Catware Posted November 21, 2013 Share Posted November 21, 2013 (edited) Hello everyone, I'm having a problem with how to use ettercap on the pineapple. I have my pineapple connecting to my router with wlan1, I then use: ettercap -i wlan1 -M arp // // -Tq and in another window urlsnarf -i wlan1 But the pineapple does not seem to be arping nor sniffing anything... Can anyone give me a hint to what am I doing wrong? Edited November 22, 2013 by Catware Quote Link to comment Share on other sites More sharing options...
Catware Posted November 24, 2013 Author Share Posted November 24, 2013 Hello everyone, I'm having a problem with how to use ettercap on the pineapple. I have my pineapple connecting to my router with wlan1, I then use: ettercap -i wlan1 -M arp // // -Tq and in another window urlsnarf -i wlan1 But the pineapple does not seem to be arping nor sniffing anything... Can anyone give me a hint to what am I doing wrong? Anyone? I still can't arp any network... Is wlan1 capable of arp-poison? Any lights on what I'm doing wrong would be great, I'm able to arp with my PC but would love to be able to do it on my pineapple! Quote Link to comment Share on other sites More sharing options...
King Crimson Posted November 24, 2013 Share Posted November 24, 2013 Is ipforwarding on? To check, do the following: cd /proc cat $(find . -name ip_forward) 1 In my instance, ipforward is turned on denoted by a '1'. If the command returns a '0', then ipforward is off. To turn it on, enter the following: echo 1 > /proc/sys/net/ipv4/ip_forward Quote Link to comment Share on other sites More sharing options...
Catware Posted November 24, 2013 Author Share Posted November 24, 2013 Is ipforwarding on? To check, do the following: cd /proc cat $(find . -name ip_forward) 1 In my instance, ipforward is turned on denoted by a '1'. If the command returns a '0', then ipforward is off. To turn it on, enter the following: echo 1 > /proc/sys/net/ipv4/ip_forward Yes, ipforward is enabled, I've checked and nothing happens. I arp the network, do urlsnarf -i wlan1, and no traffic Quote Link to comment Share on other sites More sharing options...
King Crimson Posted November 24, 2013 Share Posted November 24, 2013 (edited) can you post your ifconfig output? Edited November 24, 2013 by King Crimson Quote Link to comment Share on other sites More sharing options...
Catware Posted November 24, 2013 Author Share Posted November 24, 2013 Sure :) root@Pineapple:~# ifconfig br-lan Link encap:Ethernet HWaddr 00:13:37:A5:0C:10 inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14982 errors:0 dropped:56 overruns:0 frame:0 TX packets:16819 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1672082 (1.5 MiB) TX bytes:5280980 (5.0 MiB) eth0 Link encap:Ethernet HWaddr 00:13:37:A5:0C:10 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13635 errors:0 dropped:0 overruns:0 frame:0 TX packets:15926 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1752550 (1.6 MiB) TX bytes:3935375 (3.7 MiB) Interrupt:4 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:540 errors:0 dropped:0 overruns:0 frame:0 TX packets:540 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:40376 (39.4 KiB) TX bytes:40376 (39.4 KiB) wlan0 Link encap:Ethernet HWaddr 00:13:37:A5:0C:10 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1620 errors:0 dropped:0 overruns:0 frame:0 TX packets:2466 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:198535 (193.8 KiB) TX bytes:1577990 (1.5 MiB) wlan1 Link encap:Ethernet HWaddr 00:13:37:89:85:36 inet addr:192.168.1.93 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4444 errors:0 dropped:85 overruns:0 frame:0 TX packets:7556 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2041821 (1.9 MiB) TX bytes:595424 (581.4 KiB) Quote Link to comment Share on other sites More sharing options...
thesugarat Posted November 25, 2013 Share Posted November 25, 2013 I'm sorry but why exactly are you using wlan1? It's supposed to be in Client Mode bringinging Internet to the pineapple. You are playing Man In The Middle but wlan1 isn't the middle.... You can use urlsnarf in br-lan because that's where the traffic is flowing back and forth. I'm no expert on ettercap but from what I can gather you should be using it on br-lan as well. Quote Link to comment Share on other sites More sharing options...
Catware Posted November 25, 2013 Author Share Posted November 25, 2013 I'm sorry but why exactly are you using wlan1? It's supposed to be in Client Mode bringinging Internet to the pineapple. You are playing Man In The Middle but wlan1 isn't the middle.... You can use urlsnarf in br-lan because that's where the traffic is flowing back and forth. I'm no expert on ettercap but from what I can gather you should be using it on br-lan as well. I'm using wlan1 because that's what's connected to my home router. I want to MITM my home router, so it would be something like: Without ettercap: Pineapple & other devices -> Home router With: Other devices -> Pineapple -> Home router Since the connection between the router and the pineapple are using wlan1, shouln't I use wlan1 with ettercap? I think that br-lan would be to MITM the clients connected to the pineapple? Please correct me if my logic is incorrect. And thank you for the feedback, I've tried to use br-lan, but It did not work. Quote Link to comment Share on other sites More sharing options...
King Crimson Posted November 25, 2013 Share Posted November 25, 2013 (edited) Wouldn't you have to declare at least the router ip? ettercap -i wlan1 -M arp /192.168.1.254/ // -Tq You are just trying to do a simple scratch -n- sniff right? Edited November 25, 2013 by King Crimson Quote Link to comment Share on other sites More sharing options...
dom3lek Posted November 25, 2013 Share Posted November 25, 2013 I guess, it's some bug with that because I also have problem with this. That's command which I paste into ettercap: ettercap -i br-lan -M arp:remote 172.16.42.214 and It showed me ettercap is not running... Firmware 1.0.4 ;) Quote Link to comment Share on other sites More sharing options...
Catware Posted November 25, 2013 Author Share Posted November 25, 2013 Wouldn't you have to declare at least the router ip? ettercap -i wlan1 -M arp /192.168.1.254/ // -Tq You are just trying to do a simple scratch -n- sniff right? Even declaring the router, no traffic. Or if I try to use a filter, no results, It's like it's not arping the network... Quote Link to comment Share on other sites More sharing options...
King Crimson Posted November 25, 2013 Share Posted November 25, 2013 I have been messing with Reaver and Aircrack lately. I need to start messing with etter again. Seems like when I first got my MKV, I was able to do a simple poison on my home network from wlan1 but not sure I am remembering right. Like you, I use the command line as well for etter. Quote Link to comment Share on other sites More sharing options...
dom3lek Posted November 26, 2013 Share Posted November 26, 2013 Ok guys, I've solved my problem, but If I run the ettercap then my network connection is killed for everyone without pineapple(checked by network tools). Quote Link to comment Share on other sites More sharing options...
Catware Posted November 26, 2013 Author Share Posted November 26, 2013 Would using wlan0 as client mode help? Meaning, is wlan1 not arp capabble and wlan0 is? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.