problem with arpspoof and sslstrip

[Ming]

hello evilzone, I need help with the mitm attack, i don't know why, when i run sslstrip and arpspoof I get http data sending from victim to server(sslstrip and wireshark), but network of victim is completely down

my commands:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 4444
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 4444
sslstrip -a -l 4444
arpspoof -i wlan0 -r 192.168.0.1 -t 192.168.0.12

[proxx]

You need help with basic networking and debugging of problems.
Something say's that you are not ready for thing like this

Show us the 'victims'  ARP table.

[Ming]

it is possible using my computer?

[iTpHo3NiX]

The computer's capable, but your brain on the otherhand...

[proxx]

it is possible using my computer?

*facepalm

[Ming]

# arp -a 

Code: [Select]

? (192.168.0.1) at [*] [ether] on wlan0
I don't know if it's it

[proxx]

# arp -a 

Code: [Select]

? (192.168.0.1) at [*] [ether] on wlan0
I don't know whether it's it

Coz Im in a good mood;
What is your attacking machine's MAC address?
What you want to see is that the network gateway is spoofed by the MAC of the attacker and not the original one.
Show us a before and after view of the ARP cache.

[Ming]

I think it is some security problem, because in another network this same work great, and I think that when I get data from my victims,mac is spoofed, this might be also sslstrip fault, i'm spoofing mac only for one laptop of my victim, and i can't show us what is going on in his notebook, what my computer see is less important

[proxx]

I think it is some security problem, because in another network this same work great, and I think that when I get data from my victims,mac is spoofed, this might be also sslstrip fault, i'm spoofing mac only for one laptop of my victim, and i can't show us what is going on in his notebook, what my computer see is less important

You are not spoofing MAC addresses at all, you have any clue how ARP poisoning works ?
And if so please explain me the corrolation with spoofing MAC's.

[ShadowPaw]

it is possible using my computer?

[Architect]

I hate to be the one to tell you but ARP spoofing is not at the computer, it's done at the router. And you should use a strong wireless card for it. And you should know what you're doing because this attack is easily traced by.. anybody. SSLSTRIP will get you a lot of time if you fuck it up and someone notices. Got to do some research next time, eg RTFM.

[proxx]

I hate to be the one to tell you but ARP spoofing is not at the computer, it's done at the router. And you should use a strong wireless card for it. And you should know what you're doing because this attack is easily traced by.. anybody. SSLSTRIP will get you a lot of time if you fuck it up and someone notices. Got to do some research next time, eg RTFM.

It is actually at the computer, the arp table that maps MAC addresses to IP addresses is modified.
Not that you dont know that