Jump to content

Rouge AP with karma functionality

PwnStar

By PwnStar
in Security

 Share

Recommended Posts

PwnStar Newbie

PwnStar

Posted
Posted

Normally hang out with the BT group aka “onryo” there. First post here. Hopefully not my last.

I have a rouge AP with karma functionality that launches ettercap for packet capture and traffic manipulation. Most of the scripting is by DarkOperator aka BadKarma. Using a Alfa 500mW AWUS036H with a 21dBm yagi. OS is BT4 with mac80211 patched drivers.

OK my problem. Looking in wireshark I am seeing that packets flowing though the tap at0 seem to swell over 1500 on MTU = bad. This seemed to be causing fragmentation and ICPM are/were leaking out. Yup you guessed it, servers drop the packets. KK fixed using iwconfig to set the MTU down to 1400 on wlan0 and the at0 tap and now using eth0 (cable for transparency and not a second wifi card). Dropped Moxie’s SSLstrip.

The rouge AP looks more or less good in WS. Airbase-ng is doing what it should in P mode…lies to beacons about its essid. Anybody have a clue why EVERY rouge out there is so damn slow? Hitting remote_browser pages are fast but not passed quickly to eth0. This leads me to believe something is "bad" from the tap to et0. Has anybody ever got one working that is working smoothly?

onryo

Link to comment
Share on other sites
  • 3 weeks later...
miT Newbie

miT

Posted
Posted
Normally hang out with the BT group aka “onryo” there. First post here. Hopefully not my last.

I have a rouge AP with karma functionality that launches ettercap for packet capture and traffic manipulation. Most of the scripting is by DarkOperator aka BadKarma. Using a Alfa 500mW AWUS036H with a 21dBm yagi. OS is BT4 with mac80211 patched drivers.

OK my problem. Looking in wireshark I am seeing that packets flowing though the tap at0 seem to swell over 1500 on MTU = bad. This seemed to be causing fragmentation and ICPM are/were leaking out. Yup you guessed it, servers drop the packets. KK fixed using iwconfig to set the MTU down to 1400 on wlan0 and the at0 tap and now using eth0 (cable for transparency and not a second wifi card). Dropped Moxie’s SSLstrip.

The rouge AP looks more or less good in WS. Airbase-ng is doing what it should in P mode…lies to beacons about its essid. Anybody have a clue why EVERY rouge out there is so damn slow? Hitting remote_browser pages are fast but not passed quickly to eth0. This leads me to believe something is "bad" from the tap to et0. Has anybody ever got one working that is working smoothly?

onryo

I'm in the midst of starting up a rouge setup and a sluggish performance on the victims end did cross my mind.

Would love to see some input on this topic!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...