Jump to content

TheB

Active Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by TheB

  1. Haha cool, thanks man! -0dB to -100dB it is (not including the SNR)
  2. I'm working on a visualisation of wireless signal strengths and wanted to check if i have the correct information. I have read that wireless signal strength ranged from -50db to -100db where -50db is a strong signal and -100db is bad. I've read this on an windows dev site, so my question is; is this only true for windows or it this the standard? Thanks!
  3. Follow up on the findings i've made, seems i already had the right drivers (broadcom-wl) installed on my device but that OpenWRT cant handle them on the device i have (Linksys WRT54GL). Here is a ticket to the issue, seems they wanted this fixed in version 14.07 (Barrier Breaker) unfortunately that version of OpenWRT uses to much memory to run properly on the WRT54GL..
  4. Hi digip, Thanks for the reply! I'll look into the drivers and post my findings here when i got them.
  5. Facing a new problem now, I have made a test on my Pineapple that only uses tcpdump for filtering probe request using the filters stated above. But it is using filters that are only compatible with IEEE802_11 Link Layer Header. My Linksys only seems to support the DOCSIS and EN10MB Link Layer Headers.. So when i run the command i get the error: 802.11 link-layer types supported only on 802.11 is it possible to filter out probe requests with the EN10MB Link Layer Header? Or have i misconfigured my wireless interfaces? config 'wifi-device' 'wl0' option 'type' 'broadcom' config 'wifi-iface' option 'device' 'wl0' option 'mode' 'monitor' Many thanks!
  6. Hi Cooper thanks for the tut! I got it down to the following command: tcpdump -i wlan1 -e -s 256 type mgt subtype probe-req
  7. Hi Cooper, Thanks for answering! I should be able to fit tcpdump in there. So with the right filter i can get those probe request out with just tcpdump? Do you know a good resource on filtering with tcpdump? Indeed i've seen a mod on the OpenWRT wiki that enable sd/usb storage on the router, that would be awesome but my experience soldering has only come as far as using phenolic board to prototype something together. So i'm sure to break it! Nevertheless, i think i will try just for the fun of it! For this project i don't think i can risk breaking one. Thanks!
  8. Hi All, I'm working on a project in witch i'm using some old Linksys WRT54GL routers that i've flashed with OpenWRT (Backfire 10.03.1). Now i'm running into some problems with the storage on the device, the device has around 1mb of flash storage that i can use. The thing i want to do is configure the router to send probe request information with UDP to my computer where i'm running a app to visualize this data, i already have an prototype working on the Pineapple. On the pineapple i'm simply watching for changes in the KarmaLog with the following script: KARMALOG="/var/karma-phy0.log" IP="172.16.42.42" PORT="11999" LASTLINE="last" while true; do # compare the lastline with the new line if [[ $LASTLINE != $(tail -n 1 $KARMALOG) ]] ; then LASTLINE=`tail -n 1 $KARMALOG` echo $LASTLINE >/dev/udp/$IP/$PORT fi sleep 1 done This works great, sends the data i need, perfect. The only problem i have now is that i want to use a different router than the pineapple but on the Linksys routers i don't have enough space to install karma, and i actually don't think i need karma to do the job. I know i can set the radio on the Linksys in monitor mode, but i don't know how i can get the probe requests out without installing an extra framework. So i'm looking for a framework or a simple script that can filter out the probe requests, in the ideal situation i would get the SSID, Timestamp, Device Hostname or Mac Address and Signal strength (to calculate a distance from the router). Do you think this is possible and if so where should i start looking? Or should i consider getting other routers with more storage capacity? Many thanks! TheB
  9. Thanks for the reply, Your assumptions where completely right! Mixed up the server with the client.. my brain told me that a server would be the "server" of the message and the client the "receiver"
  10. Hi all, I'm pulling my hair out to get this working, it's probably something obvious im missing.. So i could use some extra eyes! I'm trying to send data from the urlsnarf infusion to an application running on the host machine. The application is made in Open Frameworks and listens to udp data on port 11999. I've copied and altered the urlsnarf infusion to properly work besides the original without conflicting. Now where i'm getting stuck at is creating the connection. $socket = stream_socket_server("udp://172.16.42.42:11999", $errno, $errstr); if (!$socket) { echo "Goddamn no socket! at $connection $errno, $errstr \n"; } else { echo "Socket created $connection \n"; } stream_socket_sendto($socket, $input); The error i get is the following: $errorno = 0 and $errstr = Cannot assign requested address I tried multiple addresses to send the data to, but every adres i try get's the same error. What i tried is 172.16.42.42, 10.211.55.2 (the ip of network interface 1 of my virtual machine), 10.37.129.2 (interface 2). I have the application running inside the virtual machine (Ubuntu) my Pineapple get's it's internet from the virtual machine. Many thanks!
  11. Another quick follow up, i was doing some tests with the URLSnarf infusion, checking what the different outcomes would be with analyzing web traffic vs app traffic. So i opened Facebook app and got nothing, the app uses mostly tcp for the communications but after that i opened the app store data started pouring in, mostly images so okay no big deal only images. But then i did an app update.. and i could see an http request for the app's .ipa file! "GET http://a259.phobos.apple.com/eu/r30/Purple3/v4/c5/c8/24/c5c82436-6c75-e90f-3602-22680bf6a066/CRV_AP_150x90.lir?downloadKey=thedownloadkey" "GET http://a989.phobos.apple.com/eu/r1000/029/Purple1/v4/8c/85/c4/8c85c461-ea5c-f012-08f8-c2f385af8d2c/mzps1425594539023081587.ipa" First thing that came trough my mind was, is it possible to change this ipa file for my own .. ?
  12. Hi all, here's a follow up on recent developments. I have my development set up compete, i have a ubuntu installation running on my mac from where i control the wifi pineapple and share the internet from. And now i'm having a lot of fun trying out the infusions available from the pineapple bar! I did notice that the SSLStrip infusion makes the network go really slow when doing its thing resulting in a "can not connect to the server" while active. So in the meantime i'm analyzing the regular http traffic in search for patters i can use. Until now i have had no luck finding patterns in the seas of data flowing trough the device, i guess that is not a human job to do ;). Do any of you have some tips on what tricks i can do to analyse the traffic going trough the pineapple, my ideal situation would be to get the messages (Facebook messenger, posts, etc.) but i guess that those are (luckily) very well encrypted.
  13. Hi All! I'm currently busy with a project in witch i want to use man in the middle attacks to show the vulnerabilities of networking and explicitly phones who automatically connect to a known wifi network. I'm doing this for a school graduation project at an art school in the Netherlands, so i'm not an expert at hacking but i have a bit of experience programming. I want to use this tread to showcase the work i'm going to do, and to gather feedback from people (you boys and girls) far more experienced then me! So, my planning thus far is to set up an development/ possible final set up that can do MITM attacks and output this in an graphical way. I would like to use a raspberry PI 2B to be the graphical output device and host device for sharing the network with the wifi pineapple. The most reliable solution for that would be (i'm guessing) to share the internet from the raspberry to the pineapple trough a serial interface. What do you think of this set up? Would you share the internet in the same way or chose different hardware altogether? At the moment i'm testing wat i can get out of the pineapple in terms of data, i'm very interested in wat way i can best collect this data flowing trough the device. I've done some test with DNS spoofing what is working pretty decent. Also with Ettercap, TCPDump and SSLStrip. But i noticed that when i use Ettercap or SSLStrip the victim has a very slow connection, could this be because in my test set up i'm using the pineapple in client mode connected to another wifi? In the end i would like to intercept traffic that confronts the viewer, i don't want to show them there password but maybe scrambled pieces of written text like email, instant messaging usernames etc. I don't want to bluntly show all there data on a screen, and i also don't want to permanently store the data to do harm later on. Do you have tips on what are the best techniques to do this sort of data collecting and is it even possible to read the contents of a packet? I hope you could give me some feedback and direction! Many Thanks!
  14. Hi, I'm trying to set up my Mac to share the wifi connection to the Mark V. To do this i followed the guide on the wiki The difficulty starts from step 5: 5. Manually change the IP address used by the Mac's LAN interface with the command: ifconfig bridge100 172.16.42.42 netmask 255.255.255.0 up. Here i get the message that bridge100 is not existing: "ifconfig: interface bridge100 does not exist" 6. Now we need to change some DHCP options, because by default the DHCP server tells the clients to use gateway 172.16.42.1. We do this by altering file /etc/bootpd.plist. There are two mentions of 172.16.42.1 that we need to change into 172.16.42.42. We also need to adjust the pool range. Look for the <key>net_range</key> section. Alter the starting address to 172.16.42.43. In my booted.plist i can't find any mention of 172.16.42.1, this is what i can find in the file: <dict> <key>bootp_enabled</key> <false/> <key>detect_other_dhcp_server</key> <false/> <key>dhcp_enabled</key> <false/> <key>dhcp_ignore_client_identifier</key> <true/> <key>use_server_config_for_dhcp_options</key> <false/> </dict> 7. Find the PID of the bootpd process and give it a kill -HUP to reread its config file. have not gotten this far yet.. I can connect to the web GUI of the pineapple. I can even connect to the pineapple from an other device (phone) and acces the internet! But in the webGUI i can't look for upgrades and i can't acces the pineapple bar, there i get the message to check the internet connection. The pineapple has the firmware version 2.0.5 My Mac runs on OSX Yosemite, version 10.10.2 Any help would be much appreciated! many thanks, TheB
×
×
  • Create New...