I am able to use the start-noupstream.sh script and create an access point successfully.

Using Safari on an iPhone, sites like gmail.com, twitter.com, facebook.com say "Safari cannot open the page because it could not establish a secure connection to the server." I am assuming this is due to HSTS, is there any way to serve these sites the captive portal? Or redirect a site like gmail.com to the google sign in page?

Also when I start the script, after it starts the apache2dnsspoof service I see this:

Warning: DocumentRoot [/usr/share/mana-toolkit/www/facebook] does not exist

I'm assuming I can either create a fake Facebook site or remove the facebook.conf file from the Apache sites-available directory to remove the warning, is that correct?

I recently stumbled upon a attack on Apple devices (IOS and OS X) that allows for a malicious AP to downgrade PEAP to LEAP for the snarfing of MSCHAPV2/V1 creds, Would implementing this attack (link below) to work with MANA/Karma style attacks be feasible?

https://github.com/rpp0/peapwn

I installed this on Kali 2.0 using the apt-get command.
Made the necessary changes to the config files...
Then copied the contents of Portal to the www folder.
When i start the rogue Ap with ./start-noupstream.sh the traffic is not being redirected to the portal...Also i see a notification for signing in to access the web,but when i click it nothing loads up,just a white screen.

Am i missing something or doing something wrong,or is this some sort of bug?

As the title states, I'm wondering if I only need one wifi device (such as the recommended Alfa AWUS050NH) to function as a malicious access point. Basically, the idea is I want to use mana on my desktop and see if I can get an older phone I have (nexus 4) to connect to the malicious mana access point instead of my benign normal home router. I have no wireless card in my desktop right now, so I just wanted to make sure I only need to buy one device. Thanks!

Hii

Is it possible to respond to all probe requests by mana toolkit.

During working with mana toolkit, we need to mention our Rouge SSID in hostapd-karma.conf like:

interface=wlan0
bssid=00:11:22:33:44:00
driver=nl80211
ssid=Internet
channel=6

If we work with these settings, only one AP broadcast with named "Internet" and if victim connects with our AP, then only we're able to sniff data and run other modules.

How can we make it working so that it'll reply to all devices Broadcasted probe requests.

Other issue is:

With this Karma mode, only open WiFi connects to our Rouge AP automatically. How can we make it working so that secured AP also connects with the same ESSID Rouge AP generated by Mana toolkit.

I hope Sensepost staff is the right one who helps in these problems and make it working.
If any other member aslo helps in the same, It'll be a helping hand to complete my college project on WiFi Penetration Testing.

Kind Regards
James

I'm to understand that the captive portal allows one to set the cert/autoconfigure so no warnings are thrown during visiting various websites as well as capturing credentials, and that nat-full has "all the bells and whistles", but no captive portal. Is there a way to add the captive portal to nat-full, redirecting them tot he internet once logged in with a gmail/facebook etc account?

Hi, It looks like Mana-hostapd is looking for libnl header files in places Debian Jessie does not keep them. Bellow is the error message I get when I try and compile Mana:

make -C hostapd-mana/hostapd/
make[1]: Entering directory '/base/dir/mana/hostapd-mana/hostapd'
../src/drivers/driver_nl80211.c:19:27: fatal error: netlink/fgenl.h: No such file or directory
#include <netlink/fgenl.h>
^
compilation terminated.
Makefile:891: recipe for target '../src/drivers/driver_nl80211.o' failed
make[1]: *** [../src/drivers/driver_nl80211.o] Error 1
make[1]: Leaving directory ''/base/dir/mana/hostapd-mana/hostapd'
Makefile:3: recipe for target 'all' failed
make: *** [all] Error 2

I guess update the make file to know where to find fgenl.h?

Installer seems to run fine, when i run the scripts, i get various errors. For starters, tinyproxy is not installed. I installed it from apt-get and it cleared that up. Second, hostapd seems like it's installed to the wrong directory, or the scripts point to the wrong directory.

"./start-noupstream.sh line 20: /usr/lib/mana-toolkit/hostapd: No such file or directory"

Then dhcpd isn't used in kali. I tried installing dhcpd from apt-get and it installs udhcpd instead. I tried editing the script to use that instead, but the dhcpd config doesn't work for udhcpd.

"./start-noupstream.sh line 25: line 25: dhcpd: command not found"

then...

"apache2: apr_sockaddr_info_get() failed for WRT54G"
"apache2: could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName"

after starting metasploit it starts all the karmetasploit servers then:

"stty: standard input: Inappropriate ioctl for device"

That comes accros 8 times, then all of the servers stop and it hangs.

