In an effort to inform staff and management, I am working on putting together a demo that shows how weak (WEP) wireless security can be compromised and what kind of data can be captured using tools like driftnet, mailsnarf, urlsnarf, etc....

I've downloaded the latest BT2 disc and have an old IBM T40 notebook with a senao 2511.

I am fairly new to these sort of tools so any pointer would be helpful. Until I get more familiar I am not using WEP or MAC filtering. My lab includes a wireles router, local workstation, and my notebook running BT2.

I've tried putting my wifi card into wifi mode (iwconfig <interface> mode monitor), running drifnet, urlsnarf, mailsnarf, and no data is captured. I've also tried the tools without putting the card in monitor mode. The notebook is connected to the wireless LAN and has access to the network.

The tools work just fine for capturing data from the notebook running BT2, which makes me wonder if I am just not setting up the Senao card properly for sniffing the wifi network.

Any suggestions would be really appreciated.

Eric

Hopefully the presentation isn't for a while. I've been playing with this stuff for a couple of years and still figuring some of it out.

I hate to be the jack ass but each topic you talked about has been covered here and on the backtrack wiki. PLEASE try to utilize the search functions before posting questions that were already answered. Do you really think your the first person to ask this. My suggestion in this situation would be to pay a security proffesonal to come in and do the demo and then MOST importantly that person will know how to eliminate the security flaws. It doesnt do a whole lot of good to point out a flaw if you have no idea how to fix it.

In an effort to inform staff and management, I am working on putting together a demo that shows how weak (WEP) wireless security can be compromised and what kind of data can be captured using tools like driftnet, mailsnarf, urlsnarf, etc....


Instead of wasting your valuable time putting together a "presentation", use one of the MANY ones that have already been done. There are countless movies and slide shows on the web that do just that.

There are also countless tutorials on the web describing how to do what you say you want to do.

I usually just tell people that I can crack their wep encryption in a few minutes and if they don't believe me to google "crack wep". I then explain how easy it is to use wpa and how quickly I can set it up. I then explain "strong pass phrases" and dictionary attacks. Most management types go for the wpa without having to see any "presentations". I've noticed that conversations like these are taking place less and less so all the publicity must be doing some good.

If you are just curious about how it works and want to have some fun learning linux and doing "parlor tricks", say so.

I have tried to search the forums but some of the material is either dated or doesn't work due to updates in the programs or my lack of understanding. Part of the reason I am doing this is to also increase my knowledge in the area of security. Unfortunately as a non-profit we can't afford to hire a security professional.

If there is a better forum for helping people new to the field I'd be interested in any links you might suggest.

Thank you!

I have tried to search the forums but some of the material is either dated or doesn't work due to updates in the programs or my lack of understanding. Part of the reason I am doing this is to also increase my knowledge in the area of security. Unfortunately as a non-profit we can't afford to hire a security professional.

If there is a better forum for helping people new to the field I'd be interested in any links you might suggest.

Thank you!

I never said I would not help. You must first make clear what it is your trying to do. If you are truly trying to present to your work the security vunerabilities in wireless networking then do as ghaze said and copy a video from the internet. We are not going to give you a step by step instruction to exploiting a system. If you start to expirement a come back with a specific valid question then I will be glad to help. We are not in the businness of helping people commit crimes (not saying you are) but If you are really doing what you say for a non profit then use our suggestions. they are free.

Thank you, I appreciate the suggestions. Here is a specific question then:

When trying to use tools like driftnet, mailsnarf, urlsnarf in my lab where I don't have wep or mac filtering enabled, the tools never capture anything. I am not sure if the tools put my wireless card (senao 2511) into capture mode or if I have to put them into monitor mode before I start the programs. I've tried it either way and no traffic is captured.

From the forums, one person suggests using airodump to capture traffic, then use tcpreplay to play back the traffic on the lo interface and point the tools to listen on lo. Is this the preferred method? Do tools like drifnet not work on wireless interfaces?

Thanks again!

I assume you are talking about my buddy xploitz thread here (http://forums.remote-exploit.org/showthread.php?t=7393)

I am not a drift net or dsniff expert. Mostly I do wireless network testing and penetration inorder to excecute code or a .exe file or whatever. I use ettercap and wireshark and tcpdump for all of my sniffing needs. but if xploitz says it will work theres a good chance it will so if I were you I would try it.

Thanks! I wll give it a try and post my results if anyone is interested in a newbies experience :)

Thanks again!

It looks like I needed to use ettercap before I could run any of the tools like driftnet. I always understood that a wireless network was just one big broadcast domain like a hub. So by using ettercap I was able to use arp poisoning to redirect all the packets to my machine :) The downside was that the client's (my test machine) network performance was decreased running through my BT2 laptop.

Thanks for the help!

It looks like I needed to use ettercap before I could run any of the tools like driftnet. I always understood that a wireless network was just one big broadcast domain like a hub. So by using ettercap I was able to use arp poisoning to redirect all the packets to my machine :) The downside was that the client's (my test machine) network performance was decreased running through my BT2 laptop.

Thanks for the help!

My method purehate directed you to does work... but bare in mind that driftnet is a program which listens to network traffic and picks out images from TCP streams it observes ONLY. Its only good for images. Where as ettercap is great for arp poisoning, the only drawback is you have to uncomment some lines (which is easy), but the target machine will get security certificate warnings continuously unless they "accept them permanently"..now if you know how to forge really good certificates....you can be "the man". ;) in the middle.