Urlsnarf and Driftnet are only capturing localhost traffic

[Abdiction]

Hello Community!

Urlsnarf and Driftnet are only capturing localhost traffic but the ARP spoofing works.
The victim is connected with ethernet.

System Information:
Kali Linux 1.0.9, installed, 64 bit, everything up to date

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i wlan0 -t 192.168.0.1 192.168.0.2
arpspoof -i wlan0 -t 192.168.0.2 192.168.0.1

driftnet -i wlan0
urlsnarf -i wlan0

-Abdiction-

[tm3dium]

hi, i am having the same kind of problem (i am using Kali 1.1)

does anybody have a solution?

thanks!

[zimmaro]

hi, i am having the same kind of problem (i am using Kali 1.1)

does anybody have a solution?

thanks!

hi :-)
if this can be a possibily help:
i made a little test on my kali 1.1.0 [wlan4](vm32-under win7) versus my win7 sp1 [eth0](hdd-host)...&&..seems to work.....but..i think is normal.... not all images are displayed on my driftnet during Web browsing!!
http://www.imagestime.com/show.php/1016730_11.PNG.html

[Abdiction]

@zimmaro
If your Kali runs in a virtual machine on a PC it is possible to capture the traffic of the PC it is running on with driftnet / urlsnarf, but obviously this isn't what we want.
Sadly many tutorials do exactly this and claim that it works.

@tm3dium
I am sorry, I have figured out why urlsnarf doesn't work a year ago but I was too lazy to post it.

http://www.monkey.org/~dugsong/dsniff/
dsniff is a toolkit by dugsong it includes:

• dsniff
• filesnarf
• mailsnarf
• msgsnarf
• urlsnarf <-- the tool we tried to use
• arpspoof
• dnsspoof
• macof
• sshmitm
• webmitm

From the FAQ under http://www.monkey.org/~dugsong/dsniff/faq.html

3.3. Why isn't dsniff / *snarf seeing anything?
3.3.1. ...when using arpspoof to intercept client traffic?

Make sure you are actually forwarding the intercepted packets, either via kernel IP forwarding or with fragrouter.

If you are indeed seeing the client's half of the TCP connection (e.g. as verified using tcpdump), make sure you've enable dsniff's half-duplex TCP stream reassembly (dsniff -c). The *snarf tools do not yet support this mode of operation.

Conclusion:
All these sweet *snarf tools are not working (which is a shame).
"dsniff" works withe the -c flag

still i have no idea why driftnet isn't working
-Abdicition-

[tm3dium]

grazie zimmaro

it seems that the problem is due to my Kali: i am booting it as a live (from USB) but it has never worked properly.
Using the same Kali version as a VM (like you did) everything (arpspoof + urlsnarf) works.

is it really impossible to make everything work from my USB Kali machine?

[zimmaro]

@zimmaro
If your Kali runs in a virtual machine on a PC it is possible to capture the traffic of the PC it is running on with driftnet / urlsnarf, but obviously this isn't what we want.
Sadly many tutorials do exactly this and claim that it works.

@tm3dium
I am sorry, I have figured out why urlsnarf doesn't work a year ago but I was too lazy to post it.

http://www.monkey.org/~dugsong/dsniff/
dsniff is a toolkit by dugsong it includes:

• dsniff
• filesnarf
• mailsnarf
• msgsnarf
• urlsnarf <-- the tool we tried to use
• arpspoof
• dnsspoof
• macof
• sshmitm
• webmitm

From the FAQ under http://www.monkey.org/~dugsong/dsniff/faq.html

Conclusion:
All these sweet *snarf tools are not working (which is a shame).
"dsniff" works withe the -c flag

still i have no idea why driftnet isn't working
-Abdicition-

hi :-)
i'm not expert && I hope to have understood the thread......... but i THINK MY ""virtual-LAB"" in bridge-mode is the """almost-same""" of ""physical-lan/wifi""
now i made another test in REAL-LAN

http://it.tinypic.com/view.php?pic=2...8#.VQQTwI6G86w

kali 1.1.0 hdd install eth0 192.168.1.7 (my killer-static-IP) :-)
victim win 8.1 netbook wifi 192.168.1.14 (browsing via chrome && firefox for test)
gateway 192.168.1.1 ( pirelli)

http://it.tinypic.com/view.php?pic=5...8#.VQQTRo6G86w

...seems to urlsnarf && driftnet ..working !!!again (same in MY virtual)

[Abdiction]

My last post is flat wrong and full of assumptions, but I think (I really do) that I've got it now

1. the latest dsniff version is 2.4 from 27-May-2002
http://www.monkey.org/~dugsong/dsniff/beta/
seems to be the version that ships with kali

2. http://www.backtrack-linux.org/forum...ad.php?t=25974
imported_cybrsnpr: 02-04-2010

In reply to the OP. arpspoof as it comes from Dug Song is broken to work only with eth0 (at least the last time I downloaded a copy). I've have a "fixed" copy that will actually work with any interface. It works fine for spoofing MAC. I haven't seen any ICMP redirects or any other weirdness with it. I've used it many times over wireless successfully.

