MiTM via Android (Scampages, XSS, Sniff) meijer cc


Setting up your Android

As smartphones have taken over the world, I thought it be interesting to see how vulnerable people are. So a few weeks ago, I r00ted my android phone using Kingroot which is available from android market and installed linux deploy. Linux deploy allows you to install a copy of kali linux onto your android phone in a chroot environment, in order to connect to it, you use an application called connectbot which provides ssh access to the kali linux on your phone.

From here you can then install various tools such as mitmf and driftnet, mitmf allows you to perform MiTM attacks meaning you can listen to the traffic on the wifi network you are connected to, then using driftnet you can access images and media that is going through the network which gets stored locally.

After playing about with this, I also installed wigle which is a wifi mapping tool which allows you to go around your local town to hotels, bars and cafes and plot them to a map. Using these tools allow me to take over any hosted wifi network that is accessible to me. However some places require a WPA key which alot of the time is obtained just by asking if they have wifi, once you have the WPA key the network is as good as yours.

Anyway Im going to explain how you too can do this.

First as I said you need to r00t your android phone, I wont go into this as a simple search for ‘rooting (your phone make and model)’ will provide steps you need. You should then start installing Linux deploy from here or the android market. You will then need connect bot for SSH access which you…connectbot. This will allow you to connect to the Linux we are about to install.

Installing Linux on your Android

Open Linuxdeploy and click the bottom right button which allows you to configure your installation, select the distribution to kali-rolling and then scroll down to mounts, make sure this is enabled and then edit the mount points to /sdcard/ext. Now change your login password and exit the settings, now on the dots menu you should see install, press this and the phone will start installing kali linux. When this ends click on configure and this will setup the installation.

Connecting to your linux and installing apps

Now open connectbot and enter (username)@ to create a connection, mine is droid@ and this should then ask for a password which you created. Now you will need to install some tools in your distribution.

You will need to enter root so type without the quotes ‘su’ now enter ‘apt-get update’ to make sure the repositories are installed, now you can start to install applications.

‘apt-get install mitmf driftnet tmux metasploit-framework hydra’ metasploit is an exploitation framework which is useful and hydra is a password bruteforcer. Kali contains alot of tools for hackers which you will find useful, to search for other tools enter ‘apt-cache search exploit’ change exploit for anything of interest.

Starting the MiTM
Now you will need to start tmux which allows you to split the screen by pressing ctrl-b then » to switch the screens just press ctrl-b then o and to exit ctrl-b then d its really that simple. However once you have a split screen, you will need to check for your IP address in the settings of your android device, this can be found in settings-about-status, have a good look around and you will find it. You want to find out the gateway IP, if your ip address is then the gateway should be if its then it should be Now go bk in to your terminal and enter the following on the top tmux screen. ‘mitmf -i wlan0 —arp —spoof —gateway (your gateway ip)’ you can try —hsts which is a version of sslstrip, and on laptops this dont work but on phones it sometimes does.

For more information join Group for carding and hacking,
we are also available on DREAD http://dreadditevelidot.onion/d/VirtualMafia meijer cc


Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *