900 -> 239.255.255.250.1900
    Channel: 11
    bssid=00:30:bd:xx:xx:xx src=00:30:bd:xx:xx:xx dst=01:00:5e:xx:xx:xx
    UDP: 192.168.2.1.1900 -> 239.255.255.250.1900
    for the cookies remeber that you need a connection to the web, aconecction that does not has to go thru a proxy so you can set up your browser to use 127.0.0.1 port 8080, remember that cookies have a limited time of validity and that wifizoo only shows the ip so use the http.log to determine the exact website and after setting the cookie go to the site in the last log.

  7. #27
    Junior Member
    Join Date
    Dec 2007
    Posts
    27

    Default

    Thanks, I just don't capture and the browser window does not show any SSIDs when I do this. How do you gain internet connectivity back after? I set my card into monitor mode and I have to reboot. I know that there is a way to get your connectivity back, or create another wireless device.

  8. #28
    Junior Member user17's Avatar
    Join Date
    Nov 2007
    Posts
    47

    Default

    How do you gain internet connectivity back after?
    I have had the problem as well for the ipw3945. Put your card back into managed mode and try to bring the interface down using:

    ifconfig InterfaceNameHere down

    and then back up with:

    ifconfig InterfaceNameHere up...

  9. #29

    Default

    Normally and preferably you will have either an Ethernet connection or a second wireless card connected to the internet to be able to test cookies as you get them. To give an example in the company I work for what we do during assessments is run Linux with Wifizoo in a vm in vmware and use a USB wireless card to do the scanning and capturing, and depending on the client site and what we have available we use an EVDO card for our internet connection, an exposed Ethernet jack on the wall or remove a cable from an unused computer. This helps us test the cookies and loggings we find during the pentest. Most companies have rogue open AP's in one of their sites or offer open guest wireless networks and those are the ones we target. We have been able to get credential to intranet sites, public websites and cookies for web applications, we also use wifizoo to gather client, ssid, bssid and mac addresses for further use in attacks since having a graphical depiction of mac addresses and ssid's helps in documenting during the enumeration phase of a pentest and gives us the base information we need, we tend to do the enumeration during the first hours of the day and after lunch since those yield the best results during enumeration since most people tend to use wireless during those time periods. Does this clear your doubts about about how to set up your self for running wifizoo?

  10. #30
    Junior Member
    Join Date
    Dec 2007
    Posts
    27

    Default

    Yes, I no longer receive an error when using WifiZoo. The only thing is that I can not get a log file to show up, and no information is captured in the browser window. Are you using wifizoo_v1.2?

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •