Jump to content

Search the Community

Showing results for tags 'MITM'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. Hello Wonderful People, So I'm hitting a snag with an attack I'm trying to carry out and could really use anyone's help trying to troubleshoot this. I've got the theory down and get half way but can't seem to jump the last hurdle. So here's the jist, I'm trying to MitM devices connecting to my TETRA using Burp Suite to capture any HTTP or HTTPS traffic so that I can observe/modify (you know the drill) the HTTP/S traffic. Thing is, I can capture the traffic and MitM successfully with the TETRA (I am able to see all traffic passing through my attack machine within Wireshark). However, I can't
  2. Hey everyone, I am wondering if you guys have any specific steps you take once you are the MITM? What kind of things are you trying to do with the packets? Push java applets to clients? Use Karmetaspolit? Since SSLStrip is no longer working, what types of things are you doing to gaurentee the most data out of your "victims". I am particularly intrested in emails, social media, etc... Assuming its been approved by the client I am auditing. I really want to show some examples of what can go wrong for a client site when a MITM attack is successfully executed using the pineapple, any ideas?
  3. Can we bypassing HSTS by using this MITM technique? The attack works on latest versions of iOS including iOS 8.1.1 and On most Android devices. Source: https://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/
  4. Here's something I've been thinking about for a long time: you know when you go into a bar, ask for the wifi password and notice that the router has the default user and pass set? How easy if at all possible would it be to somehow sniff that traffic from somewhere else? Maybe it's even possible to automate things like capturing certain types of packages, cookies or even capture some credentials? Maybe I'm way off, I'm a complete rookie in this field. In that case I'd be very grateful if somebody explained why it can't be done! Thanks in advance!
  5. Hi, I am a complete noob to everything ever so just please bear with me. I want to buy myself a basic laptop which will allow me to begin learning to hack - I have a strong knowledge of computers and want to learn Internet security and pentesting properly. I have a £450-£500 budget and I maybe can push it if needed. I want to be running Kali Linux on it and I will be partitioning a drive to get to that. I was hoping for a 15.6" screen, i5, 8gb RAM and a 1TB HDD with as much battery life as possible. I have seen normal laptops with this for £400 so I think I can get this. My real question is
  6. hiii i have make some fake pages for known pages like Facebook etc i have also install dnsmasq in Kali and setup Apache server and every thing is okay now when the victim visit Facebook in chrome for example it will told him that this is unsecured cuz of https is there any way or tools in Kali to avoid that or any other thing would be greet thanks :)
  7. I remember an older episode of Hak5 when Darren was showing some fun with a MITM. He actually had an application that was reconstructing the packets as they flowed through his laptop and reconstructed the webpage that the user was surfing.Anyone remember that episode? And for icing on the cake he did some text manipulation (like flipping the text upside down, or changing certain words. etc) so the user was seeing a 'modified' version of the web page.
  8. A while back Em3rgency from Top-Hat-Sec created a script that worked in BackTrack. I recently modified it to work in Kali. Check it out for your Fake AP pleasure. Check out my blog for the script at http://goo.gl/UFYMg3 http://wp.me/p479Vp-1p instead. Let me know if you run into any problems running it.
  9. Hi All! I'm currently busy with a project in witch i want to use man in the middle attacks to show the vulnerabilities of networking and explicitly phones who automatically connect to a known wifi network. I'm doing this for a school graduation project at an art school in the Netherlands, so i'm not an expert at hacking but i have a bit of experience programming. I want to use this tread to showcase the work i'm going to do, and to gather feedback from people (you boys and girls) far more experienced then me! So, my planning thus far is to set up an development/ possible final set up that ca
  10. I'm trying to get Burpsuite integrated with PineAP on a PineappleV... is it possible? Here is my setup: - Wireless router at (192.168.1.1) for connection to the internet - PineappleV running PineAP (172.16.24.1/eth0 + 192.168.1.108/wlan1) - From the same wifi router, I have a Kali Linux machine at (192.168.1.132) listening on port 8080/tcp running Burpsuite My goal is to accept wifi clients connected from PineAP and route any web requests (HTTP/HTTPS) to 192.168.1.32:8080 (Burpsuite). Anyone know how to do this? Can I just create an iptables pre-routing rule to forward to this IP/port?
  11. PentesterAcademy are running a free series of videos for building your own wifi hacking gadget - the Widy! http://www.pentesteracademy.com/course?id=15 If you want to understand the basics of building a device and understanding how it works, this could be one for you.
  12. Hi I was always able to do a mitm attack targetting a specific IP and using sslstrip, ettercap, arpspoof, ... But today I tried (for the first time) to do the whole network at once and it was like sslstrip wasn't doing anything. No errors whatsoever and yet all I could see was the usual "sslstrip 0.9 by Moxie Marlinspike" and then nothing. When I target one computer I usually do something like: echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 sslstrip -a -k -f arpspoof -i wlan0 -t <targetIP> -r <gat
  13. So have Darren and Seb made a Pineapple with Karma for cell phone interceptions? http://venturebeat.com/2014/09/02/who-is-putting-up-interceptor-cell-towers-the-mystery-deepens/
  14. Hi guys ! I wanted to share my current module project for the pineapple: a "man-in-the-middle" module :) Features: - based on mitmdump and extendable through python scripts - log history - helpers to install javascript - editor to edit scripts Scripts Sample: - Simple_Alert.py -> Will trigger an alert to the user. - BeEF.py -> This would actually replace the BeEF Helper module ^_^ - Upsidedown.py -> Will reverse all web page, nice for April fool day - Snow_storm.py -> Will insert snow on all web page.
  15. Hello , i am currently working on MITM attacks and i am trying to redirect websites to my computer through dnsspoof and the problem is that ,although it is picking up traffic and i can see it registers all sites the victim is visiting , it is still letting the victim connect to the website instead of redirecting it to me. Here is a my procedure: -firstly i created a mon0 interface form wlan0 wireless card -i started up my access point [ airbase-ng --essid mitm -c 11 mon0 ] -then i created a bridge between at0 and eth0 : brctl addbr mitm-bridge brctl addif mitm-bridge eth0 brctl addif
  16. I'm trying to set up a VPN tunnel for all traffic connected to the Pineapple in client mode, with the tunnel endpoint being my Ubuntu VPS out in the cloud. The goal here is to provide internet access to all clients connected to the Pineapple, while enabling more powerful MitM attacks like Metasploit using my VPS. I've installed OpenVPN on both my server and Pineapple and set up their respective keys, but I am at a loss now as to the proper configuration. Tun? Tap? Br0? lo? Should I be using tap0 or tun0 for each side of the tunnel? (And how does it hook into the pineapple's traffic?) Could s
  17. First I would like to say thank you-to HAK5, the modirator and Chris H for doing a heck of a job to get this project running!! You folks Rock! I have read all the info on the forum and have a few questions about the MITM using SSLSTRIP and/or creating a honeypot. For use in a educational way or for my own personal use I watch Chris's vid on SSLSTRIP. Now Question is, if I am using my home WIFI router as the way for other to connect through, I went to the network tab, and my router requires a password, I noted chris just had a open WIFI, no password required. Do I need to take my password
  18. I came across this article and thought it was pretty cool. reminds me of a more complex pineapple.http://fsosecurity.com/SPAN_MITM.pdf (I understand some might be leery about it being a PDF. its clean. don't worry)
  19. Hello, I recently acquired the Mark IV and it's a nice little box, but as one might expect not super power. Running items like sslstrip, mitm etc at the same time forces a watchdog reboot. However I don't actually need that on the Pineapple. My idea for the travel kit: - Could be used for full MiTM attacks - Could be used for WPA2-Enterprise credential capture Solution idea: connect a 3G modem (Huawei E220) in my case Configure a script to choose between WAN or 3G for connectivity (via cron, check 3g and wan. Choose wan over 3g, establish default route) Start openvpn to home network for:
  20. Guys, Here's a quick script for changing your mac address. Simply run the script and enter the network card you would like to change. You will see your new mac address as well as your original mac. Enjoy! ~skysploit #!/bin/sh # This script will change your MAC address" # Usage: ./mac-me.sh # Script by skysploit clear echo "What interface would you like to change. Example; eth0" echo "" read ADAPTER; clear echo "Entering stealth mode " echo "" ifconfig $ADAPTER down macchanger -r $ADAPTER ifconfig $ADAPTER up echo "" echo "Your MAC Adrress has been changed, it will reset upon reboot"; ec
  21. The Interceptor has long been kind of a dead project. It makes sense too. The fon+, the hardware Robin Wood originally wrote his interceptor code for is way past EOL, hard to find, and under-featured given the current landscape of embedded/SOC offerings. By borrowing some of irongeek's raspberry pi recipes, and adding in some pi-point, I was able to get very similar functionality out of my raspberry pi. Heres how. Hardware: Raspberry Pi Model B 32GB SD Card Belkin 4 port powered USB hub Alfa wifi card (NHA, from the hakshop) USB Ethernet adapter (also from the hakshop) OS: Latest im
  22. Hey-row Hak5... I was browsing new movie releases from Vudu.com. I click on my browser, proceed to type "vudu.com" and the DUH DUH DUH of Kaspersky told me that the site attempted to download a trojan. Great... so I called vudu, cancelled my account, and decided to see what the hell was going on. I ran a check against the script... and... well... scan the site with an audit tool (i like w3af) and tell me what you find. Can I post my results? Ehhh.... not sure if that is breaking TOS... once I get permission from one o the admins... I will post my results... until then... can someone
×
×
  • Create New...