Here's the full log. Formatting came out kinda wonky, but it's still readable.

hostname WRT54G
Stopping network connection manager: NetworkManager already stopped.
Permanent MAC: 1c:65:9d:ef:fe:58 (Liteon Technology Corporation)
Current MAC: 90:41:d4:eb:65:4b (unknown)
New MAC: ec:6f:3f:2b:16:8c (unknown)
Starting web server: apache2.
SSL tunnels disabled, see /etc/default/stunnel4
Hit enter to kill me
�[0m�[36m�[0m

| |
| �[1m3Kom SuperHack II Logon�[0m |
||
| |
| |
| |
| User Name: [ �[31msecurity�[0m ] |
| |
| Password: [ ] |
| |
| |
| |
| �[1m[ OK ]�[0m |
||
| |
| http://metasploit.pro |
|______________________________________________________________________________|�[0m
�[0m

Love leveraging credentials? Check out bruteforcing
in Metasploit Pro -- learn more on http://rapid7.com/metasploit

   =[ �[33mmetasploit v4.11.1-2015022301 [core:4.11.1.pre.2015022301 api:1.0.0]�[0m]

• -- --=[ 1405 exploits - 799 auxiliary - 229 post ]
• -- --=[ 361 payloads - 37 encoders - 8 nops ]
• -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

�[1m�[34m[]�[0m Processing /etc/mana-toolkit/karmetasploit.rc for ERB directives.
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/imap
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/pop3
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[1m�[34m[]�[0m Listening on 0.0.0.0:143...
�[0m�[1m�[34m[]�[0m Server started.
�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/smtp
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[1m�[34m[]�[0m Listening on 0.0.0.0:110...
�[0m�[1m�[34m[]�[0m Server started.
�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/ftp
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[1m�[34m[]�[0m Listening on 0.0.0.0:25...
�[0m�[1m�[34m[]�[0m Server started.
�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/spoof/nbns/nbns_response
�[0m�[1m�[34m[]�[0m Listening on 0.0.0.0:21...
resource (/etc/mana-toolkit/karmetasploit.rc)> set SPOOFIP 10.0.0.1
�[1m�[34m[]�[0m Server started.
�[0mSPOOFIP => 10.0.0.1
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/smb
�[0m�[1m�[34m[]�[0m NBNS Spoofer started. Listening for NBNS requests...
resource (/etc/mana-toolkit/karmetasploit.rc)> set JOHNPWFILE /var/lib/mana-toolkit/captured-smb-hashes.john
�[0mJOHNPWFILE => /var/lib/mana-toolkit/captured-smb-hashes.john
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/sip
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> set JOHNPWFILE /var/lib/mana-toolkit/captured-sip-hashes.john
�[1m�[34m[]�[0m Server started.
�[0mJOHNPWFILE => /var/lib/mana-toolkit/captured-sip-hashes.john
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/telnet
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/printjob_capture
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[1m�[34m[]�[0m Listening on 0.0.0.0:23...
�[0m�[1m�[34m[]�[0m Server started.
�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/drda
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[1m�[34m[]�[0m Starting Print Server on 0.0.0.0:9100 - RAW mode
�[0m�[1m�[34m[]�[0m Server started.
�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/postgresql
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> set SRVHOST 10.0.0.1
�[1m�[34m[]�[0m Server started.
�[0mSRVHOST => 10.0.0.1
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> set SRVHOST 0.0.0.0
�[0mSRVHOST => 0.0.0.0
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/mysql
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> set JOHNPWFILE /var/lib/mana-toolkit/captured-mysql-hashes.john
�[0m�[1m�[34m[]�[0m Listening on 10.0.0.1:5432...
JOHNPWFILE => /var/lib/mana-toolkit/captured-mysql-hashes.john
�[1m�[34m[]�[0m Server started.
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/mssql
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> set JOHNPWFILE /var/lib/mana-toolkit/captured-mssql-hashes.john
�[1m�[34m[]�[0m Listening on 0.0.0.0:3306...
�[0m�[1m�[34m[]�[0m Server started.
JOHNPWFILE => /var/lib/mana-toolkit/captured-mssql-hashes.john
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/vnc
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> set JOHNPWFILE /var/lib/mana-toolkit/captured-vnc-hashes.john
�[1m�[34m[]�[0m Listening on 0.0.0.0:1433...
�[0m�[1m�[34m[]�[0m Server started.
JOHNPWFILE => /var/lib/mana-toolkit/captured-vnc-hashes.john
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/vnc
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> set JOHNPWFILE /var/lib/mana-toolkit/captured-vnc-hashes.john
�[1m�[34m[]�[0m Listening on 0.0.0.0:5900...
�[0m�[1m�[34m[]�[0m Server started.
JOHNPWFILE => /var/lib/mana-toolkit/captured-vnc-hashes.john
resource (/etc/mana-toolkit/karmetasploit.rc)> set SRVPORT 5901
�[0mSRVPORT => 5901
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/imap
�[0mresource (/etc/mana-toolkit/karmetasploit.rc)> set SRVPORT 993
�[1m�[34m[]�[0m Listening on 0.0.0.0:5901...
�[0m�[1m�[34m[]�[0m Server started.
SRVPORT => 993
resource (/etc/mana-toolkit/karmetasploit.rc)> set SSL true
�[0mSSL => true
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/pop3
�[0m�[1m�[34m[]�[0m Listening on 0.0.0.0:993...
resource (/etc/mana-toolkit/karmetasploit.rc)> set SRVPORT 995
�[0mSRVPORT => 995
resource (/etc/mana-toolkit/karmetasploit.rc)> set SSL true
�[0mSSL => true
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
�[1m�[34m[]�[0m Server started.
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/smtp
�[0m�[1m�[34m[]�[0m Listening on 0.0.0.0:995...
resource (/etc/mana-toolkit/karmetasploit.rc)> set SRVPORT 465
�[0mSRVPORT => 465
resource (/etc/mana-toolkit/karmetasploit.rc)> set SSL true
�[0mSSL => true
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/server/capture/telnet
�[0m�[1m�[34m[]�[0m Listening on 0.0.0.0:465...
resource (/etc/mana-toolkit/karmetasploit.rc)> set SRVPORT 992
�[0mSRVPORT => 992
resource (/etc/mana-toolkit/karmetasploit.rc)> set SSL true
�[0m�[1m�[34m[]�[0m Server started.
SSL => true
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job
resource (/etc/mana-toolkit/karmetasploit.rc)> use auxiliary/sniffer/psnuffle
�[0m�[1m�[34m[]�[0m Listening on 0.0.0.0:992...
resource (/etc/mana-toolkit/karmetasploit.rc)> set INTERFACE wlan0
�[1m�[34m[]�[0m Server started.
�[0mINTERFACE => wlan0
resource (/etc/mana-toolkit/karmetasploit.rc)> exploit -j
�[1m�[34m[]�[0m Server started.
�[0m�[1m�[34m[]�[0m Auxiliary module running as background job

