BeNe
2016-10-02, 17:41
Hi Security Folks,
i have some problems with my setup: Nethunter + Pineapple Nano + Bettercap. I want to use bettercap or mitmf on the Nethunter - but had no luck so far.
Bettercap doesn´t proxying HTTP and HTTPS only some sites. DNS requests are coming through bettercap but nothing happens.
In this example i opened "web.de" and "google.com" - but get no output on the client -> time out.
| |__ ___| |_| |_ ___ _ __ ___ __ _ _ __
| '_ \ / _ \ __| __/ _ \ '__/ __/ _` | '_ \
| |_) | __/ |_| || __/ | | (_| (_| | |_) |
|_.__/ \___|\__|\__\___|_| \___\__,_| .__/
|_| v1.5.8
http://bettercap.org/
[I] Starting [ spoofing:✘ discovery:✘ sniffer:✔ tcp-proxy:✘ http-proxy:✔ https-proxy:✔ sslstrip:✔ http-server:✘ dns-server:true ] ...
[D] NETSTAT:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.16.17.254 0.0.0.0 UG 0 0 0 wlan0
172.16.17.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
172.16.42.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[D] ifconfig eth0
[D] Using ifconfig
[D] Linux ifconfig eth0:
["eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500", "inet 172.16.42.42 netmask 255.255.255.0 broadcast 0.0.0.0", "ether 00:c0:ca:90:d3:65 txqueuelen 1000 (Ethernet)", "RX packets 466 bytes 29203 (28.5 KiB)", "RX errors 0 dropped 0 overruns 0 frame 0", "TX packets 0 bytes 32162 (31.4 KiB)", "TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0"]
[D] Preloading hardware vendor prefixes ...
[I] [eth0] 172.16.42.42 : 00:C0:CA:90:D3:65 / eth0 ( ALFA )
[D] ----- NETWORK INFORMATIONS -----
[D] network = 172.16.42.0 ( 172.16.42.0 -> 172.16.42.255 )
[D] gateway = 172.16.17.254
[D] local_ip = 172.16.42.42
[D] --------------------------------
[D] Spoofing disabled.
[D] PacketQueue worker started.
[D] PacketQueue worker started.
[D] PacketQueue worker started.
[D] PacketQueue worker started.
[D] Probing 172.16.17.254 ...
[D] Probing 172.16.17.254 ...
[I] [GATEWAY] 172.16.17.254 : ( ??? )
[W] WARNING: Both HTTP transparent proxy and URL parser are enabled, you're gonna see duplicated logs.
[D] RESPONSE LINE: 'HTTP/1.1 200 OK'
[D] RESPONSE LINE: 'Connection: close'
[D] RESPONSE LINE: 'Content-Length: 558'
[D] RESPONSE LINE: 'Content-Type: image/x-icon'
[D] RESPONSE LINE: ''
[I] [DNS] Starting on 172.16.42.42:5300 ...
[I] [SSL] Loading HTTPS Certification Authority from '/root/.bettercap/bettercap-ca.pem' ...
[D] Redirecting TCP traffic from *:53 to 172.16.42.42:5300
[I] [HTTPS] Proxy starting on 172.16.42.42:8083 ...
[I] [HTTP] Proxy starting on 172.16.42.42:8080 ...
[D] Redirecting UDP traffic from *:53 to 172.16.42.42:5300
[D] Redirecting TCP traffic from *:80 to 172.16.42.42:8080
[D] Redirecting TCP traffic from *:443 to 172.16.42.42:8083
[D] Starting sniffer ...
[D] Loading parser SNMP ( BetterCap::Parsers::SNMP ) ...
[D] Loading parser SNPP ( BetterCap::Parsers::Snpp ) ...
[D] Loading parser WHATSAPP ( BetterCap::Parsers::Whatsapp ) ...
[D] Loading parser DHCP ( BetterCap::Parsers::DHCP ) ...
[D] Loading parser COOKIE ( BetterCap::Parsers::Cookie ) ...
[D] Loading parser NNTP ( BetterCap::Parsers::Nntp ) ...
[D] Loading parser RLOGIN ( BetterCap::Parsers::Rlogin ) ...
[D] Loading parser NTLMSS ( BetterCap::Parsers::NTLMSS ) ...
[D] Loading parser CREDITCARD ( BetterCap::Parsers::CreditCard ) ...
