viernes, 27 de septiembre de 2013

How to make pishing using an smartphone




Hi everybody:

I want to show you how share your internet connection of your smartphone and take all passwords of the clients who use it


This is the way how it works
Minimum Requirement

Android 4.0.4 or less (after 4.0.4 change the way of tetthering in android 4.1.2 so all this tool is useless after this version)
Rooted Smartphone dual core or +



Instalation.

1) Root your device (it must have dual core)
2)Download complete linux installer from google play
3)Dowload console from google play
4)Download Mobile Fisherman and uncompress it into your external sd of your smartphone

Configuration

1)Start Complete Linux installer

2)Run it


3) Select the image downloaded of Mobile Fisherman

Choose a Name for example Mobile Fisherman

Choose the image downloaded of our Ubuntu Mobile Fisher
When the following image are displayed save everything

We are ready to run it so do it

Runing the attack



 This is the screen when its starting ubuntu



When Ubuntu is starting it let you choose wich GUI you want but its not important. Just  press enter

Run ./m.pl

 Wellcome to menu
If you select 1 you will start ssl strip attack 

 Start tettering on your smartphone (it's teorically posible start tettering from ubuntu but iwconfig don't let me use master mode and i was trying to use airbase-ng but it's not working)
You must enter in Wi-Fi Zone and modem USB



Choose a name of your fake access point. Use for example something like link$y$. You know what i mean. (:P) or use the name of your "laboratory"  for example some attacker could use the same ssid of the wifi of the place where he is right now to  take credentials of the attracted clients to his fake access point






































 


































































Start the access point




Now you can press any key to start the attack you must just wait



 In this capture you can see the many mac address asking to our evil dhcp


When the victim login into a web application and send his credentials it will be logged into our smartphone in /external_sd/atlogs/sslstrip/



If you open the log i will see something like this





2 comentarios:

  1. Muy bueno el taller de la eko!!! Vas a publicar los programas que usaste en el taller?

    ResponderEliminar
  2. Never used this but this this ceratinly a great idea the method seems interesting.

    Thanks
    Silvester Norman

    Change MAC Address

    ResponderEliminar