�[1m�[34m[]�[0m Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb...
�[1m�[34m[]�[0m Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb...
�[1m�[34m[]�[0m Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb...
�[1m�[34m[]�[0m Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/psnuffle/smb.rb...
�[1m�[34m[]�[0m Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb...
�[1m�[34m[]�[0m Sniffing traffic.....
�[4mmsf�[0m auxiliary(�[1m�[31mpsnuffle�[0m) �[0m> �[0m�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[]�[0m Server stopped.
�[1m�[34m[*]�[0m Server stopped.
Stopping web server: apache2 ... waiting .

output is

root@kali:~# '/root/Desktop/MANA/run-mana/mana-menu.sh'
Do you want to intercept victim communication to the Internet or fake the Internet? (nat/noupstream)
nat
/root/Desktop/MANA/run-mana)/mana-menu.sh: line 240: syntax error near unexpected token fi' /root/Desktop/MANA/run-mana//mana-menu.sh: line 240:fi'

I am running kali 2.0 fully updated with the latest version of mana. How do I fix this?

Hii..

I'm new in wifi penetration. I'm seeking some help in using airbase-ng with mana toolkit so that I'm able to connect all open wifi automatically.

It is working fine with karma toolkit but I'm not able to run with mana toolkit.

I hope somebody highly experienced people / creator of mana toolkit will help me in this problem.

Regards

make -C hostapd-mana/hostapd/
make[1]: Entering directory '/root/mana/hostapd-mana/hostapd'
../src/drivers/driver_nl80211.c:19:31: fatal error: netlink/genl/genl.h: No such file or directory
#include <netlink/genl/genl.h>
^
compilation terminated.
Makefile:891: recipe for target '../src/drivers/driver_nl80211.o' failed
make[1]: *** [../src/drivers/driver_nl80211.o] Error 1
make[1]: Leaving directory '/root/mana/hostapd-mana/hostapd'
Makefile:3: recipe for target 'all' failed
make: *** [all] Error 2

I'm keen to speak to someone who's got this running on recent software.

