|
Post by xtr4nge on Aug 30, 2015 17:47:36 GMT
PassiveTAPThis mode is a bridge passing the traffic from one interface to the other. No IP is assigned to the interfaces neither to the bridge. It is required to enable a management interface (Wireless or a 3rd interface) to access the device, because the IPs from eth0 and eth1 will be removed as soon as the module is enabled. Note: If a DHCP client is running on the device and/or one of the interfaces get an IP, the passiveTAP will not work anymore, and the traffic could be dropped. ActiveTAPThis mode assigns an IP to each of the interfaces. A default setup is using eth0 to provide an IP to the victim and eth1 to connect to the LAN (DHCP or STATIC). Note: To use other modules with Tapper, change Menu->Config->(+ [sniff|inject] Interface) to eth0 (or any other interface being used by Tapper) Example A (one interface)
|------------| |------------| | FruityWiFi |---- eth0 ----| GW | < ------------------------------- > Internet |------------| |------------|
Example B (two interfaces)
|------------| |------------| |------------| | USER |---- eth0 ----| FruityWiFi |---- eth1 ----| GW | < --- > Internet |------------| |------------| |------------|
Example C (two interfaces + [AP])
|------------| |------------| |------------| | LAN |---- eth0 ----| FruityWiFi |---- eth1 ----| LAN | |------------| |------------| |------------| | wlan0 [AP] < ------------------------------ > Internet
|
|
lbo
New Member
Posts: 9
|
Post by lbo on Aug 31, 2015 12:43:01 GMT
It would work straight for example a scenario like: Victim <> eth0 <> FruityWifi(w/ bdfproxy) <> eth1 <> LAN ? With the fruitywifi management through wlan0 hidden AP in order to not be detected by eventual IDS on the LAN side, while the attacker is accessing the FruityWifi through SSH.
|
|
|
Post by xtr4nge on Sept 2, 2015 19:36:31 GMT
Hi lbo, Yes, you have a couple of options here. In case that you are using the activeTAP mode, eth0 will provide an IP to the Victim and eth1 (with DHCP enable) will obtain an IP from the LAN. By default, the victim is routed through the LAN (eth1), so you will be using BDFproxy on the traffic that is passing from the LAN to the victim.
But you can change the default route, for example, if you connect your evil device to wireless.
Of course you can start mixing modules, using AutoSSH or OpenVPN modules to establish a tunnel.
I will add more information and descriptions about passiveTAP and activeTAP modes as they are different.
regards,
|
|
lbo
New Member
Posts: 9
|
Post by lbo on Sept 3, 2015 7:28:05 GMT
I guess, Dhcpd deamon will be enabled automatically or should i run it manually? About tunnels... As I wrote on twitter, would e nice to have multiple options... Like ICMP, DNS tunnels. And also a module for bypassing .1x and a module for EAP attacks with hostapd-wpe.
|
|
lbo
New Member
Posts: 9
|
Post by lbo on Sept 3, 2015 11:28:04 GMT
P.s. what about your example C? Both eth0 & eth1 are two different LANs with 2 different dhcpd instances and routing victims to WiFi? (ATM I cannot access sources, this is why I'm asking )
|
|
|
Post by xtr4nge on Sept 5, 2015 8:24:27 GMT
Hi lbo, The default config for the activeTAP mode, will provide an IP to the victim (TAP1 interface) using dnsmsaq, and on TAP2, the device will receive an IP (dhcp) from the LAN. There is not option to change the default route created by Tapper module yet (from the module itself), but you can connect to the device and redirect the victim to a 3rd interface or Wireless, for example, if you are connected to an AP using wlan0.
I will add more options and intelligence to this module in future releases.
regards,
|
|
|
Post by antani on Sept 15, 2015 13:09:03 GMT
Hi This is my situation. |------------| |------------| |-------------------| | Victim |---- eth0 ----| FruityWiFi |---- eth1 ----| Victim LAN | ---->Internet |------------| |------------| |-------------------| | wlan0 [AP] < ------------------------------ > Attacker Remote Control I wanted to make an Active MITM, where: - the Victim (which is using DHCP) gets an IP from my RPi2 - the RPi2 (which is using DHCP as well) gets an IP from the Victim LAN - Start BDFProxy between Victim and Victim LAN. I have tried to set both eth0 and eth1 on DHCP option (in the Tapper module conf). The mainidea is that eth0 should SEND a valid IP TO the Victim and on the other side the eth1 should GET a valid IP FROM Victim LAN. Also the eth0 is configure as IN and the eth1 as OUT. But somehow is failing. Could someone make more clear the configuration of this module? Thanks!
