Subterfuge will not capture credentials

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?

Please provide any additional information below.

Issue:
Subterfuge will not grab credentials from any machine on the network.  I tested 
facebook, gmail, hotmail and yahoo. No success from any of the machines.  

Hardware setup:
OSX lion host
Kali (fully updated, clean install) guest
Virtual Box virtual machine
Bridged Adapter (completely working)
Latest version of Subterfuge

Bug replication:
I am running the latest version of Kali from within virtual box.  
The guest OS (kali) is set up to run a bridged connection to the host (OSX), 
and that configuration is working just fine.  
I can ping the host from the guest, and vice versa, I can get to both the lan, 
and wan from both the host and the guest.  
The Kali install is clean.  I ran a full update on it before downloading 
Subterfuge and made sure that was completely clean.  
Subterfuge installed correctly with no errors.  
Subterfuge launches in the command line cleanly and starts in the browser 
correctly.  Once it is up and running it does not capture any logins.  

Additional notes:
The network slows down significantly once the attack starts.  That is not 
terribly surprising given the nature of the attack, but it is a repeatable side 
effect.  

Command line output log:
Subterfuge courtesy of r00t0v3rr1d3 & 0sm0s1z
Validating models...

0 errors found
Django version 1.3.1, using settings 'subterfuge.settings'
Development server is running at http://127.0.0.1:80/
Quit the server with CONTROL-C.
[18/Jun/2013 22:06:53] "GET / HTTP/1.1" 200 10073
[18/Jun/2013 22:06:55] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:06:57] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:07:00] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:07:03] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:07:06] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:07:09] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:07:12] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:07:15] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:07:16] "GET /startpwn/auto/ HTTP/1.1" 500 52154
Starting Pwn Ops...
Running AutoPwn Method...
Using:  eth0
Setting gateway as:  192.168.1.1
Automatically Configuring Subterfuge...
[18/Jun/2013 22:07:18] "GET / HTTP/1.1" 200 438
Iptables Prerouting Configured

Configuring System...
net.ipv4.ip_forward = 1
IP Forwarding Enabled.
Initiating ARP Poison With ARPMITM...
Starting up SSLstrip...
Harvesting Credentials...
[18/Jun/2013 22:07:21] "GET / HTTP/1.1" 200 437

sslstrip 0.9 by Moxie Marlinspike running...
[18/Jun/2013 22:07:24] "GET / HTTP/1.1" 200 437
Initializing ARPWatch...
Gateway          => 192.168.1.1
Router MAC       => 98:fc:11:6b:97:1b
Local IP Address => 192.168.1.116
Poisoning the entire subnet...

[18/Jun/2013 22:07:27] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:07:30] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:07:33] "GET / HTTP/1.1" 200 437
192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:07:36] "GET / HTTP/1.1" 200 437
192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:07:39] "GET / HTTP/1.1" 200 437
Router asking where 192.168.1.107 is. Remind them kindly who the real router 
is...

[18/Jun/2013 22:07:42] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:07:45] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:07:48] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:07:51] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.112 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:07:54] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:07:57] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:08:00] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:08:03] "GET / HTTP/1.1" 200 437
Router asking where 192.168.1.116 is. This is the Subterfuge box. Send regular 
reply.

Router asking where 192.168.1.116 is. This is the Subterfuge box. Send regular 
reply.

[18/Jun/2013 22:08:06] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:08:09] "GET / HTTP/1.1" 200 437
192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:08:12] "GET / HTTP/1.1" 200 437
192.168.1.112 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:08:15] "GET / HTTP/1.1" 200 437
192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:08:18] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:08:21] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:08:24] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:08:27] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:08:30] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:08:33] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:08:36] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:08:39] "GET / HTTP/1.1" 200 437
192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:08:42] "GET / HTTP/1.1" 200 437
Router asking where 192.168.1.107 is. Remind them kindly who the real router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:08:45] "GET / HTTP/1.1" 200 437
192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:08:48] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:08:51] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:08:54] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:08:57] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:09:00] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:09:03] "GET / HTTP/1.1" 200 437
192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:09:06] "GET / HTTP/1.1" 200 437
192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:09:09] "GET / HTTP/1.1" 200 437
192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:09:12] "GET / HTTP/1.1" 200 437
192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:09:15] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:09:18] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:09:21] "GET / HTTP/1.1" 200 437
192.168.1.112 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:09:24] "GET / HTTP/1.1" 200 437
192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:09:27] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:09:30] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:09:33] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:09:36] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:09:39] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:09:42] "GET / HTTP/1.1" 200 437
Router asking where 192.168.1.107 is. Remind them kindly who the real router 
is...

