Search the Community

Hi guys. I just got my LAN Turtle, I was trying to sniff credentials over HTTP but I didn't find any module to do the job. The closest one to what I need is URLSnarf but it only logs the URLS of the request, is there a module to read the data of the requests? Or, Can I read the data of the request with URLSnarf?

Hi ! I wrote this script to sniff on OPN 802.11 networks and extract URLs but it seems that the last part with Urlsnarf doesn't work ! Can you please help me to correct it? #!/bin/bash # My first script #enter functions press_enterandstop() { echo -en "\nPress Enter to continue" read #airmon-ng stop mon0 } press_enternoclear() { echo -en "\nPress Enter to continue" read } press_enter() { echo -en "\nPress Enter to continue" read clear } #kill NeworkManager selection= until [ "$selection" = "1" ]; do echo " NeworkManager 1 - Stop NetworkManager 2 - Restart NetworkManager 0 - exit program" echo -n "Enter selection: " read selection echo "" case $selection in 1 ) service NetworkManager stop ; press_enter ;; 2 ) service NetworkManager restart ; press_enter ;; 0 ) exit ;; * ) echo "Please enter 1, 2, or 0"; press_enter esac done echo "Seting monitor mode" iwconfig press_enternoclear; function monitormode(){ echo -n "Type the network interface " read wlan airmon-ng start $wlan } monitormode; #Checking the mon interface #Checking monitor mode function mon(){ ifconfig -s -a | grep -i "mon"> moninterface.txt mon=`head -n 1 moninterface.txt | cut -c -4` echo $mon press_enternoclear; echo "Checking injection capabilities" aireplay-ng -9 $mon #press_enternoclear; #Capturing export CAPT_DIR=/home/leila/bin/captures export CAPT_DEST=$CAPT_DIR/capture mkdir -p $CAPT_DIR airodump-ng -w $CAPT_DEST $mon press_enternoclear; } mon; #Decrypting the files function decryptap(){ f=`ls -w 1 $CAPT_DIR/capture-??.cap | tail -n 1` echo -n "Type the AP " read ap airdecap-ng -e "$ap" $f g=`ls -w 1 $CAPT_DIR/capture-??-dec.cap | tail -n 1` tcpdump -r $g -vvv > suctest.txt dsniff -i lo > sniff.txt & urlsnarf -i lo > url.txt & tcpreplay -i lo -t $g echo "finish" } decryptap; airmon-ng stop $mon

I've spent quite some hours getting deeper into the Mark V but some points are just not clear for me. I was hoping somebody knows more about the issues because the are not well documentated and info is hard to find. Let me explain you my setup, I use the Pineapple for 2 purposes : 1) PineAP to spoof SSID and get clients 2) In my LAN as DHCP and GATEWAY so that I'm able to see what's going on. I turned off my router DHCP and now the DHCP from the Mark V sets hisself as gateway and DNS Server. The Pineapple uses on his turn the router which has the DHCP disabled as gateway for the internet connection. All is working ok, clients connected trough WIFI (method 1) and have internet I'm able to see the tcpdumps and urlsnarf the traffic. When I want to urlsnarf my own LAN nothing is getting displayed. All clients on the LAN have an ip distributed by the Mark V and use it as a gateway and dnsserver. The tcpdump and dnsspoof is working fine for the LAN clients, only the dsniff tool libary not (urlsnarf, dnsiff etc..) Does anyone has an idea ? Because everything seems to be setup properply and all is working except this part for the LAN clients. The tcpdump, dnsspoof etc is working ok for both methods. Also the urlsnarf says something like : urlsnarf: listening on eth0 [tcp port 80 or port 8080 or port 3128] However when I read the documents its says it binds globally to a network interface and not a port. When I try to telnet to one of these ports, its refused. I also tried all other interfaces, so thats also not the problem. Any help would be appriciated..

I have a MK4 on 2.8.1 and when I USB connect my Cyanogen phone, I get an IP on the main control panel, can check for updates, etc. I have JUST recently factory reset the MK4 after a long gap in use that led to me forgetting passwords, etc. When a wireless user connects via karma or directly to the AP, their connection shows up in the log, and they get an IP, but they can't see the Internet. Is there a step I am missing that allows the passthrough? I haven't tried anything because I don't know what to try. A twitter follower (https://twitter.com/W9HAX/status/649056274756304898) suggested IP Passthrough but that didn't work. Something else I am missing? Something I can check? I'm out of ideas. Thanks. S

Its been working and now it won't show any logs..?

A while back Em3rgency from Top-Hat-Sec created a script that worked in BackTrack. I recently modified it to work in Kali. Check it out for your Fake AP pleasure. Check out my blog for the script at http://goo.gl/UFYMg3 http://wp.me/p479Vp-1p instead. Let me know if you run into any problems running it.

Is there a command to filter just the URL's. Bit annoying to filter the other crap that comes in the logs. Maybe some other useful filter commands??? Thanks

hey i running a windows PC and i want to know how to set up urlsnarf. in windows. i clicked start urlsnarf and nothing happened.

