Airsnarf in Auditor Linux
Posted: Sun May 01, 2005 5:59 pm
Auditor is a decent, quick, ready-to-go platform for wireless penetration testing. It's missing Airsnarf--not that I think Airsnarf ranks with the other wireless utilities in Auditor, mind you, but I personally think Airsnarf is nice for a quick & dirty rogue AP attack setup.
With that in mind, I've just uploaded a version of Airsnarf, which "just works" (I think) with the latest version of Auditor.
Download it HERE.
Untar in /opt/auditor, remaster & reburn (not necessary if you've installed Auditor to your hard drive of course), and just run "airsnarf" from any prompt.
Or if you want to run it on the fly in Auditor booted from CD, just:
mkdir /tmp/airsnarf
cp airsnarf-0.3-auditor.tar.gz /tmp/airsnarf
cd /tmp/airsnarf
tar zxvf airsnarf-0.3-auditor.tar.gz
cd /tmp/airsnarf/bin
vi airsnarf
Then change the PREFIX variable in the airsnarf shell script in the /tmp/airsnarf/bin directory to say "/tmp/airsnarf". Add /tmp/airsnarf/bin to your PATH with:
PATH=$PATH:/tmp/airsnarf/bin
export PATH
and then run airsnarf. Quick & easy rogue AP attack setup. Anyone associating to the "airsnarf" SSID that attempts to go to any website will be redirected to your Airsnarf.
Collected usernames & passwords wind up in /tmp/airsnarfs.txt.
Customizing your captive portal, eg. making a PayPal, Hotmail, T-mobile, Bank of America, etc. portal, adding virtual hosting to your Apache config, backend bridging and local DNS cache poisoning instead of the Perl-based DNS resolver, is still on you.
Sincerely,
Beetle
The Shmoo Group
With that in mind, I've just uploaded a version of Airsnarf, which "just works" (I think) with the latest version of Auditor.
Download it HERE.
Untar in /opt/auditor, remaster & reburn (not necessary if you've installed Auditor to your hard drive of course), and just run "airsnarf" from any prompt.
Or if you want to run it on the fly in Auditor booted from CD, just:
mkdir /tmp/airsnarf
cp airsnarf-0.3-auditor.tar.gz /tmp/airsnarf
cd /tmp/airsnarf
tar zxvf airsnarf-0.3-auditor.tar.gz
cd /tmp/airsnarf/bin
vi airsnarf
Then change the PREFIX variable in the airsnarf shell script in the /tmp/airsnarf/bin directory to say "/tmp/airsnarf". Add /tmp/airsnarf/bin to your PATH with:
PATH=$PATH:/tmp/airsnarf/bin
export PATH
and then run airsnarf. Quick & easy rogue AP attack setup. Anyone associating to the "airsnarf" SSID that attempts to go to any website will be redirected to your Airsnarf.
Collected usernames & passwords wind up in /tmp/airsnarfs.txt.
Customizing your captive portal, eg. making a PayPal, Hotmail, T-mobile, Bank of America, etc. portal, adding virtual hosting to your Apache config, backend bridging and local DNS cache poisoning instead of the Perl-based DNS resolver, is still on you.
Sincerely,
Beetle
The Shmoo Group