I have tried on Kali 1.0.8 and latest, and ubuntu 14.0.4.2 with the install scripts and I have had no success.

the most frustrating thing is I've had this working until I dist-upgraded my old VM :'(

This project gets a part of the handshake from probing clients, which is enough from cracking.

https://github.com/dxa4481/WPA2-HalfHandshake-Crack

maybe this could be integrated?

Greeting!

I am trying to install mana-tookit but have errors all time. When i decided to erase disk, install fresh kali 1.1.0a, then update&&upgrade still have some errors. I am no experienced user but maybe you can help mi with this. Console logs below:
(..)
CC ../src/ap/peerkey_auth.c
CC ../src/drivers/driver_hostap.c
CC ../src/drivers/driver_wired.c
../src/drivers/driver_nl80211.c:19:31: fatal error: netlink/genl/genl.h: No such file or directory
compilation terminated.
make[1]: *** [../src/drivers/driver_nl80211.o] Error 1
make[1]: Leaving directory /root/mana/hostapd-mana/hostapd' make: *** [all] Error 2 root@kali:~/mana# make install --# Create the target directories install -d -m 755 /usr/share/mana-toolkit/www install -d -m 755 /usr/share/mana-toolkit/crackapd install -d -m 755 /usr/share/mana-toolkit/firelamb install -d -m 755 /usr/share/mana-toolkit/sslstrip-hsts/sslstrip2 install -d -m 755 /usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/sslstrip install -d -m 755 /usr/share/mana-toolkit/sslstrip-hsts/dns2proxy install -d -m 755 /usr/share/mana-toolkit/net-creds install -d -m 755 /usr/share/mana-toolkit/cert install -d -m 755 /usr/share/mana-toolkit/run-mana install -d -m 755 /usr/lib/mana-toolkit/ install -d -m 755 /var/lib/mana-toolkit/sslsplit install -d -m 755 /etc/mana-toolkit/ install -d -m 755 /etc/stunnel/ install -d -m 755 /etc/apache2/sites-available/ --# Install configuration files install -m 644 run-mana/conf/* /etc/mana-toolkit/ install -m 644 crackapd/crackapd.conf /etc/mana-toolkit/ install -m 644 apache/etc/apache2/sites-available/* /etc/apache2/sites-available/ --# Install the stunnel configuration we want install -m 644 apache/etc/stunnel/stunnel.conf /etc/stunnel/mana-toolkit.conf --# Install the hostapd binary install -m 755 hostapd-mana/hostapd/hostapd /usr/lib/mana-toolkit/ install: cannot stathostapd-mana/hostapd/hostapd': No such file or directory
make: *** [install] Error 1

Thanks in advance! :)

I have been working all night to get Mana to work with a TP Link WN722N, and keep failing. What I notice is that whenever I change the hostapd-karma.conf file to listen on wlan2 it always defaults itself back to wlan0, which does not support master mode, and forces the entire attempt to fail. Also, I have changed the driver to the driver indicated by airmon-ng and it keeps telling me that the driver cannot be found. What am I doing wrong?

Hi,
It would be great if you could make tagged releases with "standard" versions (something like v2.0).
For kali we made snapshot of the git repository but it's better to have tagged releases:
we have tools that monitors web pages listing release, and it works well with github pages showing git tags. Each time you will release a new tagged version (with a larger number than previous versions), we will be informed and we will be able to update quickly.
Thanks!

Hi guys,

My problem is, after running "sudo ./start-nat-full.sh" inside /usr/share/mana-toolkit/run-mana and the script runs, when I try connecting a host to the access point, that host doesn't receive internet connection.

Here's the full list of my configuration.

Kali Linux 1.1.0 running in VMWare Workstation
Installed mana-toolkit using "apt-get install mana-toolkit" command.

When I run the program, my network connection manager is STOPPED. This disconnects my internet connection inside the Kali Linux virtual machine. Is this fine?

The configuration inside start-nat-full.sh:

upstream=eth0
phy=wlan0

I am connecting a macbook air or iPad Mini as hosts -- each device doesn't receive internet connectivity. All I can see is "internet", "androidAP", and generated SSID based from my router.

