i8igmac

maybe sniff the traffic with another tool... Tcpick -i wlan0 -bPS -C in a second terminal Tcpick -i wlan0 -bPC -C The 2 above will show traffic in separate terminals, one is traffic to the server(Get request) and the other is the server Response... I like this tool as its quick clean and uses the same filter syntax as wireshark... check and see if port 80 was used and what this data looks like...

well. I have experienced this befor, with a kali rasp pi... ill give cooper some props as it seems to be a kali problem... software/driver/service issue... this device had no problem in linux mint... try a usb powered hub if you have one... i think I tried older versions of aircrack... I tried everything, so once I got a stable machine I just made a backup... tail -f /var/log/kern.log Monitor This console, start your attack...

I like to buy the wireless routers from thrift stores and good wills... I have 3 lynksys running dd-wrt i paid less then ten$ for all. :-) you will find that modems/dsl routers wont run new firmware, I will still buy them if they have a detachable antenna, you can open up this device and remove the coax and sma connector... this can be used for building antennas or soldered onto a router that needs a detachable antenna... As for the best router that runs open-wrt, the size of the flash memory is key for installing all the tools you wish to play with... look at the details on the device and check with the compatible device list...

learning how to do this manually will be a fun learning experience.. i think the process is identical on both the pineapple and a linux computer... i can think of 2 ways to do this, depending on the hardware you have available. a wifi card that supports master mode would allow you to perform karma like attacks... if you dont have a card that supports master mode, its still simple... airbase-ng wlan1 -e xfinity -c 11 now some iptables to direct the traffic and dnsmasq to passout valid ip's, you can find examples online or around the forum... i have posted some example start up scripts of this kind of attack using a kali/raspberry pi... now for the fake login script, i would use set-tool kit, i believe there is a option to clone a website and that will be your template... simply add a few lines of php to write login creds to a file... make your self a kali bootable usb stick ,-) search the forums for airbase-ng and follow some instructions and most impotently try to understand what each command does...

I have not looked at the traffic, my phone auto associate with xfinity routers and I don't need to enter login creds... I would think there is some kind cookie sent to xfininty.com (or some domain)... I would also assume there not sending plain text over wifi? Im not a fan of the fishing stuff... it can work but... I would weather stay transparent, logg all the cookies, reuse cookies, inject meterpreter... fun stuff This cookie I'm sure could be reusable,

I posted this a few times... I love sharing my projects ;-) I can get speeds for Netflix and inline gaming depending on amount of walls in the way pluss 1000 feet distance Long range kali repeater. Raspberry pi:

echo 1 > /proc/sys/net/ipv4/ip_forward Correction ec_uid change to 0 don't use ettercap gui... learn the console...

its been a while since I messed with mitm. If you dns spoof facebook to your machine, will you capture cookie information? Then you can process this information and provide a proper response to the client?Transparent proxy, (now days) I could never come up with a full 100% working mitm transparent proxy... I enjoy modifying request/response data! has any one noticed when the data is encrypted, the certs are grabbed. You can still see in plain text the domain of the cert handle!

I believe in ettercap, there are plenty if tutorials out there for this attack, I'm sure your missing a few little settings. on backtrack. A fewcommands Locate etter.conf You have to edit 3 lines, first set guid => 0 And scrole down you will find 2 lines of iptables, remove the # on both iptable lines to enable Then you have to locate IP_forwarding and edit it to show 1 Ettercap -T -q -M ARP // // I do agree with whar wassaid above, I would start out with a distro like Linux mint or something... on your test machine try surfing multiple websites like yahoo.com msn.com etc...

Place a sleep and a print msg before every piece of code you may think is stressfull. While you monitor your cpu, launch yourscript. Sleep 3 Puts(we are now here!) if you can't identify the proplem, then perform these same action's ON EVERY LINE... if I need to find the problem for u. throw me a Benjamin : -)

Hsts I guess is the issue... you have to ask people to accept a custom cert? maybe threw a evil portal, before a machine can use your access point, (for security reasons, you must accept this cert)

if it was me. I would look into something like hidclient... a remote bluetooth linux machine in your pocket or a labtop, could send off keystrokes over Bluetooth, plug the dongle into your target...

