help accomplish a mitm attack on my network
 

Sometime back I asked a similiar question but since then I have still to accomplish what I am asking. So I have to keep trying and asking and learning

I have Yamas installed on my N900 maemo 5 (ver 20.2010.36-2 ). Yamas has all the dependencies installed and working with success. Yet when I try to do Mitm attack on my own network,the password terminal page stays empty. On the victim pc I log into http and https sites (which I can see the packet exchange connections whenever I open Wireshark). I have tried command 'yamas' *ARP spoofing and 'yamas -e' ettercap. I use deault yama settings, port 8080, 80 and router ip 192.168.0.1.
My NIC, when I do the mitm attck is wlan0. I have a virgin media superhub(can not remember router brand). Why is my attack not successful. Any little hint would be of great help.


Thanks community

Re: help accomplish a mitm attack on my network
 

Quick reply...
Bumping. I would like to help you, but I don't know much about networks, routers, Wireshark, et cetera.
Best wishes.

Re: help accomplish a mitm attack on my network
 

Thanks for the bumb, Wikiwide ^^

Hmmm which ettercap do you have? And can you manually perform an MITM with ettercap only? I will skip https / ssl for now ;)

Please if you didn't install ettercap-gtk, please do. It's easier via GUI
Open it in terminal by issuing ettercap -G
Then a windows should popup with ettercap..

Sniff -> Unified Sniffing
Hosts -> Scan for Hosts
Let it finish and open host list
Host -> Host List
Add the router to target one
Add the victim to target two

mitm -> Arp poisoning and check sniff remote connections
at last
Start -> Start Sniffing

And passwords (NON-secure) should show up in the console of ettercap ;)

Then start

Re: help accomplish a mitm attack on my network
 

Thanks for replying Mr_Pingu.

I have Ettercap 0.7.4.1 and I did manage to get HTTP login from a controlled enviroment ettercap -G GUI. However, I was wondering how to get HTTPS logins either with Yamas or indeed Ettercap. I have tried with Yamas but as I first mentioned, the password terminal stays blank. How would I go with getting ettercap to sniff secure socket layers? Do I need to edit the etter file?

Thanks

Re: help accomplish a mitm attack on my network
 

AFAIK ettercap don't do that.

Re: help accomplish a mitm attack on my network
 

So, any idea why command 'Yamas -e' is not showing SSL logins?

Re: help accomplish a mitm attack on my network
 

You need to use yamas without -e flag because, AFAIK, Ettercap don't handle with https. So, you need arpspoof that is the default option of YAMAS.

Re: help accomplish a mitm attack on my network
 

AFAIK arpspoof is not going to get you anywhere if you want to see SSL logins, arpspoof will, as its name implies, spoof the ARP cache on a target machine, not remove SSL. The simplest way to achieve SSL passwords on a MITM attack is using a tool such as sslstrip (python script) that will relay the connection to the page as HTTP to the client, so they don't get the HTTPS page, they get it on HTTP instead.

You could spoof your own certificate but that will spit a huge warning on their screen that is a little more suspicious than non-HTTPS where most users (i.e. my father) might not realize.

Re: help accomplish a mitm attack on my network
 

Saponga is right, Ettercap can't do SSL unless you compile the 0.7.5 version for maemo. I could ask colin.stephane again :rolleyes:

I don't have the time to write a detailed guide now, but generally ettercap is only used to arp poison the network you are targetting. From there you use sslstrip to sniff secured connection.

It should work with both -e option and normal, as ettercap is only used to ARP poison and rest is done by sslstrip. Anyway somehow it's impossible to sniff maemo.org passwords and login (easily).

Edit: while I was typing this Pablocrossa sneaked between but it's essentially the same story ;)

Re: help accomplish a mitm attack on my network
 

Right I sort of get it now. I will give up ettercap unless I am only after http. I want to stick to Yamas but need to understand a bit further.I have sslstrip installed and as I know of it, it automatically runs when Yamas is executed and yet I see no passwords in Yamas? Why is Yamas not displaying any secure and non-secure login sites?

Re: help accomplish a mitm attack on my network
 

Strange... for me on freshly flashed N900 it is just: install KP, cleven (to get the driver), YAMAS, switch driver, log into network and start yamas. Worked every time. Also with https (but not if some cookies involved, only when user actually logs in typing in login/pass). Latest versions even load YT videos, previously only images would work but no videos (the video has to load fully though, so best results on short ones)

Re: help accomplish a mitm attack on my network
 

Xmm,with what version of mozilla or crome do this,because until now i cannot get data from my accounts of twiiter and gmail(before maybe one year that It would not be a problem).Except internet explorer,that browser it is very easy to get any info from almost any server.The primary role of sslstrip to keep request on protocol to http,independently that firefox try to transferred you to https,the magic trick when you try to login to gmail,the mozilla answer shoud be "you will transfer to http://www.gmail.com/" or somthing like this,not "you try to visit untrusted page bla.bla" I notice when remove firefox and install again,first time when start shiffing my gmail and twitter accounts,without problems sslstrip transfer me from https to http without any warning,but sesond try is fail.About ettercap and sslstrip on n900,first you can configure etter.conf for accept trafic from iptables,but if do this is not sure than you can shiffing gmail,he is most protected mail server,than others,but when try attack on our n900 with my laptop every try is successful(maybe that hapen because microb it is not newer version,about android version i have no observations),the problem is back connection(n900-laptop).By the way i try with almost options of sslstrip,but result=0,mr_pingu if you realy manage to get data from gmail every time,only thing which i can say well done man

edit:I found very intresting comment about gmail and twitter;
and second:
and finally https://www.owasp.org/index.php/HTTP...sport_Security