Notices

I don't think its a microb issue, but an architecture issue: Arm, as opposed to x86. *Shrug* Wouldn't know, honestly. While I am not a fan of using stuff like this, having it on an N900 for demonstration-of-how-insecure-the-internet-is would be great.

i've also tried installing it on my n900, through fennec. but when i tried installing it the microB browser started and gave me that error. so i don't know i it's possible to install it through firefox fennec?

...and how the **** is that gonna work, put your wifi into monitor mode magically? right...

its possible to put your N900 in monitor mode...just no packet injection

Though, keep in mind - with power kernel. If you're not running power kernel, you don't have monitor mode.

Does it even run under regular Firefox on Linux? I had the impression it didn't.

Meh. Yeah it looks like a Linux port is still in the works (which is funny because lipcap is a Linux library). This extension isn't pure JS like many other extensions. It should also be noted that this is far from useful due to it's many limitations.

For those interested in the "real deal":
Ferret+Hamster+sslstrip+arpspoof.
http://hamster.erratasec.com/ the compile options are, well pretty strange, read the README. I've compiled it for the N810 in the past, shouldn't be any issues there. However to actually utilize this tool you need a patched version of arpspoof compiled (dsniff package). This is the major roadblock I had, IIRC the issue stems from not being able to override libnet2 with libnet1 in scratchbox (plus you need to change the hardcoded eth0 to wifi0 or use the patched code that is floating around somewhere, I'll have to look, it's hard to google for it). Then you need to get ssltrip working which requires some extra Python components which I simply couldn't find.
When it works, it WORKS. When it doesn't, it knocks out my router, heh.
gmail was completely vulnerable last time I checked and Facebook works if you have checked the box to stay signed in (uses a cookie).

Basically how this works is you tell the router that you are the IP of the victim and you end up stealing their cookies. However at no time does the attacker have access to the actual password. When the victim signs out, this nullifies the cookie and signs the attacker out too. This is one of the better pen-testing exercises IMO (if you can get it working properly; I may have forgotten to mention that this doesn't work on a WPA2 network).

Nearly. There's a pull (merge) request for Linux support on the GitHub page. Once that's fixed, it should be possible to compile it for ARM (as long as all the dependencies are met).

Mobile Firefox has a very different UI to standard Firefox, so I guess a successfully compiled XPI would need some changes. It'd be easier to get it working for Iceweasel in Easy Debian.

What I'd do instead (if I had the time) is write a GUI program that filters Wireshark captures for the HTTP logins and extracts the cookies. You could then have a simple local HTML/JS file that's the GUI links to that sets the cookie in MicroB.

This is all very interesting to me and I'm loving the posts! What would make the N900 perfect if i were able to install Backtrack 3 (or 4 now) and dual boot it. If packet injection was available, this phone would be a mobile hacking machine in your pocket!

So far on my PC i was only able to crack my WEP (very easy) and WPA codes. Doin this with the N900 would be perfection! I wonder what other little qwerks you can do with the N900 i dont know about. Anyone care to inform me? I remember on the old Nokia phones you were able to access other peoples phones via bluetooth, but permissions today make it difficult.

could this be of any help?
http://randommusingsofarealgeek.blog...-on-linux.html