Open GoogleCodeExporter opened 9 years ago
Thank you again for your quick answer!
I did not use AutoConfigure on purpose! IT SEEMS IT CAN NOT BE DESELECTED
EFFECTIVELY AT ALL. Here is why:
AutoConfigure was DEselected when shutting down the computer for restart.
After restarting the old values in Subterfuge "MITM Settings" window were still
present
(wlan1 and default gateway 192.168.178.1)
and in the bash I saw this:
-------------------------------------------------------
subterfuge
Subterfuge courtesy of r00t0v3rr1d3 & 0sm0s1z
Checking for updates. You can disable this feature through the settings page.
Subterfuge is still cutting edge!
Current version is: 5.0.8
Validating models...
0 errors found
Django version 1.3.1, using settings 'subterfuge.settings'
Development server is running at http://127.0.0.1:80/
Quit the server with CONTROL-C.
[06/Nov/2013 11:49:11] "GET / HTTP/1.1" 200 9593
[06/Nov/2013 11:49:11] "GET / HTTP/1.1" 200 438
No default gw on eth0
No default gw on wlan0
[06/Nov/2013 11:49:17] "GET /settings/ HTTP/1.1" 200 26010
[06/Nov/2013 11:49:17] "GET /static/css/images/ui-bg_flat_75_ffffff_40x100.png
HTTP/1.1" 404 1812
[06/Nov/2013 11:49:17] "GET
/static/css/images/ui-bg_highlight-soft_75_cccccc_1x100.png HTTP/1.1" 404 1839
[06/Nov/2013 11:49:17] "GET /static/css/images/ui-bg_glass_75_e6e6e6_1x400.png
HTTP/1.1" 404 1812
-----------------------------------------------------
==> meaning Subterfuge is already looking for default gw on eth0 and wlan0
(autoconfigure was still NOT selected by me)
and unable to find it since I use wlan1 interface to connect.
================================================================================
==========
================================================================================
==========
On the next trial I did the following:
1. deselected AutoConfigure on the "settings" page
2. pressed the Purge Data button on the "Settings" page
3. rebooted my machine
4. connected to my WLAN network via wlan1 interface
5. started Subterfuge with command "subterfuge" in bash
6. started Chrome browser and navigated to 127.0.0.1
7. selected "settings" window
- AutoConfigure checkbox was SELECTED (in spite of the fact that I DEselected it before reboot)
- Interface and gateway box were blank
- the readout in the bash was as follows:
--------------------------------------------------------------------------------
------
root@kali:~# subterfuge
Subterfuge courtesy of r00t0v3rr1d3 & 0sm0s1z
Checking for updates. You can disable this feature through the settings page.
Subterfuge is still cutting edge!
Current version is: 5.0.8
Validating models...
0 errors found
Django version 1.3.1, using settings 'subterfuge.settings'
Development server is running at http://127.0.0.1:80/
Quit the server with CONTROL-C.
[06/Nov/2013 14:13:42] "GET / HTTP/1.1" 200 9594
[06/Nov/2013 14:13:43] "GET / HTTP/1.1" 200 438
No default gw on eth0
No default gw on wlan0
[06/Nov/2013 14:15:01] "GET /settings/ HTTP/1.1" 200 25996
[06/Nov/2013 14:15:01] "GET /static/css/images/ui-bg_flat_75_ffffff_40x100.png
HTTP/1.1" 404 1812
[06/Nov/2013 14:15:01] "GET
/static/css/images/ui-bg_highlight-soft_75_cccccc_1x100.png HTTP/1.1" 404 1839
[06/Nov/2013 14:15:01] "GET /static/css/images/ui-bg_glass_75_e6e6e6_1x400.png
HTTP/1.1" 404 1812
--------------------------------------------------------------------------------
---------
8. I selected wlan1 Interface and Gateway 192.168.178.1 manually
9. deselected AutoConfigure
10 went to "Modules" window, selected "Credential Harvester" and pressed "Apply"
11.pressed "SUBTERFUGE" on top of the site
the bash readout was this:
--------------------------------------------------------------------------------
---------
[06/Nov/2013 14:15:01] "GET /static/css/images/ui-bg_flat_75_ffffff_40x100.png
HTTP/1.1" 404 1812
[06/Nov/2013 14:15:01] "GET
/static/css/images/ui-bg_highlight-soft_75_cccccc_1x100.png HTTP/1.1" 404 1839
[06/Nov/2013 14:15:01] "GET /static/css/images/ui-bg_glass_75_e6e6e6_1x400.png
HTTP/1.1" 404 1812
[06/Nov/2013 14:24:37] "GET /plugins/ HTTP/1.1" 200 23444
[06/Nov/2013 14:26:14] "GET / HTTP/1.1" 200 9594
[06/Nov/2013 14:26:14] "GET / HTTP/1.1" 200 438
--------------------------------------------------------------------------------
---------
12. pressed "Start" at the top right corner
--> a box with the following text opened:
"The page at 127.0.0.1 says:
Subterfuge will attempt to autoconfigure your network settings.
