Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #54355
    akademikaneakademikane
    Participant

    Intercepting & Modifying Responses In Transparent Mode
    I happily reached this lesson of Zaid.
    But everything I try I don’t see any traffic there on web nothing.

    1. ettercap -Tq -M arp:remote -i wlan0 -S /target// /ROUTER//
    2. iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080
    3. ./mitmweb –mode transparent
    4. iptables -t nat –flush

    But not working

    #54358
    diegodiego
    Moderator

    Hi!
    Why are you flushing the iptables? That will make that there’s no packets redirected to mitmweb.
    Which website are you using for testing?

    Let me know.
    Diego

    #54370
    akademikaneakademikane
    Participant

    I am flushing ip tables only when I finish doing it, when I am ready to power off I do flush it.
    I am using for testing http and https, vulnweb and bing zsecurity my own website and so on

    #54387
    diegodiego
    Moderator

    Hi!
    For the moment only test with http sites, also remember to clear the browser’s cache before doing any test.

    Is any of the commands thowing an error or a warning?

    Greetings!
    Diego

    #54414
    akademikaneakademikane
    Participant

    I am testing with http but not working.
    I don’t see any error.
    I see in the web browser it is in transparent mode which is good, but nothing is displaying, no traffic.
    I tested it in explicit mode and it works perfect.

    #54420
    akademikaneakademikane
    Participant

    I installed a fresh custom zaid kali and it did not work again.
    When I installed a fresh custom .ova of kali from official it is working but only on http

    #54435
    diegodiego
    Moderator

    Hi!
    You are doing something weird, because explicit mode will work for the local host (kali) and transparent mode will work for a remote host (victim). Also in you other question you said it’s working in official kali release and not is custom kali, I tested both of the attack with custom kali and they are working fine for me, did ou run apt upgrade in custom kali? Because this will undo the custom changes made by Zaid.

    And yes, it will work for http sites for now, later on the course you’ll learn to bypass https.

    Greetings!
    Diego

    #54437
    akademikaneakademikane
    Participant

    Listen Diego
    I was using explicit mode just to try and test if it works in local.
    I did not upgrade it the custom zaid.

    #54454
    diegodiego
    Moderator

    Hi!
    Ok, then please specify where and how are you testing, because first you said you were testing it against a remote host and suddenly you said it was working in explicit mode, so it might be clear for you how are you testing but not for me, so doing a proper explanation will help to solve this faster.

    Did you download the latest mitmproxy or are you using the one included in custom kali? Also remember to clear browser’s cache before trying the attack.
    And if you are going to test it in the remote host first check that the arp spoofing attack is working by running arp -a and check that the router’s ip has kali’s mac address.

    Greetings!
    Diego

Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.