I have a copy of it HERE.

Good Luck...

Regards,

cybrsnpr

(The guy links to http://www.csr-group.com/resources.html)

@zimmaro Thanks for your help! Could you please try to do the same thing you did; but over wlan?

-Abdiction-

[zimmaro]

My last post is flat wrong and full of assumptions, but I think (I really do) that I've got it now

1. the latest dsniff version is 2.4 from 27-May-2002
http://www.monkey.org/~dugsong/dsniff/beta/
seems to be the version that ships with kali

2. http://www.backtrack-linux.org/forum...ad.php?t=25974
imported_cybrsnpr: 02-04-2010

(The guy links to http://www.csr-group.com/resources.html)

@zimmaro Thanks for your help! Could you please try to do the same thing you did; but over wlan?

-Abdiction-

ri-hi :-)
oooohhh now i remember .....it's OLD questions...............
TEST WLAN-REAL
http://it.tinypic.com/view.php?pic=v...8#.VQVDXY6G86w

http://it.tinypic.com/view.php?pic=1...8#.VQVC9I6G86x

worked fine!!!

I THINK:
in my kali's machines i USE dsniff-2.4b1-debian-18(BT5-R3-version)..... NOT default-22 ....
there are old threads with this question...&& many MINE tests...
Maybe the problem is related to this???
bye

[Abdiction]

@zimmaro This is driving me nuts!

OK firstly I have no idea how to downgrade my dsniff to your version. apt-get install dsniff=dsniff-2.4b1-debian-18 didn't work

Current Situation:

Kali Linux 1.1.0, installed, 64 bit

Router: 192.168.0.1
Victim: 192.168.0.2 ethernet Windows 7
Attacker: 192.168.0.14 wlan

"lspci | grep -i network" output:
02:200.0 Network controller: Intel Corporation Centrino Wireless-N 125 (rev c4)

1. the arpspoof works (verified through arp -a)
2. the traffic gets forwarded
3. I am able to see the traffic of the victim with tcpdump
4. urlsnarf and drifnet only show urls/images from localhost traffic

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i wlan0 -t 192.168.0.1 192.168.0.2
arpspoof -i wlan0 -t 192.168.0.2 192.168.0.1


driftnet -i wlan0
urlsnarf -i wlan0

It works for you but it doesn't work for me :/
So what is the difference?
-the hardware of course; but the arpspoof does work so it seems unlikely that my hardware causes this issue
-the dsniff version

Would you mind to update your dsniff to 2.4b1+debian-22 and do the procedure again?
btw If you think some old threads are related to this please gimme the links

[zimmaro]

@zimmaro This is driving me nuts!

OK firstly I have no idea how to downgrade my dsniff to your version. apt-get install dsniff=dsniff-2.4b1-debian-18 didn't work

Current Situation:

Kali Linux 1.1.0, installed, 64 bit

Router: 192.168.0.1
Victim: 192.168.0.2 ethernet Windows 7
Attacker: 192.168.0.14 wlan

"lspci | grep -i network" output:
02:200.0 Network controller: Intel Corporation Centrino Wireless-N 125 (rev c4)

1. the arpspoof works (verified through arp -a)
2. the traffic gets forwarded
3. I am able to see the traffic of the victim with tcpdump
4. urlsnarf and drifnet only show urls/images from localhost traffic

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i wlan0 -t 192.168.0.1 192.168.0.2
arpspoof -i wlan0 -t 192.168.0.2 192.168.0.1


driftnet -i wlan0
urlsnarf -i wlan0

It works for you but it doesn't work for me :/
So what is the difference?
-the hardware of course; but the arpspoof does work so it seems unlikely that my hardware causes this issue
-the dsniff version

Would you mind to update your dsniff to 2.4b1+debian-22 and do the procedure again?
btw If you think some old threads are related to this please gimme the links

i just downgrade a version 18 at first time to instal kali(2 years ago)...&&..blocked it to upgrade 22 (i don't want) for ME is good -18)
for old dsniff (AT YOUR RISK) my dropbox files+dependencies:

https://www.dropbox.com/sh/5uagx5jg4...o5Es73lia?dl=0

for links to threads ....i don't have time now to search...is related to sniff traffic,,,ettercap,,,yamass,,ecc..ecc
bye && good luck