Before running the program

My ifconfig

wlan0 Link encap:Ethernet HWaddr f0:7d:68:6b:60:29
inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::f27d:68ff:fe6b:6029/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29110 errors:0 dropped:0 overruns:0 frame:0
TX packets:29399 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:23951877 (22.8 MiB) TX bytes:4350956 (4.1 MiB)

My netstat -rn

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

After running the program (while it's running)

My ifconfig

wlan0 Link encap:Ethernet HWaddr 00:11:22:33:44:00
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::211:22ff:fe33:4400/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29655 errors:0 dropped:0 overruns:0 frame:0
TX packets:29674 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:24064849 (22.9 MiB) TX bytes:4423155 (4.2 MiB)

My netstat-rn

root@WRT54G:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.0 10.0.0.1 255.255.255.0 UG 0 0 0 wlan0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

This is what I see when I initiated "sudo ./start-nat-full.sh".

hostname WRT54G
[ ok ] Stopping network connection manager: NetworkManager.
Permanent MAC: f0:7d:68:6b:60:29 (D-link Corporation)
Current MAC: f0:7d:68:6b:60:29 (D-link Corporation)
New MAC: 4c:56:57:d1:12:d7 (unknown)
Configuration file: /etc/mana-toolkit/hostapd-karma.conf
Using interface wlan0 with hwaddr 00:11:22:33:44:00 and ssid "Internet"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED
Internet Systems Consortium DHCP Server 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Wrote 1 leases to leases file.
Listening on LPF/wlan0/00:11:22:33:44:00/10.0.0.0/24
Sending on LPF/wlan0/00:11:22:33:44:00/10.0.0.0/24
Sending on Socket/fallback/fallback-net
/usr/share/mana-toolkit/run-mana
Hit enter to kill me
Generated RSA key for leaf certs.
SSLsplit (built 2014-05-26)
Copyright (c) 2009-2014, Daniel Roethlisberger [email protected]
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using SSL_MODE_RELEASE_BUFFERS
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.19-stable
rtlinked against libevent 2.0.19-stable
1 CPU cores detected
proxyspecs:

• [0.0.0.0]:10025 tcp plain netfilter
• [0.0.0.0]:10465 ssl plain netfilter
• [0.0.0.0]:10110 tcp plain netfilter
• [0.0.0.0]:10995 ssl plain netfilter
• [0.0.0.0]:10143 tcp plain netfilter
• [0.0.0.0]:10993 ssl plain netfilter
• [0.0.0.0]:10080 tcp http netfilter
• [0.0.0.0]:10443 ssl http netfilter
  Loaded CA: '/C=ZA/ST=Gauteng/L=Pretoria/O=SensePost/OU=MANA/CN=MANA/emailAddress=[email protected]'
  evdns cannot parse resolv.conf: no nameservers listed in file (6)
  sslsplit: failed to initialize proxy.
  Non spoofing imap.gmail.com
  Non spoofing www.google.com
  Non spoofing www.apple.com
  Non spoofing to 127.0.0.1
  Specific domain IP .domain.com with 192.168.1.1
  binded to UDP port 53.
  waiting requests.
  WARNING: No route found for IPv6 destination :: (no default route?)
  MANA (FireLamb) : [+] Saving output to /var/lib/mana-toolkit/lamb_braai/
  MANA (FireLamb) : [+] Listening for cookie traffic on interface wlan0

sslstrip 0.9 + by Moxie Marlinspike running...

• POC by Leonardo Nve
  serving a request.

This is what I see when I run "service apache2 restart"

[....] Restarting web server: apache2Warning: DocumentRoot [/usr/share/mana-toolkit/www/facebook] does not exist
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
Warning: DocumentRoot [/usr/share/mana-toolkit/www/facebook] does not exist
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
. ok

Hi,

This is an awesome project thanks and I can't wait to try it out. I looked through the start scripts in the run-mana folder, changed the paths to the files and interface names (wlan0, eth0) but when I run the start script it can't find hostapd. When I look in the hostapd folder there is not a file with that name. Where can I find the custom hostapd executable?

Thanks,

https://github.com/Torinson/lootbooty has been an incredible tool. Essentially any EAP type (with the exception of EAP-TLS w/ client side cert validation), it will give an MSCHAPv2 success response and then only accept GTC authentication. Any client that supports GTC will send credentials through the tunnel in cleartext rather than MSCHAP C/R. In networks that do not separate BYOD and corporate wireless this works VERY well. I was thinking it would be worthwhile to include it into mana. However, it looks as though its built upon freeradius and a patch that always sends an MSCHAPv2 success message. I was thinking that perhaps someone could translate that to hostapd, however based on my testing it would break hostapd. Perhaps use the patched freeradius as a submodule. The ruby script seems to only consist of editing the conf and only allowing GTC auth, the rest is pretty much outputting to a log file and grepping. However, it would probably be a great addition to mana.

