Jump to content

Recommended Posts

Posted (edited)

Hey guys,

So Shadowblade72 and I have been working on push-button scripts to be used on a computer/rPi to offload a lot of the work the pineapple normally does. We are also working on expanding said tools to attack wired/wireless networks among other things. We fully plan on finalizing these tools and releasing them here on the Hak5 forums for everyone to use when we are done.

One of the problems we are having ATM is attempting to modify/sniff traffic using Ettercap between eth0 (connected to the pineapple) and wlan0 (connected to the AP). Does anyone know of a way of doing this? We have researched and attempted bridged mode in Ettercap and creating a new interface with the bridge mode already enabled to sniff that. Both will not work.

As far as Ettercap goes we are successfully Arp Poisoning and applying filters, we have modified etter.conf accordingly, but still cannot find out how to do the bridged mode properly. For the bridged interface, apparently you cannot connect a wired to a wireless. So bubcus there.

If anyone can simply point us in the right direction it would be greatly appreciated. Not looking to be spoonfed as we are trying to learn as we go.

Edited by airman_dopey
Posted (edited)

To clarify our setup:

Pineapple eth0<->eth0 PwnPi wlan0<->AP

So we don't need to do any ARP spoofing (I wouldn't think we would....) since the traffic is already being passed through the Pi. At this point we just need to pull that information off the wire and modify it in real time.

/proc/sys/net/ipv4/ip_forward = 1

Running bridged mode in ettercap stops the traffic as it disabled ip forwarding. In fact, running any ettercap stops ip forwarding. Using the -u to keep it from disabling ip_forwarding makes us unable to run filters against the traffic, which defeats the purpose.

Edited by ShadowBlade72
Posted

I don't know about using ettercap, as I agree, you don't need it as you are already in the middle, but you can use either iptables or, hopefully, ebtables, to intercept all the traffic and send it through your own app.

If you have eth0 and wlan0 bridged in your setup then ebtables is required as the bridge traffic doesn't get high enough up the network stack for iptables to kick in. If you are routing then iptables will be able to do the job.

Check out sslstrip for an example iptables rule, and if I finally manage to get ebtables working I'll be posting about it somewhere soon so watch out for that.

Posted
I don't know about using ettercap, as I agree, you don't need it as you are already in the middle, but you can use either iptables or, hopefully, ebtables, to intercept all the traffic and send it through your own app.

If you have eth0 and wlan0 bridged in your setup then ebtables is required as the bridge traffic doesn't get high enough up the network stack for iptables to kick in. If you are routing then iptables will be able to do the job.

Check out sslstrip for an example iptables rule, and if I finally manage to get ebtables working I'll be posting about it somewhere soon so watch out for that.

The reason we want to use ettercap is for its ability to do on the fly packet manipulation. Are you aware of any other solutions which let you create filters and do real time manipulation?

Posted
The reason we want to use ettercap is for its ability to do on the fly packet manipulation. Are you aware of any other solutions which let you create filters and do real time manipulation?

You could use a ruby proxy (Maybe the one Digininja is working on, once it is modular) to handle packets in real time. That is probably better than ettercap in terms of the Pineapple.

Posted

I'll have to look into the ruby proxy. I'm not running these programs off the pineapple itself. I'm using the pineapple as the honeypot then forwarding them on to my pi for mitm attacks.

Thanks for the push in the right direction!

Posted
You could use a ruby proxy (Maybe the one Digininja is working on, once it is modular) to handle packets in real time. That is probably better than ettercap in terms of the Pineapple.

But for that, we would need ebtables on our pineapple ;)

Posted

Looking forward to seeing the work you guys are doing. I cannot speak for shadowblade, but I am putting that portion of our project on hold until I see how you guys did it.

Also, the tools we're working on are cli versions of what is already on the pineapple. Under the applications and coding section it states that script kiddie code will be removed. Would this type of stuff qualify? What exactly is "script kiddie code"?

Posted
Looking forward to seeing the work you guys are doing. I cannot speak for shadowblade, but I am putting that portion of our project on hold until I see how you guys did it.

Also, the tools we're working on are cli versions of what is already on the pineapple. Under the applications and coding section it states that script kiddie code will be removed. Would this type of stuff qualify? What exactly is "script kiddie code"?

Before you go and do all that work, the Pineapple MK4 v3.0 will have most things accessible through a CLI anyway. That is because of how the new UI will be built. It will supply an API for other tools / people to hook into. Now, there is NO ETA on the release of 3.0 but I figured it should be mentioned.

I don't think this is what I would call script kiddie code, so don't worry about it.

Posted

I'm with you Dopey. I'll put the packet injection on hold for now.

As far as the tools were writing, they're not specific to the Pineapple. Our goal is to have them be able to be used in conjunction with the pineapple to be more effective.

The pineapple is an amazing platform for capturing clients, but it's a bit slow once you start trying to run all of your attacks from it. Our goal is to offload those attacks to an external source, in my case the Pi.

At least that's what I perceive our goal is. Correct me if I'm wrong Dopey :).

I'll have to read up on Ebtables. By the way, have you guys ever heard of or used netsed?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...