Forum Thread: MITM Wireless Adapter?

Cameron:

mon0 is wireless monitor mode. That's the wireless eqivalent of wired promiscuous mode.

So to do a mitm attack all I have to do is the following?

1. Put wlan0 in monitor mode

2. arpspoof -i wlan0 -t (target) (router)

3. arpspoof -i wlan0 -t (router) (target)

4. driftnet -i mon0

I'm a bit confused and I really need to make sure I know what I'm doing. PS Thank you so much for helping out.

Anyone have any ideas? I tried doing it regularly with eth0 but it would just kill my target's connections so I was hoping by buying an alfa wireless adapter and using that instead it would fix the issue...

Do you have ip forwarding enabled?

Yes I've checked that a bunch of times. This is what I did regularly before I decided to get the wireless adapter (which gave me wlan0).

1. echo 1 > /proc/sys/net/ipv4/ip_forward
2. arpspoof -i eth0 -t (router) (target)
3. arpspoof -i eth0 -t (target) (router)
4. driftnet -i eth0

At this point my target's computer can't connect to anything. It immediately returns to its normal state when I stop arpspoofing. I'm assuming it has something to do with promiscuous mode?

The packets are not passing through your computer.

So how can I fix this issue? If I use the wireless card will that help?

There are many reasons why they aren't passing through. Try sending a ping from the first system to the Kali system and check to see whether it is received or passed.

Yes I pinged my kali's ip and it seems to be working fine

The ping should be be received by Kali. It should pass through.

Yeah i pinged the system in its normal state and there is no packet loss. So I don't think that's the issue.

With the arpspoof in place, there should be 100% packet loss.

Alright let me figure this out. I perform arpspoofing on my target computer, and then my target computer's connection to kali should be 100% packet loss, right?

Are you trying to do this from a VM to the gateway?

Yes, I believe so. I'm not very firmiliar with the term "gateway" but I know that I am using a vm. I asked some other people on Null Byte and one of them said that you have to use wlan0 not eth0.

It could be many things. We don't have enough information. Are you arpspoofing correctly on both ends? Are you using the correct IP addresses?

I would suggest that you try MiTM with three machines. Your host, and two guests. Once you get that working, then try to expand. You won't need a wireless card to do that.

Yeah I have tried and made sure I have looked at both ip addresses. I went to my target computer and did ifconfig and wrote down the ip address.

How would I do a MiTM attack with 3 machines? Whenever I start arpspoofing I see it is sending back and forth but my target's connections are killed.

Cameron:

Do you understand that a MiTM involves three systems? One client, one server and one in the middle?

Yes I do

What are you three machines and what are their configurations?

My first machine is of course the kali linux in the middle. It is being run on a virtual box through a bridged adapter to my host machine. My second machine is a mac OS X but I have tested also on my iPhone. My 3rd machine is my router, but I have tried this attack at my school, and at a different house, all with different routers, and none of them worked.

Use a third computer. Not a phone or router.

If you are MiTM between the gateway and the client, you should use wlan0.

Ok so I do the same exact process as before except with wlan0? If so do I need to first put wlan0 in promiscuous mode?

Not necessarily.

But it will work if I use the wlan0 instead of eth0?

Cameron:

It depends upon your configuration.

I'm not exactly sure what you mean by that. How should I configure it?

Okay i'll try using a 3rd computer...I'll let you know what happens and then we can figure out why it isn't working.

Good luck.

Follow my instructions in my tutorial meticulously. Make sure that all pings go through the middle machine.

Okay i tried it and now I'm even more confused then I was before. I arpspoofed my computer to my other computer, and it still pings my kali machine with no packet loss.

Arpspoofing changes your IP address to that of the server. That ping should be lost or pass through, if ip forwarding is in place. I suggest you go back and study the concept of MiTM before trying again.

Yeah I looked at many different forums and ideas. The thing is, I even tried arpspoofing with the target and the router and when the connection is killed, i can still ping my kali linux machine. If I get a wireless card will that help??

You are doing something fundamentally wrong. The wireless card will not help in that case.

Set up a three machine network and follow my instructions carefully. It does work.

Ok, just to make sure I have the correct instructions.

1. echo 1 > /proc/sys/net/ipv4/ip_forward
2. arpspoof -i eth0 (router) (target)
3. arpspoof -i eth0 (target) (router)

Don't use the router.

Use server and client with Kali as the middle.

what server? Something like google.com? Not sure what you mean by server.

Do you mind just typing the commands in the order like I did because I have a hard time understanding what you mean.

You have three machines. One is a server, one is a client and one is the middle.

Yes continue? Sorry I had to make a new comment because I couldn't reply.

UPDATE: I performed arpspoofing from my computer to my phone and now when I ping my phone from my target computer it is 100% packet loss. That's what's supposed to happen?

yes

okay so then I think I am doing it right. So let me get one thing right. To do it successfully to my gate, I need a wireless adapter with my vm?

i think your commands might be off try this:

arpspoof -i <interface> -t <target ip> -r <router or host>

then i usually run wireshark to make sure im capturing traffic from target

then driftnet -i <interface>

fin

I'll try that

Are you sure this is how you do it?

Do any of you think this may be a problem with my VM? I read a bunch of forums and some of them are saying to use a live boot. How can I get around this?

Did you ever figure this out Cameron?