[18/Jun/2013 22:09:45] "GET / HTTP/1.1" 200 437
192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:09:48] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:09:51] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:09:54] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:09:57] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:10:00] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:10:03] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:10:06] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:10:09] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:10:12] "GET / HTTP/1.1" 200 437
Router asking where 192.168.1.116 is. This is the Subterfuge box. Send regular 
reply.

Router asking where 192.168.1.116 is. This is the Subterfuge box. Send regular 
reply.

[18/Jun/2013 22:10:15] "GET / HTTP/1.1" 200 437
192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:10:18] "GET / HTTP/1.1" 200 437
192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:10:21] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:10:24] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:10:27] "GET / HTTP/1.1" 200 437
Router asking where 192.168.1.107 is. Remind them kindly who the real router 
is...

[18/Jun/2013 22:10:30] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:10:33] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:10:36] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:10:39] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:10:42] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:10:45] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:10:48] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:10:51] "GET / HTTP/1.1" 200 437
192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:10:54] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:10:57] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:00] "GET / HTTP/1.1" 200 437
192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:11:03] "GET / HTTP/1.1" 200 437
192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.112 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:11:06] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:09] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:12] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:15] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:18] "GET / HTTP/1.1" 200 437
192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:11:21] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:24] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:27] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:30] "GET / HTTP/1.1" 200 437
Router asking where 192.168.1.107 is. Remind them kindly who the real router 
is...

[18/Jun/2013 22:11:33] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:36] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:39] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:42] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:11:45] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.112 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:11:48] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:51] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:11:54] "GET / HTTP/1.1" 200 437
192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:11:57] "GET / HTTP/1.1" 200 437
192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:12:00] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:12:03] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:12:06] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:12:09] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:12:12] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:12:15] "GET / HTTP/1.1" 200 437
192.168.1.112 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:12:16] "GET /plugins/ HTTP/1.1" 200 21503
192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

Router asking where 192.168.1.107 is. Remind them kindly who the real router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.112 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:13:09] "GET /netview/ HTTP/1.1" 200 17028
[18/Jun/2013 22:13:09] "GET /static/images/plugins/httpcodeinjection.png 
HTTP/1.1" 200 5589
[18/Jun/2013 22:13:09] "GET /static/images/netview/red.png HTTP/1.1" 200 20569
[18/Jun/2013 22:13:09] "GET /static/images/netview/green.png HTTP/1.1" 200 21016
192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:13:10] "GET /netview/ HTTP/1.1" 200 29800
[18/Jun/2013 22:13:10] "GET /static/images/netview/unknown.png HTTP/1.1" 200 
20858
192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:13:13] "GET /hostcheck/ HTTP/1.1" 200 13526
192.168.1.105 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:13:16] "GET /hostcheck/ HTTP/1.1" 200 13526
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:13:19] "GET /hostcheck/ HTTP/1.1" 200 13526
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:13:22] "GET /hostcheck/ HTTP/1.1" 200 13526
[18/Jun/2013 22:13:24] "GET /settings/ HTTP/1.1" 200 26040
[18/Jun/2013 22:13:24] "GET 
/static/css/images/ui-bg_highlight-soft_75_cccccc_1x100.png HTTP/1.1" 404 1839
[18/Jun/2013 22:13:24] "GET /static/css/images/ui-bg_glass_75_e6e6e6_1x400.png 
HTTP/1.1" 404 1812
[18/Jun/2013 22:13:24] "GET /static/css/images/ui-bg_flat_75_ffffff_40x100.png 
HTTP/1.1" 404 1812
192.168.1.112 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

Router asking where 192.168.1.107 is. Remind them kindly who the real router 
is...

