Jump to content

Arpspoofing Problems


Jamo

Recommended Posts

Hi.

Im trying to arpspoof and dnsspoof.

 
echo 1 > /proc/sys/net/ipv4/ip_forward 
aprspoof -i wlan0 -t 192.168.1.10 192.168.1.1
arpspoof -i wlan0 -t 192.168.1.1 192.168.1.10

Now this disables internet connection from target machine. Why? Its supposed to route all traffic through my computer.

If i run

 dnsspood -i wlan0 

it shows me all dns requests, but still no connection on target machine.

Actyally why Im doing this it that I want to direct all sites, that 'victim' tries to go to my server, (or to google.com)

I have set hosts file for dnsspoof

google.com     *.*

It should redirect everything to google.com correct?

and

dnsspoof -i wlan0 -f /path/to/host/file 

However this doesnt work with my BT4 "R2" and ubuntu 10.10 (victim). I have no other computers to try.

Link to comment
Share on other sites

arpspoof -i <interface> -t <targetIP> <gatewayIP>

Not sure if you need to do it a second time.

You could also run ettercap do do your arp spoofing.

I think your first arp spoof should tell the client to use you as the gateway, then if you have forwarding on it should forward it's traffic to the real gateway. Not really sure on the return path of that though.

This is the instructions for running sslstrip which only do the arpspoof once.

Running sslstrip

Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)

Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>)

Run sslstrip. (sslstrip.py -l <listenPort>)

Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)

Edited by Mr-Protocol
Link to comment
Share on other sites

I think the reason the second one doesn't work, and if you are doing this twice, is because the gateway was set as the target.

Not 100% sure, but I think arpspoof needs them in the correct order, so it knows to forward requests from the victim to the router while it monitors the traffic. Especially if your machine is doing the arpspoof, it might look at the victim to send internet requests through and then fail since its not actually a gateway/router.

Cain on the windows side of arp poisoning doesn't care what order you set first but I think arpspoof might require them in the correct order.

The other thing is, the router be blocking your traffic and dropping everything and not allow the arp spoof to take place if its on a wired connection. Things like this commonly fail over wired connections or just downright hose the network, but not so much over wifi. Wireless MITM attacks usually have no problems other than if they use static arp entries, which can be done eother manually or through software such as firewalls or 3rd party tools.

Link to comment
Share on other sites

I also tried to run arpspoof only once. It didnt help.

Im using static IPs on my home wlan. Might the be the reason, why I cant arpspoof?

My router is running dd-wrt.

Static IP shouldn't have anything to do with it since the arp spoof basically tells everyone what MAC address goes with what IP address, attacking layer 2. I use static IP's at home and have always been able to MITM my wifes machine, but it does tend to hose things up a bit on wired devices after a while.

I suspect your router might be blocking it or your setup is not configured properly in some manner.

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...