Backtrack Series - 12: Session Hijacking for Secure Websites

[Mr. E]

Im up to step 5 but when i start ferret i get the following error

timeout(1): unknown linktype = 0 (expected Ethernet or wifi)

this is happening on any interface i choose
ifconfig shows Link encap:UNSPEC if thats any help

[TheBrotherOf]

I appreciate the tutorial, but as of yet I've been unable to get it working. Rather than using a rouge AP, I've just been using MITM/arp spoofing to direct packets to Ferret/Hamster. Hamster gets targets to clone and lists the links, but the links don't seem to work properly. The pages load, but I don't seem to be getting the hijacked permissions... gmail and yahoo mail both just load the login pages.

Does it matter that I'm using arp spoofing to get the packets rather than a rogue ap?

[fifo_thekid]

What's the type of your wifi card?
what do you get when you type:
airmon-ng
iwconfig
?

[TheBrotherOf]

Quote:

Originally Posted by fifo_thekid

What's the type of your wifi card?
what do you get when you type:
airmon-ng
iwconfig
?

Card:

Code:

Intel PROSet 2200BG

airmon-ng:

Code:

Interface       Chipset         Driver

eth1            Intel 2200BG    ipw2200

iwconfig:

Code:

root@bt:/# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

eth1      IEEE 802.11g  ESSID:"1942Wireless"
          Mode:Managed  Frequency:2.452 GHz  Access Point: 00:18:F8:69:86:A3
          Bit Rate:54 Mb/s   Tx-Power=20 dBm   Sensitivity=8/0
          Retry limit:7   RTS thr:off   Fragment thr:off
          Encryption key:42FF-0A26-C0F3-4DAF-85B9-FDDB-A8C6-8AD8   Security mode:open
          Power Management:off
          Link Quality=89/100  Signal level=-40 dBm  Noise level=-87 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

[fifo_thekid]

I don't think that this card allows injecting
For best results, by Alfa USB WIFI device
It's the best

[TheBrotherOf]

It hadn't occurred to me that we were talking about injection (I guess I skipped over the word in your first post). There is a patch that allow injection on the 2200BG, I'll see what I can do to set it up.

Thanks for the heads up, I'll report back.

[fifo_thekid]

Injection is required for a fake AP
Look in the options of aireplay-ng for an option that checks your injection capabilities

[nefelim]

wow great tutz, i manage to get it working in my wired network using g0tmi1k's sslstrip tutorial instead of the rogue3 script

thanks!

[Tek-9]

Noob here:
I got nearly everything working, but i'm encountering a problem:

i can't seem to be able to broadcast a rogue access point.
Thus i won't be able to connect to the ap with my laptop in order to try this

i'm running BT4 via a live cd.

Does anyone have any idea how to make the ap work?