[D] Loading parser PGSQL ( BetterCap::Parsers::PgSQL ) ...
[D] Loading parser URL ( BetterCap::Parsers::Url ) ...
[D] Loading parser DICT ( BetterCap::Parsers::Dict ) ...
[D] Loading parser MYSQL ( BetterCap::Parsers::MySQL ) ...
[D] Loading parser HTTPAUTH ( BetterCap::Parsers::Httpauth ) ...
[D] Loading parser IRC ( BetterCap::Parsers::Irc ) ...
[D] Loading parser MAIL ( BetterCap::Parsers::Mail ) ...
[D] Loading parser POST ( BetterCap::Parsers::Post ) ...
[D] Loading parser FTP ( BetterCap::Parsers::Ftp ) ...
[D] Loading parser REDIS ( BetterCap::Parsers::Redis ) ...
[D] Loading parser HTTPS ( BetterCap::Parsers::Https ) ...
[D] Loading parser MPD ( BetterCap::Parsers::Mpd ) ...
[D] Loading parser TEAMVIEWER ( BetterCap::Parsers::TeamViewer ) ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] [DNS] Received Resolv::DNS::Resource::IN::A request for easylist-downloads.adblockplus.org ...
[D] [172.16.42.1 > DNS] Received request for 'easylist-downloads.adblockplus.org' -> upstream DNS
[D] [DNS] Received Resolv::DNS::Resource::IN::AAAA request for easylist-downloads.adblockplus.org ...
[D] [172.16.42.1 > DNS] Received request for 'easylist-downloads.adblockplus.org' -> upstream DNS
[172.16.42.167 > 78.46.27.186:https] [HTTPS] https://filter22.adblockplus.org./
[D] Spoofing 2 targets ...
[172.16.42.167 > 148.251.12.230:https] [HTTPS] https://filter49.adblockplus.org./
[172.16.42.167 > 78.46.27.186:https] [HTTPS] https://filter22.adblockplus.org./
[172.16.42.167 > 148.251.12.230:https] [HTTPS] https://filter49.adblockplus.org./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[172.16.42.167 > 78.46.27.186:https] [HTTPS] https://filter22.adblockplus.org./
[172.16.42.167 > 148.251.12.230:https] [HTTPS] https://filter49.adblockplus.org./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[172.16.42.167 > 52.24.123.95:https] [HTTPS] https://ec2-52-24-123-95.us-west-2.compute.amazonaws.com./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[172.16.42.167 > 78.46.27.186:https] [HTTPS] https://filter22.adblockplus.org./
[172.16.42.167 > 148.251.12.230:https] [HTTPS] https://filter49.adblockplus.org./
[D] Spoofing 2 targets ...
[172.16.42.167 > 69.195.158.195:https] [HTTPS] https://w2.hackademix.net./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] [DNS] Received Resolv::DNS::Resource::IN::A request for web.de ...
[D] [172.16.42.1 > DNS] Received request for 'web.de' -> upstream DNS
[D] [DNS] Received Resolv::DNS::Resource::IN::AAAA request for web.de ...
[D] [172.16.42.1 > DNS] Received request for 'web.de' -> upstream DNS
[D] Spoofing 2 targets ...
[172.16.42.167 > 216.58.213.46:https] [HTTPS] https://ber01s15-in-f46.1e100.net./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] [DNS] Received Resolv::DNS::Resource::IN::A request for update.eset.com ...
[D] [172.16.42.1 > DNS] Received request for 'update.eset.com' -> upstream DNS
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[172.16.42.167 > 78.46.27.186:https] [HTTPS] https://filter22.adblockplus.org./
[172.16.42.167 > 148.251.12.230:https] [HTTPS] https://filter49.adblockplus.org./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] [DNS] Received Resolv::DNS::Resource::IN::A request for google.de ...
[D] [172.16.42.1 > DNS] Received request for 'google.de' -> upstream DNS
[D] [DNS] Received Resolv::DNS::Resource::IN::AAAA request for google.de ...
[D] [172.16.42.1 > DNS] Received request for 'google.de' -> upstream DNS
[172.16.42.167 > 52.26.2.199:https] [HTTPS] https://ec2-52-26-2-199.us-west-2.compute.amazonaws.com./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
^C
Shutting down, hang on ...
