Friday 14 September 2012

#9 Using PwnStar to Setup Soft AP and Sniff HTTPS data


Using PwnStar to Setup Soft AP and Sniff HTTPS data
 
 
This tuttorial will show you how to set up a Soft AP for victems to connect to. Once a victem has connected all the traffic will be routed from the Soft AP trough your computer and out the internet inteface.
 
This lets us become the man in the middle and see any traffic traveling to and from the victem. We will use this to are advantage by using ssl-stripper to capture and decode all information that passes trough are machine using HTTPS protcol.

This basically means we get there login information!

To do this you will need an to have your main machine connected to the internet and connect you Backtack Vm to this connection using the ethernet connection in  Wicd Network Manger. Check that the internet is working by loading firefox in Backtrack VM and going to a website. If it loads your ready to move on.

Once connected, you will then connect your external wireless USB to your Backtrack VM. (This has all been done in prevouise tutrials so should be simple)

Now were ready to start :D


First Lets boot up a terminal and fire up the PwnStar script. We do this by pointing the terminal to its location. If you have followed my prevouise tutorials then the location/code in bold below will work. Now enter in the code in bold below or the location of your script if its diffrent.

 '/root/Desktop/Hacks/Wireless Attacks/PwnSTAR_0.8'

Now you will be asked a bunch of questions for setting this script up, this first will be which attack do you want to run, we will be running '3) Sniffing: provide internet access, then be MITM' so enter the code in bold below and press enter.

3

 
You will now be asked if you want to give internet access and we do so enter the code in bold below and press enter
 
y
 
You will then be asked what interface the internet is connect to, it should be your ethernet interface so mine is 'eth1' yours may be diffrent but it will show you avabliabe interfaces above the question. so enter in your interface like in the code in bold below and then press enter.
 
eth1
 
It will then ask for your wireless interface (the one the soft AP will be setup on) and yet again it will show interfaces avaliable. So in this example mine was 'wlan0' enter yours in like the code below and press enter
 
wlan0
 
It will then ask if you would like to automatically or manually like to change the wireless interfaces MAC address. I suggest entering the code in bold below and pressing enter for automatic MAC changing.
 
y
 
It will then ask if you would like to scan for a target, this time will not be doing this so enter in the code below.
 
n
 
You will now be asked questions about ips ect... just enter the code in bold below and press enter to change the Soft APs channel
 
3
 
You will be asked what channel to use just enter in the code in bold below and press enter.
 
4
 
Can move on so enter in the code in bold below and press enter to continue
 
c
 
You will now be asked what attack to use select the second by entering in the code in bold below and pressing enter
 
2
 
You will then be asked to name your Soft AP, so try something that will persuade your victems to connect like free wifi, so enter this in like the code in bold below and press enter
 
Free WiFi
 
 It will then start the Soft AP. We are now asked about are DHCP setting, I suggest just continuing by entering the code in bold below

c

Your DHCP server will then start allowing your victems to get a IP address when they connect to the Soft AP

Now you will be asked if you want to start ferret. Say yes so we can see what traffic is passing trough. To do this enter the code in bold below

y

You will now be asked if you want to start ssl strip. Again select yes by entering in the code in bold below

y

You will then be asked if you would like to tail the ssl strip file again select yes and this window that now opens after you enter in the code below, will be the place we will see all are logins (and lots of junk data)

Now just wait until victems connect and get there logon's.

We can parse logs so that we dont get all the junk data in the ssl striper file tail but I waiting for the code on how to do this. I will update when i know.

I will also include another tutorial on how to make this attack a lilttle more effective later on.