Mybad

Long range biquad. Home build: Long rane kali repeater. Raspberry pi: so far, my testing shows a parabola (boll/dish like focal point) I made some tinfoil parabola dishes that have made some incredible distances... Fact is, All the networking towers use parabola... Backfire dish I got from Amazon... I used in the second video...

http://thehackernews.com/2015/07/anonymity-proxyham.html?m=1 I have built a setup identical to what is explained in this article... my current internet source is a wifi hotspot a great distance away (not 2.5 miles) maybe 1000 feet with plenty of walls! A backfire dish antenna 16dbi! A raspberry pi(kali) exist in my attic space, with 3 usb wifi devices and several different antennas... I'm always looking to improve my long distance travel to this source AP (any tips for improvement) I'm looking for something that could blast threw walls :-p So, can some one explain this 900mhz? any devices come to mind... does the access point need to support 900mhz?

you need proxy options? pithos has proxy options... Also, found this thread with example code of adding a downlod option, looks like it will properly name each song maybe including album covers... if i get free time ill improve my pithos client... https://bugs.launchpad.net/pithos/+bug/681661 my old hacky pandora sniff works for me, it was quick... ill skateboard for hours with my ipod playing this stuff...

If your looking to download music from pandora. I have some example scripts. I sniffed this data... Also a way better Pandora application, pithos! its open source. Im not a fan of python, if someone has the time to modify the source, this would be a excellent way of downloading the music with album image... Pithos also has no adds, unlimited fast forward... My method will simply collect the raw mp3 files threw sniffing , the naming of each file is up to you... I just create a folder of the pandora station title... Tools required: pithos Ruby Tcpick I will start tcpick to dump raw data to a directory, then I modify pithos app to fast forward every 20 seconds.... let the machine sit for a few hours then I scrape threw this data with ruby, ruby writes all the mp3 to a output directory...

Nexus, I guess run kali out of the box...

I'm not a fan of bash scripts, I think you should explore python, perl or ruby... while true IO.popen3('airbase-ng wlan0'){|input,output,error,process| if output.include?('something good') file.write('log.txt', output) End If the application needs input, like reaver ask Input.include?('Do you want to continue with old session') input.puts('yes') End If error Puts(' we have a error') End Puts (process information) sleep 60*5 Kill.process } End

I have posted example code about this kind of attack, i never spent the time to build a metasploit module... a forum post i made, just to see if people are interested. http://www.backtrack-linux.org/forums/showthread.php?t=53855 here was the working example code i posted in 2012, whipped up in a few hours... http://pastebin.com/n7AHi5Ny some basic if expressions, if the binary data found on the wire is a 'exe', 'rar', 'msi', etc... replace the data with a meterpreter and change the content length... header tampering... and a video remake...

i have turned one of my pi's into a long range repeater, spent long nights testing and writing configs. Its been a while but ill try to post a few examples. Always monitor your testing well running in a second terminal/ssh session Tail -f /var/log/kern.log I have noticed a few routers are stubborn and your wpa.conf will need some messing with, so try other access points, open and secure... ill sometimes turn my phone into a access point... step one, turn off all services that mess with your adapter... this is a manual configuration... Here is one that may be the culprit EDIT-> etc/network/interfaces Auto Wlan0 Iface wlan0 inet manual root@iphone:~# cat golf7376.conf network={ ssid="golf7376" psk="Family1234" #psk="37710101" #psk=be418f66bcde9eff3c3bcf6ed0dce7622dd7796fedf7f78950760fcb432f69a8 } This is a example wpa_supplicant conf, follow wpasupplicant tutorials... execute the config like this wpa_supplicant -Dnl80211 -iwlan2 -cgolf7376.conf -B At this point you should watch the console that is tailing kern.log Then dhclient wlan0

that's how it works, you need to follow some guides on port forwarding... Your router holds your public ip, you tell your router to forward all incoming traffic to 192.168.0.101:4444

I have tested pyrit cluster. It was faster to split your wordlist into equal chucks I split mine up to equal chuncks based on each machines performance... math is always fun. 250 million wordlist 20,000 per second labtop 15,000 per second desktop As pyrit has a built in cluster function, I only got 25000 per second. Maybe network bottle neck... I achieve 35000 per second when wordlist was split properly.

last I looked, i think metasploit apk shells are in a sense a safe public release. all the example code is there waiting to be modified to meet you demands. Do some research. Share your results ...

http://jsfiddle.net/tovic/vVaat/light/ I found what I need...