192.168.1.118 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.106 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

Using Interface => eth0
Auto Configure  => yes
Using Gateway   => 192.168.1.1
[18/Jun/2013 22:13:52] "POST /config/settings/ HTTP/1.1" 200 25031
192.168.1.112 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:14:01] "GET /startpwn/auto/ HTTP/1.1" 500 52172
Starting Pwn Ops...
Running AutoPwn Method...
Using:  eth0
Setting gateway as:  192.168.1.1
Automatically Configuring Subterfuge...
Iptables Prerouting Configured

Configuring System...
net.ipv4.ip_forward = 1
IP Forwarding Enabled.
Initiating ARP Poison With ARPMITM...
Starting up SSLstrip...
[18/Jun/2013 22:14:06] "GET / HTTP/1.1" 200 10073
Harvesting Credentials...
Initializing ARPWatch...
Gateway          => 192.168.1.1
Router MAC       => 98:fc:11:6b:97:1b
Local IP Address => 192.168.1.116
Traceback (most recent call last):
  File "/usr/share/subterfuge/sslstrip.py", line 108, in <module>
    main(sys.argv[1:])
  File "/usr/share/subterfuge/sslstrip.py", line 101, in main
    reactor.listenTCP(int(listenPort), strippingFactory)
  File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 436, in listenTCP
    p.startListening()
  File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 641, in startListening
    raise CannotListenError, (self.interface, self.port, le)
twisted.internet.error.CannotListenError: Couldn't listen on any:10000: [Errno 
98] Address already in use.
Poisoning the entire subnet...

[18/Jun/2013 22:14:08] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:10] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:13] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:16] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:19] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:22] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:25] "GET / HTTP/1.1" 200 437
192.168.1.112 is asking where the router is. Remind them kindly who the router 
is...
192.168.1.112 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:14:28] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:31] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:34] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:37] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:40] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:14:43] "GET / HTTP/1.1" 200 437
Router asking where 192.168.1.107 is. Remind them kindly who the real router 
is...

Router asking where 192.168.1.107 is. Remind them kindly who the real router 
is...

[18/Jun/2013 22:14:46] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:49] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:14:52] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:14:55] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:14:58] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:15:01] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:15:04] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:15:07] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:15:10] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:15:13] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:15:16] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:15:19] "GET / HTTP/1.1" 200 437
192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.108 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:15:22] "GET / HTTP/1.1" 200 437
192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

192.168.1.110 is asking where the router is. Remind them kindly who the router 
is...

[18/Jun/2013 22:15:25] "GET / HTTP/1.1" 200 437
[18/Jun/2013 22:15:28] "GET / HTTP/1.1" 200 437
Ceasing Pwn Ops...
Cleaning up...
[18/Jun/2013 22:15:31] "GET /stoppwn/ HTTP/1.1" 500 52085
[18/Jun/2013 22:15:31] "GET / HTTP/1.1" 200 438
Re-arping the network, removing man-in-the-middle...

[18/Jun/2013 22:15:34] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:15:37] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:15:40] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:15:43] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:15:46] "GET / HTTP/1.1" 200 438
[18/Jun/2013 22:15:49] "GET / HTTP/1.1" 200 438
Network Re-ARP Complete

Original issue reported on code.google.com by not2rip...@gmail.com on 19 Jun 2013 at 3:38

GoogleCodeExporter commented 9 years ago

It looks like Dynamic ARP Retention might be DOSing your network. It's a nice 
feature that Subterfuge has, and in most situations it works well; however, 
some router can freak out when this setting is enabled. Try going to the 
Subterfuge settings page -> Configuration -> Toggle Dynamic Retention to off. 
Let me know if that fixes your issue at all?

Original comment by Mtoussain@gmail.com on 26 Jun 2013 at 12:54

GoogleCodeExporter commented 9 years ago

Oh one more thing. An easy way to tell if the host has been poisoned. Under OS 
X run: arp -a Then check to see if the MAC Address of your gateway is the same 
as the MAC of your Kali Machine. If they are then the poison was successful.