Here is my Setup:
http://fs5.directupload.net/images/161002/rexdx5q3.jpg
Nethunter 3.15.2
OnePlusOne
1880
i have some problems with my setup: Nethunter + Pineapple Nano + Bettercap. I want to use bettercap or mitmf on the Nethunter - but had no luck so far.
Bettercap doesn´t proxying HTTP and HTTPS only some sites. DNS requests are coming through bettercap but nothing happens.
In this example i opened "web.de" and "google.com" - but get no output on the client -> time out.
| |__ ___| |_| |_ ___ _ __ ___ __ _ _ __
| '_ \ / _ \ __| __/ _ \ '__/ __/ _` | '_ \
| |_) | __/ |_| || __/ | | (_| (_| | |_) |
|_.__/ \___|\__|\__\___|_| \___\__,_| .__/
|_| v1.5.8
http://bettercap.org/
[I] Starting [ spoofing:✘ discovery:✘ sniffer:✔ tcp-proxy:✘ http-proxy:✔ https-proxy:✔ sslstrip:✔ http-server:✘ dns-server:true ] ...
[D] NETSTAT:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.16.17.254 0.0.0.0 UG 0 0 0 wlan0
172.16.17.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
172.16.42.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[D] ifconfig eth0
[D] Using ifconfig
[D] Linux ifconfig eth0:
["eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500", "inet 172.16.42.42 netmask 255.255.255.0 broadcast 0.0.0.0", "ether 00:c0:ca:90:d3:65 txqueuelen 1000 (Ethernet)", "RX packets 466 bytes 29203 (28.5 KiB)", "RX errors 0 dropped 0 overruns 0 frame 0", "TX packets 0 bytes 32162 (31.4 KiB)", "TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0"]
[D] Preloading hardware vendor prefixes ...
[I] [eth0] 172.16.42.42 : 00:C0:CA:90:D3:65 / eth0 ( ALFA )
[D] ----- NETWORK INFORMATIONS -----
[D] network = 172.16.42.0 ( 172.16.42.0 -> 172.16.42.255 )
[D] gateway = 172.16.17.254
[D] local_ip = 172.16.42.42
[D] --------------------------------
[D] Spoofing disabled.
[D] PacketQueue worker started.
[D] PacketQueue worker started.
[D] PacketQueue worker started.
[D] PacketQueue worker started.
[D] Probing 172.16.17.254 ...
[D] Probing 172.16.17.254 ...
[I] [GATEWAY] 172.16.17.254 : ( ??? )
[W] WARNING: Both HTTP transparent proxy and URL parser are enabled, you're gonna see duplicated logs.
[D] RESPONSE LINE: 'HTTP/1.1 200 OK'
[D] RESPONSE LINE: 'Connection: close'
[D] RESPONSE LINE: 'Content-Length: 558'
[D] RESPONSE LINE: 'Content-Type: image/x-icon'
[D] RESPONSE LINE: ''
[I] [DNS] Starting on 172.16.42.42:5300 ...
[I] [SSL] Loading HTTPS Certification Authority from '/root/.bettercap/bettercap-ca.pem' ...
[D] Redirecting TCP traffic from *:53 to 172.16.42.42:5300
[I] [HTTPS] Proxy starting on 172.16.42.42:8083 ...
[I] [HTTP] Proxy starting on 172.16.42.42:8080 ...
[D] Redirecting UDP traffic from *:53 to 172.16.42.42:5300
[D] Redirecting TCP traffic from *:80 to 172.16.42.42:8080
[D] Redirecting TCP traffic from *:443 to 172.16.42.42:8083
[D] Starting sniffer ...
[D] Loading parser SNMP ( BetterCap::Parsers::SNMP ) ...
[D] Loading parser SNPP ( BetterCap::Parsers::Snpp ) ...
[D] Loading parser WHATSAPP ( BetterCap::Parsers::Whatsapp ) ...
[D] Loading parser DHCP ( BetterCap::Parsers::DHCP ) ...
[D] Loading parser COOKIE ( BetterCap::Parsers::Cookie ) ...
[D] Loading parser NNTP ( BetterCap::Parsers::Nntp ) ...
[D] Loading parser RLOGIN ( BetterCap::Parsers::Rlogin ) ...
[D] Loading parser NTLMSS ( BetterCap::Parsers::NTLMSS ) ...
[D] Loading parser CREDITCARD ( BetterCap::Parsers::CreditCard ) ...
[D] Loading parser PGSQL ( BetterCap::Parsers::PgSQL ) ...
