Jump to content

Mark V newbie - Please help


Recommended Posts

Hello guys

I'm fairly new to this world of knowledge :)

I recently installed tcpdump and Karma.

I intend to log traffic flowing through karma.

I successfully connected the pineapple to my wifi as client and can use the internet through it.

Now I need to know how to log through tcpdump ??

Do I log wlan0 or wlan1 ? I'm not sure which wlan i'm using to connect the pineapple to wifi. Lets just say it's on stock settings. So which one would it be ?

Which one do I log ? what about monitor mode setting alongside ?

Please help

Link to comment
Share on other sites

Best advice is to search these forums. Your questions have been asked many times before...

wlan0 = Pineapples Access Point

wlan1 = Client Mode/Jamming

br-lan = a bridge between wan and lan

If you are using karma to bring users onto the pineapple and you want to log all traffic you'll want to use tcpdump on br-lan.

Monitor Mode is used for wireless purposes like Jamming/reaver/bully/packet injection etc. You won't need to set that for Karma or tcpdump.

Link to comment
Share on other sites

  • 1 month later...
sslstrip output_1399901190.log [May 12 2014 13:43:04]

2014-05-12 13:42:54,349 Host resolution error: [Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.DNSLookupError'>: DNS lookup failed: address '192.168.1.1:80' not found: [Errno -2] Name or service not known.

]

2014-05-12 13:43:04,594 Host resolution error: [Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.DNSLookupError'>: DNS lookup failed: address '192.168.1.1:80' not found: [Errno -2] Name or service not known.

]

Link to comment
Share on other sites

It looks to me like you ARP-poisoned yourself. What's the IP addresses of your victim, yourself and your gateway?

Link to comment
Share on other sites

Well i'm just running SSLStrip with Karma. I don't know the IP address of the victim, I just need to log all the traffic on it.

How can I NOT ARP-Poison myself, just btw ?

I tried doing it without Karma aswell, I seem to get some log from just one shitty website i was browsing, nothing else.

I still continue to browse facebook with https.

Link to comment
Share on other sites

Well, you're MITM for this. Two network adapters, two networks. One network is being ARP-poisoned, the other not. Seems on your setup BOTH are.

Scratch that. This is some uninformed bullshit on my part.

Edited by Cooper
Link to comment
Share on other sites

I listened to the (online) speech Moxie gave about ssl strip. It requires that you're MITM. You get there by either being the entry point for people to get on the network (you're AP) or by getting your victims to willingly route their traffic to your machine when they actually want to go to the network. The latter is achieved using ARP spoofing/poisoning. You execute it by identifying your victim by IP address, and you send it ARP responses that identify your machine as the one with the IP address of the intended recipient. The result is that when the target wants to talk to the intended recipient, that data gets sent to you and all you have to do is send it on to the legitimate target (and maybe eavesdrop a little).

This process should not cause trouble for your own machine since the arp poisoning is targeted. Only the intended victim receives the ARP responses and acts upon them.

Again, this is needed ONLY when YOU are NOT in the path to the intended destination. When you reenact an AP that your victim chooses to connect to (Jasager anyone?), you're already in the appropriate position for some ssl stripping and really don't need to do any ARP poisoning at all.

Link to comment
Share on other sites

If you were just running karma, would you ever need to arp cache poison then? If you were sniffing the wired network through the wireless AP, then yes, but otherwise? Does SSL Strip have any code in it that preforms arp cache poisoning? Unless BollywoodFan101 has been using one of the built in executables for arp poisoning, or SSL strip has it built in, then I don't think that's the problem.

Link to comment
Share on other sites

Then I guess my question would be "Who is 192.168.1.1, why are you doing a DNS lookup for him and, worse, why is the port number included as it has nothing to do with a DNS lookup?"

Link to comment
Share on other sites

It's ssl strip that does the lookup. On its download page it says it uses the twisted-web module which is what is reporting the problem.

Link to comment
Share on other sites

Without looking at the code itself (feel free to do that part yourself) ssl strip acts as a proxy. You connect to it asking for a page on a.b.com and it wants to go out and fetch that for you. First step to doing just that is to perform a DNS lookup for a.b.com but it would appear that instead ssl strip is looking up its own IP address with a port tacked onto it.

Looks to me like a misconfiguration involving that string.

Link to comment
Share on other sites

Did you enter that ip:80 as a string somewhere? That's the bit of configuration that's not supposed to be there. Where it's set? I donno. I own a pineapple since last weekend but aside from turning it on I haven't done anything with it yet.

Link to comment
Share on other sites

sslstrip output_1400114399.log [May 15 2014 00:40:24]

2014-05-15 00:40:13,687 Host resolution error: [Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.DNSLookupError'>: DNS lookup failed: address 'https' not found: [Errno -2] Name or service not known.

]

2014-05-15 00:40:13,946 Host resolution error: [Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.DNSLookupError'>: DNS lookup failed: address 'https' not found: [Errno -2] Name or service not known.

]

2014-05-15 00:40:24,495 Host resolution error: [Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.DNSLookupError'>: DNS lookup failed: address 'http' not found: [Errno -2] Name or service not known.

]

2014-05-15 00:40:24,724 Host resolution error: [Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.DNSLookupError'>: DNS lookup failed: address 'http' not found: [Errno -2] Name or service not known.

]

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...