-
To: socialcred
Okay we threw a little time at the problem here is a solution.
If you run Basic Menu 3 sniff there is no portal page and no problem.
However if you are running a Portal Page and want to sniff with sslslip+ the portal page is gone once you run ANY of the sniffing features so you must let the client get past the portal and begin accessing the internet before you sniff. Here are the variations when running 9a with pwnstar9.0(PS9).
1. Start PS9
2. Run Basic Menu 9a as internet access must be provided
3. If you select the https-http trap feature then once you start the sniffing features the client can only access https requests. If however you select to not use the trap then once the sniffing features are started the client can access both http and https requests. This though means the client cannot pass thru thr portal and get internet access unless a http request is made.
4. Once PS9 is running you will see in yellow:
Enter Line Number of operation to be conducted.
Select 3 sniff victims and additional xterm windows with ferret and sslstrip will open in turn and start writing data as it comes thru. This selection will also rewrite some iptables allowing sslstrip to function.
To allow mitmf(ie sslstrip+) to function you must unbind port 10000 if it is bound
Open a terminal window
Type fuser -k 10000/tcp
or fuser -n tcp 10000
You will get a bunch of Cannot Stat file etc warnings and then
10000/tcp 4677
The 4677 digit is a numerical string designating the process and can be any numeric string
Now type killall -9 and the numeric string seen, in this case 4677
killall -9 4677
You will get an error message ignore it
Now run mitmf.sh and it runs fine. Just give it time to get the python script to run.
We are working on a mitmf.sh that runs all this for you. Will post it here when completed. However we think Basic Menu 3 is a better feature.
MTeams
-
To mmusket33,
Would you consider sharing your code on github or bitbucket? They are much better platforms for sharing code than free file upload sites. Also it would allow us to contribute your codebase (that is if you accept pull requests).
Regardless of your decision thanks for the tool.
-
To pip,
The original author Vulpi has posted his version on github
MTeams adapted it for WPA phishing
Our view is once we release any code to the community, the code belongs to the community not us.
Hence if you think it wise to post two(2) versions on github that would be your decision. We have no objection to you posting if you wish.
-
Dear Mmusket33,
I appreciate the time your team spent on dealing with my question. I will be in a position to run tests soon. I just tried using the phish/sniff advanced attack after allowing the victim through the phishing captive portal and the sslstrip attack still works! In fact, it works faster than on the prior version of Kali. Congrats on a great framework for wifi attack demonstrations for end-user security. Sometimes users don't believe the training until they see the attacks in class!
-
You mention browsing authorized which leads us to thinking you are trying to use it with a portal/phishing page which again requires Apache2
-
Pwnsta9.0 musket version
Hi,
I appreciate your effort on pwnstar project. I want to ask your opinion on the following scenario:
I'm starting your version of pwnstar on a kali 2.0 virtual machine, using (9-a). Everything its created normaly. Im using "portal-hotspott" page. I'm using as test devices an iPhone 5 and an iPhone 6. I can connect to the pwnstar created network and i'm receiving the portal page on any http request. Credentials are captured and shown to formdata.txt.
The problem is that after few minutes (sometimes 1-2 min , sometimes 5-6) im loosing the connection to the pwnstar network and I can't reconnect because the pwnstar network disappear from spectrum.
Any ideas on how to debug this?
Thank you in advance.
Frank
-
To Frank,
Unfortunately MTeams has never run the program in a virtual machine. We suggest you make a persistent usb install of kali 2.0 or do a Harddrive install and then test the program and see if the problem disappears. Do not try and run the program from a live only usb, the persistent feature must be set up. If at that time the problem still exists then we will try and assist you BUT this problem doesnot exist on our computers.
MTeams
-
Repeated message, delete please
-
Hi mmusket33 !
In vk496/Linset, there's a feature to auto test the captured wpa passphrase (the one user entered on the fake accesspoint page) in realtime, by trying it on a previous captured WPA handshake packet.
If the user types a password that cracks the handshake, then the fake page shows a success message and disables the fake ap automatically.
Is there a similar function in your "pwnstar9.0-K2-mv2-6.sh" ?
BTW, i've read a lot and only tested pwnstar9.0-K2-mv2-6.sh till now, i'm about to download wifislax to try linset as it seems to have some bugs in kali.
Anyway, which of these do you think is the best ? pwnstar or linset ?
-
To brunoaduarte
First reference linset. MTeams may not be aware of the authors latest works. MTeams did debug and translate and then release a linset version but it probably will only run in kali1.10a due to the airmon-ng problems.
We prefer the Pwnstar9.0(PS9) approach written by vulpi. MTeams have new phishing pages on the drawing board that will plug right into the MTeam PS9 version.
Furthermore we know of no other phishing progam that will run under Kali2.0 because of the airmon-ng network-manager conflicts. And because Eterm although now available for kali2.0 doesnot work in the kali2.0 environment. We tried to address the Eterm issue in these forums but got nowhere and just gave up.
For us the King of RogueAP programs is Aerial however this program doesnot support phishing web
pages and maynot run in kali2.0. If you find any of these comments in error please correct us.
Reference functions in PS9 - no such handshake module exists. WPA Phishing is a social engineering attack. What is most important is the quality of the web pages and the functionality of the systems interaction with the client. Vulpi provided an easily adaptive program that allows expansion and individual expression. If you use PS9 even if it is an MTeams release thank the original author who made all this possible.
If you find either linset or Aerial run in kali2.0 please advise
MTeams