Airsnarf in Auditor Linux

Beetle · 05-01-2005

Auditor is a decent, quick, ready-to-go platform for wireless penetration testing. It's missing Airsnarf--not that I think Airsnarf ranks with the other wireless utilities in Auditor, mind you, but I personally think Airsnarf is nice for a quick & dirty rogue AP attack setup.

With that in mind, I've just uploaded a version of Airsnarf, which "just works" (I think) with the latest version of Auditor.

Download it HERE.

Untar in /opt/auditor, remaster & reburn (not necessary if you've installed Auditor to your hard drive of course), and just run "airsnarf" from any prompt.

Or if you want to run it on the fly in Auditor booted from CD, just:

mkdir /tmp/airsnarf
cp airsnarf-0.3-auditor.tar.gz /tmp/airsnarf
cd /tmp/airsnarf
tar zxvf airsnarf-0.3-auditor.tar.gz
cd /tmp/airsnarf/bin
vi airsnarf

Then change the PREFIX variable in the airsnarf shell script in the /tmp/airsnarf/bin directory to say "/tmp/airsnarf". Add /tmp/airsnarf/bin to your PATH with:

PATH=$PATH:/tmp/airsnarf/bin
export PATH

and then run airsnarf. Quick & easy rogue AP attack setup. Anyone associating to the "airsnarf" SSID that attempts to go to any website will be redirected to your Airsnarf.

Collected usernames & passwords wind up in /tmp/airsnarfs.txt.

Customizing your captive portal, eg. making a PayPal, Hotmail, T-mobile, Bank of America, etc. portal, adding virtual hosting to your Apache config, backend bridging and local DNS cache poisoning instead of the Perl-based DNS resolver, is still on you.

Sincerely,

Beetle
The Shmoo Group

joswr1ght · 06-20-2005

Quote:

Originally Posted by Beetle

Auditor is a decent, quick, ready-to-go platform for wireless penetration testing. It's missing Airsnarf--not that I think Airsnarf ranks with the other wireless utilities in Auditor, mind you, but I personally think Airsnarf is nice for a quick & dirty rogue AP attack setup.

Thanks Beetle, I've asked Max to ensure that Airsnarf makes it into the next release of Auditor.

-Josh

joswr1ght · 06-21-2005

Quote:

Originally Posted by joswr1ght

Thanks Beetle, I've asked Max to ensure that Airsnarf makes it into the next release of Auditor.

Quoting myself, how sad...

The new release candidate for Auditor includes Airsnarf on the distribution, just not with a menu button. Devel log http://new.remote-exploit.org/index.php/Auditor_devlog.

Thanks,

-Josh

yoshiboy · 09-09-2005

Is there a new version of airsnarf0.3 available for download, other than using the auditor CD?

I have tried airsnarf0.2. However airsnarf was terminated with the follow error msg:

"couldn't create TCP socket: Invalid argument at /ust/lib/perl5/site_perl/5/8/3/i386-linux-thread-multi/Net/DNS/Nameserver.pm line 139

Net:

NS::Nameserver::new('Net:

NS::Nameserver',' LocalPort',53,'ReplyHandler', 'CODE(0x8e3f760)', 'Verbose', 1) called at ./bin/airsnarf_dns.pl line 34

couldn't create nameserver object
"
any advice?

Sincerely
Ric

yoshiboy · 09-21-2005

Could it be airsnarf is having problem with running on fedora core 2?

anyone can help me?

05-01-2005	#1 (permalink)
Beetle Registered Member Join Date: Jun 2002 Location: D.C. Posts: 9	Airsnarf in Auditor Linux Auditor is a decent, quick, ready-to-go platform for wireless penetration testing. It's missing Airsnarf--not that I think Airsnarf ranks with the other wireless utilities in Auditor, mind you, but I personally think Airsnarf is nice for a quick & dirty rogue AP attack setup. With that in mind, I've just uploaded a version of Airsnarf, which "just works" (I think) with the latest version of Auditor. Download it HERE. Untar in /opt/auditor, remaster & reburn (not necessary if you've installed Auditor to your hard drive of course), and just run "airsnarf" from any prompt. Or if you want to run it on the fly in Auditor booted from CD, just: mkdir /tmp/airsnarf cp airsnarf-0.3-auditor.tar.gz /tmp/airsnarf cd /tmp/airsnarf tar zxvf airsnarf-0.3-auditor.tar.gz cd /tmp/airsnarf/bin vi airsnarf Then change the PREFIX variable in the airsnarf shell script in the /tmp/airsnarf/bin directory to say "/tmp/airsnarf". Add /tmp/airsnarf/bin to your PATH with: PATH=$PATH:/tmp/airsnarf/bin export PATH and then run airsnarf. Quick & easy rogue AP attack setup. Anyone associating to the "airsnarf" SSID that attempts to go to any website will be redirected to your Airsnarf. Collected usernames & passwords wind up in /tmp/airsnarfs.txt. Customizing your captive portal, eg. making a PayPal, Hotmail, T-mobile, Bank of America, etc. portal, adding virtual hosting to your Apache config, backend bridging and local DNS cache poisoning instead of the Perl-based DNS resolver, is still on you. Sincerely, Beetle The Shmoo Group

09-09-2005	#4 (permalink)
yoshiboy Registered Member Join Date: Aug 2004 Posts: 11	airsnarf enquiries Is there a new version of airsnarf0.3 available for download, other than using the auditor CD? I have tried airsnarf0.2. However airsnarf was terminated with the follow error msg: "couldn't create TCP socket: Invalid argument at /ust/lib/perl5/site_perl/5/8/3/i386-linux-thread-multi/Net/DNS/Nameserver.pm line 139 Net:NS::Nameserver::new('Net:NS::Nameserver',' LocalPort',53,'ReplyHandler', 'CODE(0x8e3f760)', 'Verbose', 1) called at ./bin/airsnarf_dns.pl line 34 couldn't create nameserver object " any advice? Sincerely Ric

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

09-21-2005	#5 (permalink)
yoshiboy Registered Member Join Date: Aug 2004 Posts: 11	Could it be airsnarf is having problem with running on fedora core 2? anyone can help me?