Hi guys. I have Mark IV Pineapple with the latest firmware: 2.7.0 and the modules: sslstrip, urlsnarf installed in an external stick mounted in my pineapple. I can run sslstrip and urlsnarf succesfully but only separately. If I start both of them, urlsnarf is not showing any log output (Refresh is enabled, and Logging to usb is enabled). Is there a way to run them simultaneously? (because in a typical sslstrip mitm attack both of the tools can run). I don't know if it's a problem that only I face. Thanks in advance

Hello all! So first of all urlsnarf doesn't seem to output any logs from client's traffic.Sometimes urlsnarf would output random traffic, but there doesn't seem to be a pattern that I can see. Is there something urlsnarf specifically looks for, or checks for? Maybe I don't know what it specifically does. Second, dnsspoof is spotty in how it works. Sometimes it will correctly re-direct traffic, but other times it won't. It's a little hard to explain, here is a ping output: xandermbp:~ alexander$ ping www.reddit.com PING a659.b.akamai.net (165.254.26.73): 56 data bytes 64 bytes from 165.254.26.73: icmp_seq=0 ttl=48 time=73.265 ms 92 bytes from pineapple.lan (172.16.42.1): Redirect Host(New addr: 172.16.42.42) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 25bb 0 0000 3f 01 bec7 172.16.42.207 165.254.26.73 64 bytes from 165.254.26.73: icmp_seq=1 ttl=48 time=71.029 ms 64 bytes from 165.254.26.73: icmp_seq=2 ttl=48 time=101.353 ms 64 bytes from 165.254.26.73: icmp_seq=3 ttl=48 time=83.039 ms 64 bytes from 165.254.26.73: icmp_seq=4 ttl=48 time=85.661 ms 64 bytes from 165.254.26.73: icmp_seq=5 ttl=48 time=77.908 ms 64 bytes from 165.254.26.73: icmp_seq=6 ttl=48 time=72.256 ms 64 bytes from 165.254.26.73: icmp_seq=7 ttl=48 time=70.567 ms ^C --- a659.b.akamai.net ping statistics --- 8 packets transmitted, 8 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 70.567/79.385/101.353/9.832 ms xandermbp:~ alexander$ ping google.com PING google.com (74.125.224.228): 56 data bytes 64 bytes from 74.125.224.228: icmp_seq=0 ttl=51 time=32.533 ms 92 bytes from pineapple.lan (172.16.42.1): Redirect Host(New addr: 172.16.42.42) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 22d5 0 0000 3f 01 5693 172.16.42.207 74.125.224.228 64 bytes from 74.125.224.228: icmp_seq=1 ttl=51 time=19.402 ms 64 bytes from 74.125.224.228: icmp_seq=2 ttl=51 time=22.356 ms 64 bytes from 74.125.224.228: icmp_seq=3 ttl=51 time=19.230 ms 64 bytes from 74.125.224.228: icmp_seq=4 ttl=51 time=20.175 ms 64 bytes from 74.125.224.228: icmp_seq=5 ttl=51 time=20.814 ms 64 bytes from 74.125.224.228: icmp_seq=6 ttl=51 time=19.545 ms 64 bytes from 74.125.224.228: icmp_seq=7 ttl=51 time=24.446 ms 64 bytes from 74.125.224.228: icmp_seq=8 ttl=51 time=23.360 ms 64 bytes from 74.125.224.228: icmp_seq=9 ttl=51 time=22.641 ms 64 bytes from 74.125.224.228: icmp_seq=10 ttl=51 time=25.756 ms ^C --- google.com ping statistics --- 11 packets transmitted, 11 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 19.230/22.751/32.533/3.722 ms [/CODE] It seems, for the pings, that the pineapple did something but it was still pinging google's and reddit's address. And lastly, the pineapple sometimes seems to be a bottleneck for clients connected to it. Both testing at home and especially at a local coffee shop, clients connected through the pineapple had significantly slower and choppier connections. Right now it's setup connected to my eee pc which is sharing its wifi connection over ethernet to the pineapple. Usually all that is running is karma, urlsnarf, and sslstrip By the way, my Pineapple is a Mark IV, 8GB USB with the swap space correctly made (I followed Darren's tutorial and used the flash script()). Also it is indeed plugged into the wall, so there shouldn't be a power issue.

Hello I recently got the mk4 but i am having problems with it freezing and/or crashing randomly and very often. Im running 2.7.0, poe to ethernet and power via usb port on laptop (i have tried with the pineapple juice aswell) What happens is im setting it up as per tutorial/how-to so its default setup, run the wp4.sh and i have access to the gui,everything works as it should but it seems like when i use sslstrip and urlsnarf together that is a sure freeze issue for the mk4. It does not answer ping nor ssh and needs a complete reboot and a wp4.sh run againg. This also happens (although maybe every other day or so) just running the sslstrip - both modules are the newest, installed on usb with swap and downloaded from the pineapplebar. Ive looked around and see some issues that looks related but nothing seems to fix this for me. Any ideas ? Thanx :)

In the source for the urlsnarf module version 2.4 on firmware 2.7, the CSS resource is linked as follows: <link rel="stylesheet" type="text/css" href="css/urlsnarf.css" /> <link rel="stylesheet" type="text/css" href="css/firmware.css" /> [/CODE] These files do not exist when installed to USB or internal memory, causing the page to render incorrectly. I've tried removing and re-installing to no avail. Not sure why this is - it seemed to work fine before firmware 2.7 was installed.