WiFi Pentesting With a Pineapple NANO, OS X and BetterCap


After a few weeks of testing on the field, I’ve found the perfect configuration for WiFi pentesting using a WiFi Pineapple NANO, an OSX laptop and BetterCap.
Since different people from different forums had issues making this work ( mostly due to the difficulties of internet connection sharing between OSX and the Pineapple ) I’ve decided to share my setup today ^_^


nano

Read More

OSX Mass Pwning Using BetterCap and the Sparkle Updater Vulnerability.



bettercap

Yesterday Radek from VulnSec posted an interesting article named “There’s a lot of vulnerable OS X applications out there.“, he discovered that the Sparkle update system ( used by some very popular OSX apps such as VLC, Adium, iTerm and so forth ) uses HTTP instead of HTTPS to fetch updates informations for such applications, making all of them vulnerable to man in the middle attacks and, as he shown, remote command execution attacks.

I’m not going to explain the details of his attack, his post is quite self explainatory, but I’ll show you how easy it is to mass pwn OSX machines on your network using the new OSX Sparkle bettercap proxy module.

Read More

Why You Shouldn't Trust CloudFlare's 'Flexible SSL' and How to Bypass It With BetterCap


Let me clear one thing about this post … this is not a CloudFlare vulnerability report and, even in that case, there’s really nothing they could do in order to fix it unless they’d block direct traffic to HTTP websites.
This is only a blog post about why you shouldn’t blindly trust free services that offer you some sort of SSL protection if your server itself is not SSL protected by default.

Read More

Autopwn Every Android < 4.2 Device on Your Network Using BetterCap and the addJavascriptInterface Vulnerability.


Recently I’ve been playing with Android’s WebView based vulnerabilities, focusing on how to exploit them using a MITM attack.
One of the most interesting ones is the addJavascriptInterface vulnerability ( CVE-2012-6636 ) which affects every device running a version older than Android 4.2.

Read More

BetterCap and the First REAL DoubleDirect ICMP Redirect Attack


The next release of bettercap will include a new spoofer module as an alternative to the default ARP spoofer.
The new module performs a fully automated and full duplex ICMP Redirect MITM attack, what my collegues at Zimperium discovered and called a DoubleDirect attack.

BetterCap will be the very first MITM framework to have this feature 100% working without any additional spoofers.

Read More

Past, Present and Future of Bettercap


Four months passed since my first blog post about bettercap, a lot of fixes have been released and a lot of new features have been implemented.
In this post I’d like to talk about some of these new features and describe them a little bit, this is basically a big changelog since the very first version, for a complete list of code changes you can read the releases github page.

Read More