Page 1 of 1

Airsnarf in Auditor Linux

PostPosted: Sun May 01, 2005 5:59 pm
by Beetle
Auditor is a decent, quick, ready-to-go platform for wireless penetration testing. It's missing Airsnarf--not that I think Airsnarf ranks with the other wireless utilities in Auditor, mind you, but I personally think Airsnarf is nice for a quick & dirty rogue AP attack setup.

With that in mind, I've just uploaded a version of Airsnarf, which "just works" (I think) with the latest version of Auditor.

Download it HERE.

Untar in /opt/auditor, remaster & reburn (not necessary if you've installed Auditor to your hard drive of course), and just run "airsnarf" from any prompt.

Or if you want to run it on the fly in Auditor booted from CD, just:

mkdir /tmp/airsnarf
cp airsnarf-0.3-auditor.tar.gz /tmp/airsnarf
cd /tmp/airsnarf
tar zxvf airsnarf-0.3-auditor.tar.gz
cd /tmp/airsnarf/bin
vi airsnarf

Then change the PREFIX variable in the airsnarf shell script in the /tmp/airsnarf/bin directory to say "/tmp/airsnarf". Add /tmp/airsnarf/bin to your PATH with:

PATH=$PATH:/tmp/airsnarf/bin
export PATH

and then run airsnarf. Quick & easy rogue AP attack setup. Anyone associating to the "airsnarf" SSID that attempts to go to any website will be redirected to your Airsnarf.

Collected usernames & passwords wind up in /tmp/airsnarfs.txt.

Customizing your captive portal, eg. making a PayPal, Hotmail, T-mobile, Bank of America, etc. portal, adding virtual hosting to your Apache config, backend bridging and local DNS cache poisoning instead of the Perl-based DNS resolver, is still on you. ;)

Sincerely,

Beetle
The Shmoo Group

PostPosted: Mon Jun 20, 2005 7:04 am
by joswr1ght
Beetle wrote:Auditor is a decent, quick, ready-to-go platform for wireless penetration testing. It's missing Airsnarf--not that I think Airsnarf ranks with the other wireless utilities in Auditor, mind you, but I personally think Airsnarf is nice for a quick & dirty rogue AP attack setup.


Thanks Beetle, I've asked Max to ensure that Airsnarf makes it into the next release of Auditor.

-Josh

PostPosted: Tue Jun 21, 2005 3:01 am
by joswr1ght
joswr1ght wrote:Thanks Beetle, I've asked Max to ensure that Airsnarf makes it into the next release of Auditor.


Quoting myself, how sad...

The new release candidate for Auditor includes Airsnarf on the distribution, just not with a menu button. Devel log http://new.remote-exploit.org/index.php/Auditor_devlog.

Thanks,

-Josh

airsnarf enquiries

PostPosted: Fri Sep 09, 2005 12:44 am
by yoshiboy
Is there a new version of airsnarf0.3 available for download, other than using the auditor CD?

I have tried airsnarf0.2. However airsnarf was terminated with the follow error msg:

"couldn't create TCP socket: Invalid argument at /ust/lib/perl5/site_perl/5/8/3/i386-linux-thread-multi/Net/DNS/Nameserver.pm line 139

Net::DNS::Nameserver::new('Net::DNS::Nameserver','LocalPort',53,'ReplyHandler', 'CODE(0x8e3f760)', 'Verbose', 1) called at ./bin/airsnarf_dns.pl line 34

couldn't create nameserver object
"
any advice?

Sincerely
Ric

PostPosted: Tue Sep 20, 2005 11:03 pm
by yoshiboy
Could it be airsnarf is having problem with running on fedora core 2?

anyone can help me?