Jump to content

SSLstrip + DNS spoofing + URLsnaff + DEauth


WallE
 Share

Recommended Posts

Alright so I have been employed to do a job pretty simple. My client want to know if he is safe surfing at home with his wifi. Obviously he is not and here how I want to show him:

First of all I want to run URLsnaff for few day, to set the attack. Listening all the best he is surfing and all.

Then after this is done I would like to make phishing page for the website he is using that use HSTS (The new protection against SSLstrip) (Sorry this thread will not be about phishing page, I don't have any question about it actually just want to tell my attack in detail)

The client is using WPA-PSK wireless, so I wanted to just Deauth his wifi, or jamm it. Then put everybody on my favorite fruit with karma.

Once everybody is on my pineapple, I would like to run SSLstrip + DNS spoof for the page that are HSTS protected and deauth/jamm the wpa wifi every once in a while.

So I was wondering if you think that was the best solution AND if you think the wifi pineapple can handle this? I heard that if you use it for too much action it will just power off.

Thanks you communtiy!

Link to comment
Share on other sites

Alright so I have been employed to do a job pretty simple. My client want to know if he is safe surfing at home with his wifi. Obviously he is not and here how I want to show him:

First of all I want to run URLsnaff for few day, to set the attack. Listening all the best he is surfing and all.

Then after this is done I would like to make phishing page for the website he is using that use HSTS (The new protection against SSLstrip) (Sorry this thread will not be about phishing page, I don't have any question about it actually just want to tell my attack in detail)

The client is using WPA-PSK wireless, so I wanted to just Deauth his wifi, or jamm it. Then put everybody on my favorite fruit with karma.

Once everybody is on my pineapple, I would like to run SSLstrip + DNS spoof for the page that are HSTS protected and deauth/jamm the wpa wifi every once in a while.

So I was wondering if you think that was the best solution AND if you think the wifi pineapple can handle this? I heard that if you use it for too much action it will just power off.

Thanks you communtiy!

I would do it like this :

Grab two pineapples, sadly because the pineapple probly wont handle all these jobs, so run Karma and Deauth on pineapple1 and the URLSnarf and DNSpoof on pineapple2. Tango mode perhaps: ) I'm not sure if you can do such thing though...

Goodluck,

-Foxtrot

Link to comment
Share on other sites

And what about the SSL strip? Do I have to use it at another moment than DNS spoofing enabled because they both redirect port 80?

By the way are you sure that I will have to purchase another pineapple ? Wouldn't like to buy another one for nothing!

Link to comment
Share on other sites

And what about the SSL strip? Do I have to use it at another moment than DNS spoofing enabled because they both redirect port 80?

By the way are you sure that I will have to purchase another pineapple ? Wouldn't like to buy another one for nothing!

Like I said, Im not advising you to buy another pineapple, im just wondering if it would work.

-Foxtrot

Link to comment
Share on other sites

  • 3 months later...

I would do it like this :

Grab two pineapples, sadly because the pineapple probly wont handle all these jobs, so run Karma and Deauth on pineapple1 and the URLSnarf and DNSpoof on pineapple2. Tango mode perhaps: ) I'm not sure if you can do such thing though...

Goodluck,

-Foxtrot

Foxtrot, unless he had a second wifi radio, would he be able to deauth while still allowing connections through karma? It would make sense that he ran say urlsnarf and deauth on pineapple 1 and karma and dnsspoof on pineapple 2. Heres a video by Darren Kitchen about tango mode.

http://hak5.org/videolog/wifi-pineapple-tango-mode-proof-of-concept-demo

funny i came accross this, i recently (5 days ago) ordered another pineapple to start playing around with tango mode.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...