[D] Loading parser URL ( BetterCap::Parsers::Url ) ...
[D] Loading parser DICT ( BetterCap::Parsers::Dict ) ...
[D] Loading parser MYSQL ( BetterCap::Parsers::MySQL ) ...
[D] Loading parser HTTPAUTH ( BetterCap::Parsers::Httpauth ) ...
[D] Loading parser IRC ( BetterCap::Parsers::Irc ) ...
[D] Loading parser MAIL ( BetterCap::Parsers::Mail ) ...
[D] Loading parser POST ( BetterCap::Parsers::Post ) ...
[D] Loading parser FTP ( BetterCap::Parsers::Ftp ) ...
[D] Loading parser REDIS ( BetterCap::Parsers::Redis ) ...
[D] Loading parser HTTPS ( BetterCap::Parsers::Https ) ...
[D] Loading parser MPD ( BetterCap::Parsers::Mpd ) ...
[D] Loading parser TEAMVIEWER ( BetterCap::Parsers::TeamViewer ) ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] [DNS] Received Resolv::DNS::Resource::IN::A request for easylist-downloads.adblockplus.org ...
[D] [172.16.42.1 > DNS] Received request for 'easylist-downloads.adblockplus.org' -> upstream DNS
[D] [DNS] Received Resolv::DNS::Resource::IN::AAAA request for easylist-downloads.adblockplus.org ...
[D] [172.16.42.1 > DNS] Received request for 'easylist-downloads.adblockplus.org' -> upstream DNS
[172.16.42.167 > 78.46.27.186:https] [HTTPS] https://filter22.adblockplus.org./
[D] Spoofing 2 targets ...
[172.16.42.167 > 148.251.12.230:https] [HTTPS] https://filter49.adblockplus.org./
[172.16.42.167 > 78.46.27.186:https] [HTTPS] https://filter22.adblockplus.org./
[172.16.42.167 > 148.251.12.230:https] [HTTPS] https://filter49.adblockplus.org./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[172.16.42.167 > 78.46.27.186:https] [HTTPS] https://filter22.adblockplus.org./
[172.16.42.167 > 148.251.12.230:https] [HTTPS] https://filter49.adblockplus.org./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[172.16.42.167 > 52.24.123.95:https] [HTTPS] https://ec2-52-24-123-95.us-west-2.compute.amazonaws.com./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[172.16.42.167 > 78.46.27.186:https] [HTTPS] https://filter22.adblockplus.org./
[172.16.42.167 > 148.251.12.230:https] [HTTPS] https://filter49.adblockplus.org./
[D] Spoofing 2 targets ...
[172.16.42.167 > 69.195.158.195:https] [HTTPS] https://w2.hackademix.net./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] [DNS] Received Resolv::DNS::Resource::IN::A request for web.de ...
[D] [172.16.42.1 > DNS] Received request for 'web.de' -> upstream DNS
[D] [DNS] Received Resolv::DNS::Resource::IN::AAAA request for web.de ...
[D] [172.16.42.1 > DNS] Received request for 'web.de' -> upstream DNS
[D] Spoofing 2 targets ...
[172.16.42.167 > 216.58.213.46:https] [HTTPS] https://ber01s15-in-f46.1e100.net./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] [DNS] Received Resolv::DNS::Resource::IN::A request for update.eset.com ...
[D] [172.16.42.1 > DNS] Received request for 'update.eset.com' -> upstream DNS
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[172.16.42.167 > 78.46.27.186:https] [HTTPS] https://filter22.adblockplus.org./
[172.16.42.167 > 148.251.12.230:https] [HTTPS] https://filter49.adblockplus.org./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] [DNS] Received Resolv::DNS::Resource::IN::A request for google.de ...
[D] [172.16.42.1 > DNS] Received request for 'google.de' -> upstream DNS
[D] [DNS] Received Resolv::DNS::Resource::IN::AAAA request for google.de ...
[D] [172.16.42.1 > DNS] Received request for 'google.de' -> upstream DNS
[172.16.42.167 > 52.26.2.199:https] [HTTPS] https://ec2-52-26-2-199.us-west-2.compute.amazonaws.com./
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
[D] Spoofing 2 targets ...
^C
Shutting down, hang on ...
Here is my Setup:
http://fs5.directupload.net/images/161002/rexdx5q3.jpg
Nethunter 3.15.2
OnePlusOne
1880