|
|
|
Post by xtr4nge on Sept 15, 2015 13:52:53 GMT
Hi antani, TAP1 gives IP to victim (DNSmasq), TAP2 will be the "gateway" (and receives IP from LAN)
- Set TAP1 to [STATIC] (I will change that description to DNSmasq on the next release), >> add the values that you want to provide with your DHCP server (IP range) - Set TAP2 to [DHCP]
(same setup as described on the screenshot for ActiveTAP)
There is a bug that is not showing activeTAP mode as active after press enable/start, but if you check the interfaces setup, the mode gets enabled. (I fixed that for the next release)
There is a missing dependency for some systems that is dhcpcd, but it is not mandatory for what the module needs to do, you can change that on modules_action.php to dhclient. (or you can install dhcpcd) >> [also I fixed this bug for the next release ]
I already have several improvements for this module. I will release the new version in a couple of days.
regards,
|
|
|
Post by antani on Sept 15, 2015 19:50:35 GMT
Nice to hear! Thanks a lot for this wonderful tool! I am gonna wait for the next release then
|
|
|
Post by voxhel on Sept 17, 2015 14:01:30 GMT
Hi lbo, Yes, you have a couple of options here. In case that you are using the activeTAP mode, eth0 will provide an IP to the Victim and eth1 (with DHCP enable) will obtain an IP from the LAN. By default, the victim is routed through the LAN (eth1), so you will be using BDFproxy on the traffic that is passing from the LAN to the victim. But you can change the default route, for example, if you connect your evil device to wireless. Of course you can start mixing modules, using AutoSSH or OpenVPN modules to establish a tunnel. I will add more information and descriptions about passiveTAP and activeTAP modes as they are different. regards, Hi about this scenario... to make it work i only need to define the in and out eth for the activetap or do i need also to go to the config and select mode in-out and select the eth nics for the in and out? thks V
|
|
|
Post by xtr4nge on Sept 17, 2015 18:52:06 GMT
Hi voxhel On Menu->Config you need to change the action interface that is labeled as: + [sniff|inject] InterfaceUpdate to Tapper v1.1 regards,
|
|
|
Post by voxhel on Sept 18, 2015 11:22:10 GMT
Hi voxhel On Menu->Config you need to change the action interface that is labeled as: + [sniff|inject] InterfaceUpdate to Tapper v1.1 regards, Hi after i start using this setup i can get internet on the brower victim but if i download a zip ou exe it doesnt get injected. 2 Ethernet Nics. Im using kali 2 x64 full updated.
|
|
|
Post by antani on Sept 18, 2015 11:35:22 GMT
"Huston we have a problem" Sucesfully upgraded and now tapper is working fine! Sadly still nor FruityProxy, nor MITMF/BDFPROXY are working properly. FruityProxy is not even activating (green enabled). And MITMF/BDFPROXY are green but no tampering the files. Am I missing any specific requirement to make them work properly? Thanks!
|
|
|
Post by xtr4nge on Sept 18, 2015 11:41:18 GMT
Hi voxhel, The setup for BDF could be tricky.
First try with something that you know that will work like sysinternals (not over HTTPS):
http://live.sysinternals.com + Procmon.exe
after check the properties of the file, you will see that the Digital Signature is not there anymore. (you can compare the downloaded Procmon.exe with BDFproxy activated and without [you need to clean the cache or you need to use different browsers])
Please note that BDF will not work the 100% of the times, but the rate is very high.
regards,
|
|
|
Post by xtr4nge on Sept 18, 2015 11:47:35 GMT
Sadly still nor FruityProxy, nor MITMF/BDFPROXY are working properly. FruityProxy is not even activating (green enabled). And MITMF/BDFPROXY are green but no tampering the files. ... Hi antani, You need to check that all the dependencies for FruityProxy and BDFproxy modules are installed. Access the modules page (FruityProxy and BDFproxy) and check the dependencies. I suggest to run the installation script manually for each module to confirm that everything is installed: /usr/share/fruitywifi/www/modules/bdfproxy/includes/ and run install.sh/usr/share/fruitywifi/www/modules/fruityproxy/includes/ and run install.shNote: first BDFproxy then FruityProxy regards,
|
|