Jump to content

Capturing Ssl Imap/pop/exchange Like In Karmetasploit


Recommended Posts

Hi Guys

Before i begun to play with this wonderfull device, i made a rogue AP wit my Laptop and KARMETASPLOIT.

The Jasager dues quite the same thing, in exception of one:

The KARMA can capture the SSL connection of the maillogins, and writes down everithing in a wonderfull database.

This capturing of the SSL data is what im missing on the jasager...

Somebody knows how to set up a fake ssl/imap/pop/hhtp server, or get metasploit to work on openwrt?

I googlet alot, but found only 2 refernces about this, and they talking about installing the very outdated msf 2.6,

in year 2006...

I get installed, but get errors when trying to start. I (tried to)installed all depencies manually...

Somebody an idea?

Mr.miYagi

Link to comment
Share on other sites

Room?

We have room on the USB storage.

Sslstrip is installed too, on the usb.

I installed msf on the usb, it starts, but stop because of some errors.

I think, its a thing of depencies, not of storage, or im wrong?

Edited by Mr.miYagi
Link to comment
Share on other sites

An my question is, if somebody here knows wich one..? Or where is the problem why isnt running.

I try to reinstall during the weekend, since the installation is broken, due the fw upgrade.

I know that the hw of the pineapple is a little bit slow, but the msf brings a lot of goodies with it, like dsn spoofing, real good creds capture, automated exploiting of targets and alot more...

And isn't that what we all here are trying? To bring a device to do, somethin that isn't desingned to? Or can u explain me why we are using a normal wireless router, with al hell of a FW to simulate a evil honeypot :)

Edited by Mr.miYagi
Link to comment
Share on other sites

metasploit requires >512MB of ram to work properly. the pineapple has 32. the only way to do it would be through swap- essentially (assuming you could get it on there and cross compiled etc) your pineapple would buckle under the load. my suggestion is to buy a RaPi and hook them up together.

Link to comment
Share on other sites

Setup a remote IMAP/POP3/SMTP server that harvests credentials server side (believe this is done via one of metasploit modules, if not depending on the server I don't think it'd take much to script it). Server could be running remotely or on a laptop that the pineapple is with.

Use a rogue DNS server to forward all requests from mx.google.com or imap.google.com or smtp.gmail.com or whatever to the IP of your remote mail server. Setup a SSL server to go along with it for further believability.

Viola : )

Link to comment
Share on other sites

Hmm i liked to use msf, but seems to much for our pineapple...

The Raspberry's specs arent much better, slow cpu, not much Ram, and isn't avaiable now...

So only the server thing, is avaiable. Never done that, and to get it work like the msf, it will be a very hard work :)

Maybe someone can script some fake imap/pop/http server? So we can get the ssl connections....?!

Edited by Mr.miYagi
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...