Jump to content

Pineapple ICS Stops after Ettercap


Recommended Posts

I'm having a problem with my tablet and laptop losing internet connection through the pineapple after running ettercap for the first time. The first time ettercap runs, it works great, but the 2nd, 3rd, 4th, etc times, it creates a problem. Here is what my setup looks like:

Tablet and Laptop -> Pineapple -> Home Access Point -> Internet

I boot the pineapple up that is directly connected to a reliable AC outlet and connect to it from my laptop wireless network card. I then configure the pineapple through the web interface to connect to my WPA2 home network. I'm able to browse the internet from both the tablet and laptop. I can generate some heavy traffic through my laptop and tablet (downloaded a 708MB file) so I don't think its a resource issue in the pineapple itself. Keep in mind all this is working great JUST AFTER a ettercap session and then a reboot so we are resource clean.

As soon as I run "ettercap -T -i wlan0" from a remote ssh session, the tablet and laptop have no internet access. I'm not able to ping google from the tablet nor the laptop. I can however ping google from the pineapple's remote ssh session. Something is happening at the lan side of the pineapple. Not sure how to pinpoint this.

Link to comment
Share on other sites

I figure it was a ip forwarding issue so I stop the ettercap process and run "echo 1 > /proc/sys/net/ipv4/ip_forward." Now I'm able to browse the internet . If I start ettercap backup, not able to access the internet. Do you think the etter.conf file is doing something?

Edited by 1337
Link to comment
Share on other sites

What's the difference? I'm not using the eth0 port, just wlan0. The laptop is connected to the pineapple via wifi and the tablet is connected to the pineapple via wifi. Now.....if I issue the echo 1 > /proc/sys/net/ipv4/ip_forward command after i kill the ettercap process, i'm able to get to the internet just fine. I think ettercap is disabling that forward.

Link to comment
Share on other sites

I had a problem similar to this on my laptop when i first discovered ettercap and sslstrip. The solution that worked for me was to actually run the ettercap command first, then echo 1 > /proc/sys/net/ipv4/ip_forward in another terminal. Its like i would run the echo 1 > /blah/blah/blah first, then run ettercap right after and my clients would have no internet. And when i cat /proc/sys/net/ipv4/ip_forward it was back to "0".

Hope this helps!

Edited by boob00
Link to comment
Share on other sites

That helps; however I'm just wondering if I need to change the etter.conf file or something. Ultimately what I'm wanting to do is configure the pineapple dip switches to:

1. Spoof the mac addresses of each network card

2. Change the hostname of the pineapple

3. Have the pineapple change its SSID to XYZWIFI

4. Have the pineapple connect to the real XYZWIFI access point

5. Run iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

6. Run ettercap -T -q -l 8080 -i wlan0

7. Run echo 1 > /proc/sys/net/ipv4/ip_forward

8. Run sslstrip -k -l 8080

If I were to have the dipswitch run ettercap, would it bring up another linux shell and finish steps 7 and 8?

Link to comment
Share on other sites

Try putting an & sign after ettercap, I may not be the best when it comes to programming but i know in bash the & will run what ever its with in the background.

Link to comment
Share on other sites

Here is why ip forwarding gets disabled, so adding -u should solve your problem:

-u, --unoffensive Every time ettercap starts, it disables ip forwarding in the kernel and begins to forward packets itself. This option prevent to do that, so the responsibility of ip forwarding is left to the kernel.
This options is useful if you want to run multiple ettercap instances. You will have one instance (the one without the -u option) forwarding the packets, and all the other instances doing their work without forwarding them. Otherwise you will get packet duplicates.
It also disables the internal creation of the sessions for each connection. It increases performances, but you will not be able to modify packets on the fly.
If you want to use a mitm attack you have to use a separate instance.
You have to use this option if the interface is unconfigured (without an ip address.)
This is also useful if you want to run ettercap on the gateway. It will not disable the forwarding and the gateway will correctly route the packets. Edited by Dazzle
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...