Im relitivly new to linux and am having a few issues trying to work out how to achieve my goal.

I would like to use your scripts to host a no upstream based captive portal on a raspberry pi and log the credentials to a log file.

I have been using the default portal with some success after modifying the location of the default.conf
However i notice that apple.com and google.com will not be directed to the portal instead its directed to the google and apple folder. Whilst i see the logic in this i would like to direct all sites to my default portal however I'm struggling to find the location of the file to edit.

Could you point me in the best direction please?

Just heard about this technique: https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf

Would be great if this could be added.

I've noticed my phone (Galaxy S3 with Cyanogenmod) disconnects from the AP every several minutes or so. It does immediately reconnect, but it is apparent the connection is lost for some unknown reason. You can see the client reconnect from the terminal output. This does not occur with normal access points.

Hello,

I am trying out mana and love it however on iPhone with Safari when logging into a secure page you can see sslstrip change the domain to wwww.example but then either the page displays only the text minus images and CSS or not page at all.

I am using a clean install of Kali and installed mana-toolkit via apt-get and using start-nat-full.ssh

When running the no-upstream script, a smartphone won't stay connected to the network. It keeps dropping.

http://pastebin.com/zsk8pfrT

Hello,

Using builtin wlan0 and an external Alfa NHA as wlan1, starting up shows the following errors:-

nl80211: could not configure driver mode
nl80211: driver initialisation failed
hostapd_free_hapd_data: interface wlan1 wasn't started

service network-manager stop has been commented out from the startup script.

Any clues?
Ubuntu 14.04

Hello!
Seems default wlan driver in hostapd-karma.conf cant work with rtl8192cu chipset. Ordinary hostapd works with driver=rtl871xdrv, but hostapd from mana-toolkit shows invalid/unknown driver 'rtl871xdrv'.
Is there a way to build hostapd-mana for rtl871xdrv driver?

When starting any of the mana-toolkit scripts, I don't get the names of the probed/responded SSID's. All my log is showing is (null):

wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated

wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)

wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx

KARMA: Successful association of xx:xx:xx:xx:xx:xx to ESSID '(null)'

Any known fix to this? Or am I the only one with this problem?

Install the hostapd binary

install -m 755 hostapd-mana/hostapd/hostapd /usr/lib/mana-toolkit/
install: cannot stat ‘hostapd-mana/hostapd/hostapd’: No such file or directory
Makefile:6: recipe for target 'install' failed
make: *** [install] Error 1

Hey guys,
I am running Kali. Did an apt-get update and upgrade to be sure everything was up to date. Cloned into mana, ran the kali-install.sh file. Edited the start-nat-full.sh bash script with my upstream interface wlan0 (built in radio) and set the phy interface to wlan2 (my TP-LINK TL-WN722N). It creates the network but when I connect to it from my Android phone and try and load anything... I have no internet access.

I ran ifconfig while mana was running and it looked like it had disabled wlan0 since it didn't appear in the list. Is that normal? Is that what was killing my connectivity?

F

Hi guys,

As opposed to my build-in wifi (Macbook Air 2012) I cant get my Alfa AWUS036NHA usb wifi adapter working with mana.

Using driver nl80211 it states in the terminal:
nl80211: Could not configure driver mode
nl80211 driver initialization failed.
hostapd_free_hapd_data: Interface wlan3 wasn't started
Configuration file: /etc/mana-toolkit/hostapd-karma.conf

Whereas using the rtl8187 driver start-nat-full.sh fails with:
Configuration file: /etc/mana-toolkit/hostapd-karma.conf
Line 3: invalid/unknown driver 'rtl8187'
1 errors found in configuration file '/etc/mana-toolkit/hostapd-karma.conf'
Failed to set up interface with /etc/mana-toolkit/hostapd-karma.conf
Failed to initialize interface

OS: Kali Linux

Any idea on how to get this working properly?
Thank you very much and keep on the great work on this project!

https://github.com/LeonardoNve/dns2proxy v1.0

Is it possible to manually add SSIDs to Hostapd-mana while it is running?
It is possible to add SSIDs on original hostapd-karma with karma_add_ssid from hostapd_cli.

