Jump to content

Kali/wireshark on a VM


Recommended Posts

Hey all! I'm new to all this security related hacking and want to learn more about pentesting etc as I have chosen to study cyber security at university this September!

Anyway, my problem right now is, that I want to do some basic http sniffing with wireshark. What I've done is I have set up kali on a Virtual box (bridged) on my laptop and am trying to sniff the web pages I load on my computer. Both are connected to my home network however, for some odd reason wireshark isn't picking up any http from my computer or any signals. Though, its picking up packets from other devices on the network! I can surf the internet and when I run a netcat scan it is able to identify what else is there on the network but for some reason it won't sniff my http on my computer? Also I have made sure the pages I visit on my computer are http aswell...please help!

Link to post
Share on other sites

I've not got time to reply properly now but to see traffic in Wireshark you have to actually be able to see the traffic, that means it has to pass through the machine running Wireshark. Look at things like ARP cache poisoning, man-in-the-middle or simple bridge mode on a wired network to put your laptop between another machine and the router/switch (This is similar but different to the VM bridge mode).

Link to post
Share on other sites

I don't really understand what you're saying. I can see traffic going through wireshark, it shows all sorts including my router traffic if that's what you mean? I did read somewhere that you need a USB dongle to be able to do sniffing through VM but I can use the internet and nmap scan just fine. Not sure where I'm going wrong..it floods the whole box but when I filter http all i see is traffic from my laptop

Link to post
Share on other sites

See my first answer. Sorry, to busy at the moment to give detailed answers, hopefully someone else will have time. Search for the terms I gave, you'll find plenty of information

Link to post
Share on other sites

Okay thanks, sorry I have next to none experience with this. I sort of understand your first post, if I'm correct. You're saying instead of my victim(my computer) connecting to the router/internet it goes to my laptop then my laptop goes to the internet correct? I'm not particularly sure how to do it but I'll have a look round on the web. I thought wireshark did that for you automatically when you start its sniff.

But thank you for taking your time to reply and help :) Much appreciated!

Link to post
Share on other sites

Yes, that is one way to do it and no Wireshark doesn't do it for you. The way you describe is a physical way to get yourself in the middle by actually placing yourself there, the altnerative is to use something like ARP cache poisoning.

If you are on unencrypted wifi you could also sniff the traffic from the air.

Link to post
Share on other sites

ettercap, arpspoof, cain and able (windows) will do it.

Play with those and I'd also suggest trying to get physically in the middle which will need a second NIC in your laptop (assumiming the other computer is wired). You'll learn about bridge mode and a load of network admin stuff as well. Not exactly security but very useful stuff to know.

Link to post
Share on other sites

I would recommend getting a second machine for this work. The problem I see is that a VM plays tricks with the OS's view of the network adapter since the VM will get a virtual one and if you're going to try to make that virtual one play tricks with the network there's a good chance the VM implementation itself will get in the way.

Cheap and easy solution to the second machine problem: Listen to the WiFi traffic generated by your phone from your regular machine. Get some feel as to what's going on there. Learn to use wireshark effectively. In case of a wired machine attached by wire to the wireless router/switch that also receives your phone data, try to arp-poison the router so the phone data goes to your machine.

Link to post
Share on other sites

Thanks for all your help guys, so what I've gathered is that I need to some how reroute all the traffic to my laptop by using ettercap or similar program.

One thing I noticed was, will it affect my laptop sniffing if my computer is plugged into ethernet? Also, on my VM version of Kali it says it's plugged into Ethernet though my laptop is connected to the internet via WiFi...

Link to post
Share on other sites

Thanks for all your help guys, so what I've gathered is that I need to some how reroute all the traffic to my laptop by using ettercap or similar program.

One thing I noticed was, will it affect my laptop sniffing if my computer is plugged into ethernet? Also, on my VM version of Kali it says it's plugged into Ethernet though my laptop is connected to the internet via WiFi...

Built in pci wifi cards don't work with virtual machines. They will show as a standard wired network card to the VM. USB network cards will work though, both wired and wireless.

Link to post
Share on other sites

I've had trouble passing through some Atheros cards to Linux VMs in VirtualBox. I ended up having to set up a machine in VMWare just to get my favourite card working.

Link to post
Share on other sites
  • 2 weeks later...

Thanks, for all the help. As said by most of you, I think I'll be buying one of them usb network cards if I can get one for fairly cheap. Just to poke around with and experiment with the stuff you can do in Kali!
Sorry for the late reply, been working my ass off in preparation for exams haha!

Link to post
Share on other sites
  • 1 month later...

Okay, I'm back (didn't want to create a new thread). So I've recently got rid of the VM version of Kali and gone ahead of making a live usb persistent copy. However, I'm still running into the same problems of only able to sniff my own traffic? What am I doing wrong? I did everything the same as in Hak5's video on wireshark introduction

Link to post
Share on other sites

Sorry I'm new to this. Okay so I've done airmon-ng start wlan0 and it's created a new card named mon0. Now I no longer see packets sent/received on wlan0 so in wireshark I choose the mon0 option. When on mon0 all I see is mainly data from and to sagecom and private [MAC address here]. Most say in the info "request-to-send" after clear-to-send then block ack? Tried filtering Http and now it doesn't even detect internet activity on the laptop

Link to post
Share on other sites

I suggest googling sniffing wifi traffic, there are loads of videos on how to do it. Will be easier for you to go through some of those to get things working than us try to debug something remotely. We could end up going back and forward for days.

Link to post
Share on other sites

I believe I have found the source ofthe problem....I had to type in the password for my access point in the decrypt key settings on 802.11 protocol. Though still not showing http...it just floods with BskyB data and such. Ah well, I give up!

Link to post
Share on other sites

About 3 questions back I asked if the wifi was encrypted and you said you didn't think so, now you say that there is a password, which is it? Open network, WEP, WPA(2)?

Link to post
Share on other sites

I thought you meant as in some sort of other encryption sorry! Didn't think you was talking about the password to even get on the network!
Using WPA2 -PSK

Complete beginner at this. Studying cyber security in September so hoping to get a headstart now.. Must be making people so many people *facepalm* right now

Edited by jonnyh1994
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...