Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

well ye they should at least try it remember noobs start somewere an if this script helps then i dont see why they cany use it ..

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

My first "bad" feedback, finally ! :P

So, as I posted earlier : i didn't know maemo before this thread existed and I do not own a N900. I just "ported" it according to what I was told.

" It is a NEEDLESS dependancy, use osso-xterm instead (the built in one)."
Fine ! you just had to say it, it shouldn't be to hard to do ! Could you please send me the part of code that should change accordingly ? (in case it's not just xterm that becomes osso-xterm of course)

"Why does it depend on BASH, why not modify it to be compliant with ash?"
Cause it was made for bash, duh. What should change for it to be ash compliant ? You input is welcomed !

There is no extra script needed, just a file I use to parse the logs. Think of it as a pseudo-definition file. The only point of this is that it allows me to update it as soon as I find something new, whitout the need for the end-user to check for updates. If you guys don't like it, I can put it back in, without downloads. But since you should use that on a (=YOUR/AUTHORIZED) network, you should have connectivity. What are 13 fcuking bits anyway? Could be handy for the --parse option, I must admit. But really, I think being connected isn't too much to ask !
If a majority of people don't like it, I'll reverse it back to a grep line !

Thanks for the feedback, that should help improve it ! But just try to cool it on the way you say it. I'm a student in law (read, nothing computer-related), doing it for fun, and for free ;)

Waiting for your input ;) Don't hesitate to mail me !

Cheers

##############

While I agree with unhuman, I agree with that too. Let me clarify : script kiddies should keep the hell away from it. Noobs should devour the source to learn what is going on.
As stated in the disclaimer (cf. source), this script is intended for learning purposes (both bash and network security). I believe I wrote the needed comments in it for anyone to understand what's going on !

##############


Yup, several subnets are used on those stuff, so you might not be able to scan others subnets, and the AP might be blocking our probes. To know if there are client connected to the AP, check with airodump ;)

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

chillout bromaX, we're all on the same team.

As far as I can tell the ONLY reason this script requires bash is because of the use of the '-e' flag on the read command. The version of ash on the n900 does not have that flag. Can the script be re-written to omit the use of the '-e' (readline) flag?

As you don't have an n900 I will explain. There is no xterm as such, the terminal emulator built in is called 'osso-xterm'. While xterm has been built for the n900 it sucks harder than the hoover dam. Unfortunatley running a command under osso-xterm requires a little more finesse.

After a bit of discussion on maemo IRC it was determined that to run a command under osso... instead of xterm you need to run ASH with your command passed to it as a script.

i.e.

As you cannot test this I will start looking into how xterm can be replaced by osso-xterm.

As for wget'ting the list of key words, it would be far better to have a list of the keywords defined at the start of the script and to grep as you said with no need to access the internet. What if I am uh testing the pens of a completly locked off LAN?

Also there are numerous spelling mistakes and supeflous wordage that could be trimmed out.

If you are wondering why it is important to have have as few dependancies as possible it is becasue the n900 is challenged for resources enough as it is. Besides as an engineer I crave the simplest most elegant solution that uses the basic tools that are available.

For this to be simple and elegant, it has to be self contained and flexible.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

" Can the script be re-written to omit the use of the '-e' (readline) flag?"
Consider it done ! As I said earlier (maybe it was a mail though, not this thread), the -e flag is pretty useless.

"As you cannot test this I will start looking into how xterm can be replaced by osso-xterm." Please ! That would be great !

" What if I am uh testing the pens of a completly locked off LAN?" Yup, good point ! (but unlikely)

"Also there are numerous spelling mistakes and supeflous wordage that could be trimmed out."
I did ask people to give me feedback on that too, many times, but it seems it doesn't bother them. It matters to me though, so please, mail me anything I can correct. I try my best but english isn't my native language so grammatical errors and all are to be expected.

About the superfluous wordage, I think you mean things I did on purpose, like asking what ports, what gateway, etc. The first goal of the script it to learn from it. That way people know a minimum about what they are doing. But sure, that script could be trimmed down to almost nothing if I decided to make a real, full automation. That is not my goal though !

"If you are wondering why it is important to have have as few dependancies as possible it is becasue the n900 is challenged for resources enough as it is. Besides as an engineer I crave the simplest most elegant solution that uses the basic tools that are available."
All right, I understand ! Let's do that :)

In a nutshell : get rid of wgets, xterms, and -e. On another note, get rid of bad engrish.

Since there is quite a few things to do, could you mail me so that we don't spam this thread too much ? I don't mind though, but it's better if we keep it clean !

Thanks again !

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

I think it is better to keep development in the open, that way when one of the real hardcore scripters (i.e. not me) see it they might lend an ear (*ahem benson).

I think I have removed the need for xterm however I have not had an oppurtunity to test if it actually works!(I am at work ;))

I have altered some of the read choices so you dont have to press enter.

just grabs the first character and does not need a return character.

You can see how I have done it in the link below.

http://pastebin.com/DT2ReF1V

I will probably have a hack at this later tonight.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

I know the -n option, but pressing return never bothered me. And if someone makes a mistake, he can correct it before continuing to something he might not want...

About the xterm, that's great ! I'll just wait for it I guess ;)

Take your time, there's no hurry !

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

I'm trying your modified version, it seems that it doesn't work cause the osso-xterm windows don't have root access (solved by adding a "sudo" in front of the commands, I have sudser installed); using sudo works pretty well, but it can't correctly kill the processes when closing.

Thanks everyone for the hard work ;)

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

Thankyou for testing torp, if you are feeling adventurous, try modifying all the 'osso-xterm' lines with:

i.e. add the exit command as shown above to the end of each call to osso-xterm. If this works the next logical step is to write a sub-routine that will take any command and run it as root in a term.

i.e.

or somthing.

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

You Guys Should Realy check this link out

http://talk.maemo.org/showthread.php?t=73572

it has all the tools needed

Re: [Announce] Yet another MITM attack script (Yamas-ARM)
 

It seems not to work, at the closing of the script ettercap and rtp windows are still there. No alternative ideas here :(