- This topic has 8 replies, 2 voices, and was last updated 3 years, 7 months ago by Diego Pérez.
- AuthorPosts
- April 30, 2021 at 4:14 pm #54355akademikaneParticipant
Intercepting & Modifying Responses In Transparent Mode
I happily reached this lesson of Zaid.
But everything I try I don’t see any traffic there on web nothing.1. ettercap -Tq -M arp:remote -i wlan0 -S /target// /ROUTER//
2. iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080
3. ./mitmweb –mode transparent
4. iptables -t nat –flushBut not working
April 30, 2021 at 5:43 pm #54358Diego PérezModeratorHi!
Why are you flushing the iptables? That will make that there’s no packets redirected to mitmweb.
Which website are you using for testing?Let me know.
DiegoMay 1, 2021 at 1:01 am #54370akademikaneParticipantI am flushing ip tables only when I finish doing it, when I am ready to power off I do flush it.
I am using for testing http and https, vulnweb and bing zsecurity my own website and so onMay 1, 2021 at 6:17 pm #54387Diego PérezModeratorHi!
For the moment only test with http sites, also remember to clear the browser’s cache before doing any test.Is any of the commands thowing an error or a warning?
Greetings!
DiegoMay 2, 2021 at 6:37 pm #54414akademikaneParticipantI am testing with http but not working.
I don’t see any error.
I see in the web browser it is in transparent mode which is good, but nothing is displaying, no traffic.
I tested it in explicit mode and it works perfect.May 3, 2021 at 2:02 am #54420akademikaneParticipantI installed a fresh custom zaid kali and it did not work again.
When I installed a fresh custom .ova of kali from official it is working but only on httpMay 3, 2021 at 6:15 pm #54435Diego PérezModeratorHi!
You are doing something weird, because explicit mode will work for the local host (kali) and transparent mode will work for a remote host (victim). Also in you other question you said it’s working in official kali release and not is custom kali, I tested both of the attack with custom kali and they are working fine for me, did ou run apt upgrade in custom kali? Because this will undo the custom changes made by Zaid.And yes, it will work for http sites for now, later on the course you’ll learn to bypass https.
Greetings!
DiegoMay 3, 2021 at 6:22 pm #54437akademikaneParticipantListen Diego
I was using explicit mode just to try and test if it works in local.
I did not upgrade it the custom zaid.May 4, 2021 at 6:18 pm #54454Diego PérezModeratorHi!
Ok, then please specify where and how are you testing, because first you said you were testing it against a remote host and suddenly you said it was working in explicit mode, so it might be clear for you how are you testing but not for me, so doing a proper explanation will help to solve this faster.Did you download the latest mitmproxy or are you using the one included in custom kali? Also remember to clear browser’s cache before trying the attack.
And if you are going to test it in the remote host first check that the arp spoofing attack is working by running arp -a and check that the router’s ip has kali’s mac address.Greetings!
Diego - AuthorPosts
- You must be logged in to reply to this topic.