Jamo Posted February 5, 2011 Share Posted February 5, 2011 Hi. Im trying to arpspoof and dnsspoof. echo 1 > /proc/sys/net/ipv4/ip_forward aprspoof -i wlan0 -t 192.168.1.10 192.168.1.1 arpspoof -i wlan0 -t 192.168.1.1 192.168.1.10 Now this disables internet connection from target machine. Why? Its supposed to route all traffic through my computer. If i run dnsspood -i wlan0 it shows me all dns requests, but still no connection on target machine. Actyally why Im doing this it that I want to direct all sites, that 'victim' tries to go to my server, (or to google.com) I have set hosts file for dnsspoof google.com *.* It should redirect everything to google.com correct? and dnsspoof -i wlan0 -f /path/to/host/file However this doesnt work with my BT4 "R2" and ubuntu 10.10 (victim). I have no other computers to try. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 5, 2011 Share Posted February 5, 2011 (edited) arpspoof -i <interface> -t <targetIP> <gatewayIP> Not sure if you need to do it a second time. You could also run ettercap do do your arp spoofing. I think your first arp spoof should tell the client to use you as the gateway, then if you have forwarding on it should forward it's traffic to the real gateway. Not really sure on the return path of that though. This is the instructions for running sslstrip which only do the arpspoof once. Running sslstripFlip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward) Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>) Run sslstrip. (sslstrip.py -l <listenPort>) Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>) Edited February 5, 2011 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
digip Posted February 6, 2011 Share Posted February 6, 2011 I think the reason the second one doesn't work, and if you are doing this twice, is because the gateway was set as the target. Not 100% sure, but I think arpspoof needs them in the correct order, so it knows to forward requests from the victim to the router while it monitors the traffic. Especially if your machine is doing the arpspoof, it might look at the victim to send internet requests through and then fail since its not actually a gateway/router. Cain on the windows side of arp poisoning doesn't care what order you set first but I think arpspoof might require them in the correct order. The other thing is, the router be blocking your traffic and dropping everything and not allow the arp spoof to take place if its on a wired connection. Things like this commonly fail over wired connections or just downright hose the network, but not so much over wifi. Wireless MITM attacks usually have no problems other than if they use static arp entries, which can be done eother manually or through software such as firewalls or 3rd party tools. Quote Link to comment Share on other sites More sharing options...
Jamo Posted February 6, 2011 Author Share Posted February 6, 2011 I also tried to run arpspoof only once. It didnt help. Im using static IPs on my home wlan. Might the be the reason, why I cant arpspoof? My router is running dd-wrt. Quote Link to comment Share on other sites More sharing options...
digip Posted February 6, 2011 Share Posted February 6, 2011 (edited) I also tried to run arpspoof only once. It didnt help. Im using static IPs on my home wlan. Might the be the reason, why I cant arpspoof? My router is running dd-wrt. Static IP shouldn't have anything to do with it since the arp spoof basically tells everyone what MAC address goes with what IP address, attacking layer 2. I use static IP's at home and have always been able to MITM my wifes machine, but it does tend to hose things up a bit on wired devices after a while. I suspect your router might be blocking it or your setup is not configured properly in some manner. Edited February 6, 2011 by digip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.