1337 Posted November 5, 2013 Posted November 5, 2013 I'm having a problem with my tablet and laptop losing internet connection through the pineapple after running ettercap for the first time. The first time ettercap runs, it works great, but the 2nd, 3rd, 4th, etc times, it creates a problem. Here is what my setup looks like: Tablet and Laptop -> Pineapple -> Home Access Point -> Internet I boot the pineapple up that is directly connected to a reliable AC outlet and connect to it from my laptop wireless network card. I then configure the pineapple through the web interface to connect to my WPA2 home network. I'm able to browse the internet from both the tablet and laptop. I can generate some heavy traffic through my laptop and tablet (downloaded a 708MB file) so I don't think its a resource issue in the pineapple itself. Keep in mind all this is working great JUST AFTER a ettercap session and then a reboot so we are resource clean. As soon as I run "ettercap -T -i wlan0" from a remote ssh session, the tablet and laptop have no internet access. I'm not able to ping google from the tablet nor the laptop. I can however ping google from the pineapple's remote ssh session. Something is happening at the lan side of the pineapple. Not sure how to pinpoint this. Quote
1337 Posted November 5, 2013 Author Posted November 5, 2013 (edited) I figure it was a ip forwarding issue so I stop the ettercap process and run "echo 1 > /proc/sys/net/ipv4/ip_forward." Now I'm able to browse the internet . If I start ettercap backup, not able to access the internet. Do you think the etter.conf file is doing something? Edited November 6, 2013 by 1337 Quote
thesugarat Posted November 5, 2013 Posted November 5, 2013 Why are you using ettercap on wlan0 instead of br-lan? Quote
1337 Posted November 5, 2013 Author Posted November 5, 2013 What's the difference? I'm not using the eth0 port, just wlan0. The laptop is connected to the pineapple via wifi and the tablet is connected to the pineapple via wifi. Now.....if I issue the echo 1 > /proc/sys/net/ipv4/ip_forward command after i kill the ettercap process, i'm able to get to the internet just fine. I think ettercap is disabling that forward. Quote
boob00 Posted November 6, 2013 Posted November 6, 2013 (edited) I had a problem similar to this on my laptop when i first discovered ettercap and sslstrip. The solution that worked for me was to actually run the ettercap command first, then echo 1 > /proc/sys/net/ipv4/ip_forward in another terminal. Its like i would run the echo 1 > /blah/blah/blah first, then run ettercap right after and my clients would have no internet. And when i cat /proc/sys/net/ipv4/ip_forward it was back to "0". Hope this helps! Edited November 6, 2013 by boob00 Quote
1337 Posted November 6, 2013 Author Posted November 6, 2013 That helps; however I'm just wondering if I need to change the etter.conf file or something. Ultimately what I'm wanting to do is configure the pineapple dip switches to: 1. Spoof the mac addresses of each network card 2. Change the hostname of the pineapple 3. Have the pineapple change its SSID to XYZWIFI 4. Have the pineapple connect to the real XYZWIFI access point 5. Run iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 6. Run ettercap -T -q -l 8080 -i wlan0 7. Run echo 1 > /proc/sys/net/ipv4/ip_forward 8. Run sslstrip -k -l 8080 If I were to have the dipswitch run ettercap, would it bring up another linux shell and finish steps 7 and 8? Quote
boob00 Posted November 6, 2013 Posted November 6, 2013 Try putting an & sign after ettercap, I may not be the best when it comes to programming but i know in bash the & will run what ever its with in the background. Quote
Dazzle Posted November 6, 2013 Posted November 6, 2013 (edited) Here is why ip forwarding gets disabled, so adding -u should solve your problem: -u, --unoffensive Every time ettercap starts, it disables ip forwarding in the kernel and begins to forward packets itself. This option prevent to do that, so the responsibility of ip forwarding is left to the kernel. This options is useful if you want to run multiple ettercap instances. You will have one instance (the one without the -u option) forwarding the packets, and all the other instances doing their work without forwarding them. Otherwise you will get packet duplicates. It also disables the internal creation of the sessions for each connection. It increases performances, but you will not be able to modify packets on the fly. If you want to use a mitm attack you have to use a separate instance. You have to use this option if the interface is unconfigured (without an ip address.) This is also useful if you want to run ettercap on the gateway. It will not disable the forwarding and the gateway will correctly route the packets. Edited November 6, 2013 by Dazzle Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.