Hello,

I was wondering if the issue of 'domain' prefixes have been addresses with the custom hostapd. see this pull request from hostapd-wpe OpenSecurityResearch/hostapd-wpe#4 . I havent been able to confirm one way or another. Typically, if the domain\ prefix is used there is still a C/R captured but it is uncrackable due to the truncation of the domain prefix. Any clarification is appreciated.

i've installed mana toolkit since a while now, and till this i wasn't able to sslstrip any of https websites, i've tried to look up articles from everywhere, but nothing.

i'll appreciate any help

I already read issue #32, but #CONFIG_LIBNL32=y is uncommented in my .config:
#32

This is the output I'm getting:

CC ../src/radius/radius_das.c
CC ../src/ap/accounting.c
CC ../src/ap/vlan_init.c
CC ctrl_iface.c
CC ../src/ap/ctrl_iface_ap.c
CC ../src/ap/iapp.c
CC ../src/ap/peerkey_auth.c
../src/drivers/driver_hostap.c: In function ‘hostap_send_eapol’:
../src/drivers/driver_hostap.c:319:8: error: too few arguments to function ‘hostap_send_mlme’
res = hostap_send_mlme(drv, (u8 *) hdr, len, 0);
^
../src/drivers/driver_hostap.c:269:12: note: declared here
static int hostap_send_mlme(void *priv, const u8 *msg, size_t len, int noack,
^
../src/drivers/driver_hostap.c: In function ‘hostap_sta_deauth’:
../src/drivers/driver_hostap.c:1055:9: error: too few arguments to function ‘hostap_send_mlme’
return hostap_send_mlme(drv, (u8 *) &mgmt, IEEE80211_HDRLEN +
^
../src/drivers/driver_hostap.c:269:12: note: declared here
static int hostap_send_mlme(void *priv, const u8 *msg, size_t len, int noack,
^
../src/drivers/driver_hostap.c: In function ‘hostap_sta_disassoc’:
../src/drivers/driver_hostap.c:1093:10: error: too few arguments to function ‘hostap_send_mlme’
return hostap_send_mlme(drv, (u8 *) &mgmt, IEEE80211_HDRLEN +
^
../src/drivers/driver_hostap.c:269:12: note: declared here
static int hostap_send_mlme(void *priv, const u8 *msg, size_t len, int noack,
^
../src/drivers/driver_hostap.c: In function ‘wpa_driver_hostap_poll_client’:
../src/drivers/driver_hostap.c:1172:2: error: too few arguments to function ‘hostap_send_mlme’
hostap_send_mlme(priv, (u8 *)&hdr, sizeof(hdr), 0);
^
../src/drivers/driver_hostap.c:269:12: note: declared here
static int hostap_send_mlme(void *priv, const u8 *msg, size_t len, int noack,
^
../src/drivers/driver_hostap.c: In function ‘hostap_sta_disassoc’:
../src/drivers/driver_hostap.c:1095:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
../src/drivers/driver_hostap.c: In function ‘hostap_sta_deauth’:
../src/drivers/driver_hostap.c:1057:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
Makefile:922: recipe for target '../src/drivers/driver_hostap.o' failed

/usr/bin/ld: cannot find -lnl-genl-3
collect2: error: ld returned 1 exit status
Makefile:917: recipe for target 'hostapd' failed
make[1]: *** [hostapd] Error 1
make[1]: Leaving directory '/home/pi/mana/hostapd-mana/hostapd'
Makefile:3: recipe for target 'all' failed
make: *** [all] Error 2

The start-nat-full.sh script outputs far too much information to the terminal. It is easy to have it output thousands or tens of thousands of lines, much of which is repeated, not useful, or time consuming to understand, interpret, or process. I would strongly suggest parsing the output to make it concise, useful, and easy to process. Alternatively, or additionally, a web interface could nicely display the information necessary. Presently, I don't easily see the devices connected or what is really going on. I mainly see tons of responses blasted out or large amounts of sslsplit information. Making the information easier to consume and process would be a great improvement.

Hello,

I am currently running Kali 3.14-5-1 amd64 and i installed mana-toolkit by downloading from git. I ran ./kali-install.sh, no error encountered. After modifying the .conf and .sh to change from wlan0 -> wlan2 i ran start-nat-full.sh which created the Internet AP.

I have tested manually connecting my phone to the Internet AP.
After connecting i tried:

• starting facebook app => error loading news feed
• starting yahoo.com via chrome browser => got cert Authority invalid, clicked on proceed anyway(unsafe), refreshes, and gave me HSTS notice.