Original comment by Mtoussain@gmail.com on 26 Jun 2013 at 12:56

GoogleCodeExporter commented 9 years ago

Dynamic ARP Retention does not seem to be fixing the problem.  Here is how I 
tried to fix the problem.  

I started subterfuge from the command line as usual.  Launched a browser, 
navigated to the configuration page, and disabled Dynamic Retention, and hit 
apply.  I then went back to the subterfuge home page, and hit "start."  Same 
issue.  No collection of passwords.  

As far as arp, I am using it to confirm that the man in the middle attack is 
working at all, which it is not.  The "homeportal" mac address stays the same 
no matter what I do with the attack.  

Please let me know if you would like more logs.

Original comment by not2rip...@gmail.com on 29 Jun 2013 at 11:26

GoogleCodeExporter commented 9 years ago

I have the exact same problem. I am running subterfuge 5.0 on Ubuntu 12.04.2.

I get the same outputs and I am unable to collect credentials from any site 
(tried amazon, yahoo, hotmail, ebay). I also checked arp -a and it did not show 
my computer's MAC address as the default gateway.

As for the Dynamic Retention option under ARP controls, I notice that even 
though I uncheck it and click apply, it still remains checked when I reopen the 
settings page. I can change any other settings and they remain changed except 
for Dynamic Retention which persistently remains active.

Thanks

Original comment by thehoudh...@gmail.com on 4 Jul 2013 at 2:33

GoogleCodeExporter commented 9 years ago

Try going into the Settings page and clicking the Update button. The latest 
version should allow you to properly disable Dynamic ARP Retention if that is 
causing problems on your network.

Original comment by topher.s...@gmail.com on 12 Jul 2013 at 12:49

GoogleCodeExporter commented 9 years ago

I have the same problem and im unable of turnning off the ARP dynamic retention

Original comment by dnevado...@gmail.com on 7 Sep 2013 at 1:36

GoogleCodeExporter commented 9 years ago

Original comment by Mtoussain@gmail.com on 20 Oct 2013 at 5:25

Changed state: Done

GoogleCodeExporter commented 9 years ago

saludos 
amigos este es mi error y de ahi no paso y ya me canse de como solucionar eeste 
error 
si alguien sabe 
ademas no me recolecta las credenciales

Original comment by gersonme...@gmail.com on 9 Nov 2013 at 1:13

Attachments:

[Captura de pantalla de 2013-11-09 02:11:15.png](https://storage.googleapis.com/google-code-attachments/subterfuge/issue-110/comment-8/Captura de pantalla de 2013-11-09 02:11:15.png)

GoogleCodeExporter commented 9 years ago

si alguuien me puede ayudar se lo agradeceria Much0

Original comment by gersonme...@gmail.com on 9 Nov 2013 at 1:17

GoogleCodeExporter commented 9 years ago

what i did, is, on command line:

subterfuge --update

with p, df and mf, problem is fixed. but look, i do not say that this is 
solution, i just share what i did to solve this issue. you can try, but this is 
not promissed fix rule...

Original comment by dimitrij...@gmail.com on 6 Jan 2014 at 3:54

GoogleCodeExporter commented 9 years ago

also you can use e option which is edit, to see and edit configuration file, to 
see if it points to correct ip, router and if it uses correct interface.

Original comment by dimitrij...@gmail.com on 6 Jan 2014 at 3:56

GoogleCodeExporter commented 9 years ago

[deleted comment]

GoogleCodeExporter commented 9 years ago

Hola amigo gersonme para solucionar tu problema ve a settings y en 
configuration desactiva Dynamic Toggle y luego marcas apply

Original comment by Malave...@gmail.com on 27 Jan 2014 at 8:32

GoogleCodeExporter commented 9 years ago

its only going to work on twitter, all the ones you listed use SSL, hence, you 
wont get any passwords using Subterfuge !!!!!

Original comment by executive on 8 Mar 2014 at 7:56

GoogleCodeExporter commented 9 years ago

executive, the idea is to strip it from ssl that is why subterfuge uses 
sslstrip! it should work with ssl!

Original comment by nash...@gmail.com on 13 Aug 2014 at 3:17

0sm0s1z / subterfuge

Subterfuge will not capture credentials #110