You can turn off auto configuration in the settings tab. (Cancel / OK)"
13. selected "OK"
the bash readout was this:
--------------------------------------------------------------------------------
--------
[06/Nov/2013 14:24:37] "GET /plugins/ HTTP/1.1" 200 23444
[06/Nov/2013 14:26:14] "GET / HTTP/1.1" 200 9594
[06/Nov/2013 14:26:14] "GET / HTTP/1.1" 200 438
[06/Nov/2013 14:33:45] "GET /startpwn/auto/ HTTP/1.1" 500 52911
Starting Pwn Ops...
Running AutoPwn Method...
No default gw on eth0
No default gw on wlan0
Using: wlan1
Setting gateway as: 192.168.178.1
Automatically Configuring Subterfuge...
Iptables Prerouting Configured
Configuring System...
net.ipv4.ip_forward = 1
IP Forwarding Enabled.
Initiating ARP Poison With ARPMITM...
Starting up SSLstrip...
Encountered an error configuring arpwatch: Router MAC Address Unknown.
Terminating...
Harvesting Credentials...
Starting FTP Sniffer
sslstrip 0.9 by Moxie Marlinspike running...
Poisoning the entire subnet...
Unable to determine gateway. Please ensure proper network connectivity and try
again.
--------------------------------------------------------------------------------
---------------
14. checked connectivity by surfing to www.google.de via Iceweasel browser (on
wlan1 Interface)
---> connectivity was excellent!!
WHAT NOW?????
Thanks again!
FriFri
Original comment by frifrit...@gmail.com
on 6 Nov 2013 at 9:34
We had a similar issue to this in the past, but released a patch for it at the
time. I will check to see what happened to that and fix the issue immediately
if I can.
In your step 12:
12. pressed "Start" at the top right corner
--> a box with the following text opened:
"The page at 127.0.0.1 says:
Subterfuge will attempt to autoconfigure your network settings.
You can turn off auto configuration in the settings tab. (Cancel / OK)"
If you click on cancel subterfuge will run the attack without executing the
autoconfiguration script (that may be a feasible workaround while I
troubleshoot your issue)
In step 9 & 10:
9. deselected AutoConfigure
10 went to "Modules" window, selected "Credential Harvester" and pressed "Apply"
Did you click apply before going to the Modules window? I'm not sure that your
settings will take from across multiple tabs simultaneously (they are different
forms, I haven't tested that specific thing, but I don't think it will work)
I'm sorry for all the trouble you're having with Subterfuge, but I appreciate
you helping us debug the framework in order to work the kinks out.
Original comment by Mtoussain@gmail.com
on 6 Nov 2013 at 10:11
Hi again,
concerning your questions:
In my step 12:
If I hit "OK" autoconfigure will be applied.
If I hit "cancel" nothing will happen. Subterfuge does not start its work at
all.
Anyway - the error was on my side: I should have hit "apply" which I did not,
due to my screen resolution (I have to scroll down to seen the "apply" button,
which I have to hit for manual setup to be effctive)
In my step 9 & 10:
I did hit the "apply" button which is located within the modules window.
I did hit it after selecting the module "credential harvester", also within the
modules window.
I did not select any other module or tab at all.
-------------------------------------------------------------------
So, manual setup did not help.
Selecting no module at all did not help.
Result is still: No credentials harvested.
What can I try next?
Thank you very much.
FriFri
Original comment by frifrit...@gmail.com
on 16 Nov 2013 at 10:26
Hey I was having the same problem with subterfuge I did manage to fix the
problem by enabling promiscuous mode in VMware hope this helps
Original comment by mcorriga...@gmail.com
on 5 Jan 2015 at 12:07
Original issue reported on code.google.com by
Mtoussain@gmail.com
on 6 Nov 2013 at 4:01