I am having issues grabbing anything.

I have also tried start-noupstream.sh which should force the client to the capture page, this didn't happened either, in this mode the client makes dns queries to 8.8.8.8 but nobody catches them neither responds to them to redirect.

Here is the output of start-nat-full.sh
http://pastebin.com/FM2QS8DM
http://pastebin.com/5xLNq8G9

Am i doing something wrong?

See in the readme file:

If you're installing from git, you can use the following commands after you have grabbed the necessary dependencies:

However, it doesn't even list the necessary dependencies needed or optional dependencies in mana-toolkits readme.

This can be somewhat confusing to someone new to this or someone installing on another distro that isnt based on Debian or Ubuntu such as Arch.

Also would like to point out that there is no clear listing on what distros are supported.

I have a problem with the Mana-Toolkit on multiple laptops.
When I launch the application it broadcasts the SSIDS for the devices.
But I have to manually start the connection.
The devices (iPhone, iPad, androids, laptops) do not start the connection automatically.
For example, I have a wifi called 'School' which my iPhone automatically connects. So Mana reacts on the beacon frames and starts a SSID 'School'. The iPhone do not starts the connection automatically, I have to start the connection manually by clicking on the SSID on the iPhone.
A few years ago I had a Pineapple who automatically starts the connection, if the wifi is on, without any user interaction.
Is this a limitation from the Mana-Toolkit or am I missing something?

Using the latest nethunter 3 I fired up mana in full nat and the first time it worked.
I disconected and since then it does not resolve DNS and so no forwarding.
This works fine in simple mode.

Hello Sir

Other services like facebook, live.com etc working fine on HSTS sslstripping on Chrome browser. But when we are opening "gmail.com on Google Chrome" the page stops responding.

Is the SSLSTRIP2 + Dns2proxy method also stopped or am I doing mistake somewhere.

Hi when I try and install mana using the most recent version of the make file I get the following error whenever I try sudo make install on stock debian

install -m 644 run-mana/cert/* /usr/share/mana-toolkit/cert/

Install the scripts

install -m 755 crackapd/crackapd.py /usr/share/mana-toolkit/crackapd/
install -m 644 firelamb/* /usr/share/mana-toolkit/firelamb/
chmod 755 /usr/share/mana-toolkit/firelamb/.py
/usr/share/mana-toolkit/firelamb/.sh
install -m 644 sslstrip-hsts/dns2proxy/*
/usr/share/mana-toolkit/sslstrip-hsts/dns2proxy/
install: cannot stat `sslstrip-hsts/dns2proxy/': No such file or directory
make: ** [install] Error 1

I am a developer for the ArchAssault Team, we would like to distribute it but its missing a license. We were curious if it inherits the licenses of the tools that make up mana or if it has its own license?

Ran into a strange one here, everything works fine but when heaps of clients connect it gets to a point where any new clients trying to connect can not and the message shown is something like. failed to add sta to kernel mode driver.

after this point i have to break mana and restart it.

HI I am not sure if this is already implemented but would it be possible to have the captive portal and the phishing pages (google,apple, etc) work in upstream mode? Like capture the credentials and then forward the victim to the legitimate service? It might be tricky with SSL/HSTS but it would be worth implementing In my opinion.

The linked github for SSLstrip2 has been emptied by the creator due to Spanish gag law apparently. Is there another source for those files to complete the mana toolkit? I've done some digging and can't find anything.

I have got this started with the full mode. Most things seem to be working pretty well. However, Internet connectivity with mobile applications tends not to work. A few work, but most of them don't have any connectivity. Sportsenter seemed to work, but most apps like Twitter, Facebook, Messenger, NBC News, Flipboard, Snapchat, OneDrive, Amazon, and Speedtest didn't work. Interestingly enough, pretty much everything through Chrome works fine (though there are the expected certificate errors). My hunch is that the issue lies with SSLsplit and SSLstrip. Both seem to be working as expected on my Kali box though.

./start-noupstream.sh
[*] Auxiliary module running as background job

[] Server started.
stty: standard input: Inappropriate ioctl for device
[] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb...
stty: standard input: Inappropriate ioctl for device
[] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb...
stty: [] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb...
standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device
[] Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/psnuffle/smb.rb...
[] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb...
[] Sniffing traffic.....
stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device
msf auxiliary(psnuffle) > stty: standard input: Inappropriate ioctl for device
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.
[] Server stopped.

Gets some weird error and apparently Metasploit goes down.
Normal SSID output after though, so not completely dead.