airman_dopey Posted January 14, 2013 Posted January 14, 2013 (edited) Hey guys, So Shadowblade72 and I have been working on push-button scripts to be used on a computer/rPi to offload a lot of the work the pineapple normally does. We are also working on expanding said tools to attack wired/wireless networks among other things. We fully plan on finalizing these tools and releasing them here on the Hak5 forums for everyone to use when we are done. One of the problems we are having ATM is attempting to modify/sniff traffic using Ettercap between eth0 (connected to the pineapple) and wlan0 (connected to the AP). Does anyone know of a way of doing this? We have researched and attempted bridged mode in Ettercap and creating a new interface with the bridge mode already enabled to sniff that. Both will not work. As far as Ettercap goes we are successfully Arp Poisoning and applying filters, we have modified etter.conf accordingly, but still cannot find out how to do the bridged mode properly. For the bridged interface, apparently you cannot connect a wired to a wireless. So bubcus there. If anyone can simply point us in the right direction it would be greatly appreciated. Not looking to be spoonfed as we are trying to learn as we go. Edited January 14, 2013 by airman_dopey Quote
ShadowBlade72 Posted January 14, 2013 Posted January 14, 2013 (edited) To clarify our setup: Pineapple eth0<->eth0 PwnPi wlan0<->AP So we don't need to do any ARP spoofing (I wouldn't think we would....) since the traffic is already being passed through the Pi. At this point we just need to pull that information off the wire and modify it in real time. /proc/sys/net/ipv4/ip_forward = 1 Running bridged mode in ettercap stops the traffic as it disabled ip forwarding. In fact, running any ettercap stops ip forwarding. Using the -u to keep it from disabling ip_forwarding makes us unable to run filters against the traffic, which defeats the purpose. Edited January 14, 2013 by ShadowBlade72 Quote
digininja Posted January 14, 2013 Posted January 14, 2013 I don't know about using ettercap, as I agree, you don't need it as you are already in the middle, but you can use either iptables or, hopefully, ebtables, to intercept all the traffic and send it through your own app. If you have eth0 and wlan0 bridged in your setup then ebtables is required as the bridge traffic doesn't get high enough up the network stack for iptables to kick in. If you are routing then iptables will be able to do the job. Check out sslstrip for an example iptables rule, and if I finally manage to get ebtables working I'll be posting about it somewhere soon so watch out for that. Quote
ShadowBlade72 Posted January 14, 2013 Posted January 14, 2013 I don't know about using ettercap, as I agree, you don't need it as you are already in the middle, but you can use either iptables or, hopefully, ebtables, to intercept all the traffic and send it through your own app.If you have eth0 and wlan0 bridged in your setup then ebtables is required as the bridge traffic doesn't get high enough up the network stack for iptables to kick in. If you are routing then iptables will be able to do the job. Check out sslstrip for an example iptables rule, and if I finally manage to get ebtables working I'll be posting about it somewhere soon so watch out for that. The reason we want to use ettercap is for its ability to do on the fly packet manipulation. Are you aware of any other solutions which let you create filters and do real time manipulation? Quote
Sebkinne Posted January 14, 2013 Posted January 14, 2013 The reason we want to use ettercap is for its ability to do on the fly packet manipulation. Are you aware of any other solutions which let you create filters and do real time manipulation? You could use a ruby proxy (Maybe the one Digininja is working on, once it is modular) to handle packets in real time. That is probably better than ettercap in terms of the Pineapple. Quote
ShadowBlade72 Posted January 14, 2013 Posted January 14, 2013 I'll have to look into the ruby proxy. I'm not running these programs off the pineapple itself. I'm using the pineapple as the honeypot then forwarding them on to my pi for mitm attacks. Thanks for the push in the right direction! Quote
digininja Posted January 14, 2013 Posted January 14, 2013 what protocols are you wanting to manipulate? Quote
airman_dopey Posted January 14, 2013 Author Posted January 14, 2013 HTTP at first. We can move on from there. Quote
Whistle Master Posted January 15, 2013 Posted January 15, 2013 You could use a ruby proxy (Maybe the one Digininja is working on, once it is modular) to handle packets in real time. That is probably better than ettercap in terms of the Pineapple. But for that, we would need ebtables on our pineapple ;) Quote
Sebkinne Posted January 15, 2013 Posted January 15, 2013 But for that, we would need ebtables on our pineapple ;) Oh, but we do now ;) Quote
airman_dopey Posted January 15, 2013 Author Posted January 15, 2013 Looking forward to seeing the work you guys are doing. I cannot speak for shadowblade, but I am putting that portion of our project on hold until I see how you guys did it. Also, the tools we're working on are cli versions of what is already on the pineapple. Under the applications and coding section it states that script kiddie code will be removed. Would this type of stuff qualify? What exactly is "script kiddie code"? Quote
Sebkinne Posted January 15, 2013 Posted January 15, 2013 Looking forward to seeing the work you guys are doing. I cannot speak for shadowblade, but I am putting that portion of our project on hold until I see how you guys did it.Also, the tools we're working on are cli versions of what is already on the pineapple. Under the applications and coding section it states that script kiddie code will be removed. Would this type of stuff qualify? What exactly is "script kiddie code"? Before you go and do all that work, the Pineapple MK4 v3.0 will have most things accessible through a CLI anyway. That is because of how the new UI will be built. It will supply an API for other tools / people to hook into. Now, there is NO ETA on the release of 3.0 but I figured it should be mentioned. I don't think this is what I would call script kiddie code, so don't worry about it. Quote
ShadowBlade72 Posted January 15, 2013 Posted January 15, 2013 I'm with you Dopey. I'll put the packet injection on hold for now. As far as the tools were writing, they're not specific to the Pineapple. Our goal is to have them be able to be used in conjunction with the pineapple to be more effective. The pineapple is an amazing platform for capturing clients, but it's a bit slow once you start trying to run all of your attacks from it. Our goal is to offload those attacks to an external source, in my case the Pi. At least that's what I perceive our goal is. Correct me if I'm wrong Dopey :). I'll have to read up on Ebtables. By the way, have you guys ever heard of or used netsed? Quote
digininja Posted January 15, 2013 Posted January 15, 2013 tried with ebtables but am missing a dependency so put on hold till Seb builds that for me. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.