I created the Access Point and i can sniff all packets sent by the client but the only problem is the client is not connected to the internet.
- Wifipumpkin3 version: wifipumpkin3 v1.0.5
- Virtual Machine (yes or no and which): NO
- Operating System: Kali GNU/Linux Rolling
- version: 2020.2
These are the logs produced by wifipumpkin3 :
:Header::
op: BOOTREQUEST
hwmac: MAC('2c:0e:3d:6d:bd:84')
flags:
hops: 0
secs: 0
xid: 753498575
siaddr: IPv4Address('0.0.0.0')
giaddr: IPv4Address('0.0.0.0')
ciaddr: IPv4Address('0.0.0.0')
yiaddr: IPv4Address('0.0.0.0')
sname: ''
file: ''
::Body::
[ ][012] hostname: 'Boo'
[-][053] dhcp_message_type: DHCP_DISCOVER
[-][055] parameter_request_list: 053:dhcp_message_type
[ ][057] maximum_dhcp_message_size: 1500
[ ][060] vendor_class_identifier: 'android-dhcp-8.0.0'
[ ][061] client_identifier: [300, 3645, 28093]
[ pydhcp_server ] 00:38:33 - DISCOVER: packet from 10.0.0.21
[ pydhcp_server ] 00:38:33 - SEND to ('0.0.0.0', 68):
::Header::
op: BOOTREPLY
hwmac: MAC('2c:0e:3d:6d:bd:84')
flags:
hops: 0
secs: 0
xid: 753498575
siaddr: IPv4Address('0.0.0.0')
giaddr: IPv4Address('0.0.0.0')
ciaddr: IPv4Address('0.0.0.0')
yiaddr: IPv4Address('10.0.0.21')
sname: ''
file: ''
::Body::
[X][001] subnet_mask: IPv4Address('255.0.0.0')
[ ][012] hostname: 'Boo'
[X][051] ip_address_lease_time: 7200
[-][053] dhcp_message_type: DHCP_OFFER
[X][054] server_identifier: IPv4Address('10.0.0.1')
[ pydhcp_server ] 00:38:33 - RECV from ('0.0.0.0', 68):
::Header::
op: BOOTREQUEST
hwmac: MAC('2c:0e:3d:6d:bd:84')
flags:
hops: 0
secs: 0
xid: 753498575
siaddr: IPv4Address('0.0.0.0')
giaddr: IPv4Address('0.0.0.0')
ciaddr: IPv4Address('0.0.0.0')
yiaddr: IPv4Address('0.0.0.0')
sname: ''
file: ''
::Body::
[ ][012] hostname: 'Boo'
[ ][050] requested_ip_address: IPv4Address('10.0.0.21')
[-][053] dhcp_message_type: DHCP_REQUEST
[X][054] server_identifier: IPv4Address('10.0.0.1')
[-][055] parameter_request_list: 053:dhcp_message_type, 054:server_identifier
[ ][057] maximum_dhcp_message_size: 1500
[ ][060] vendor_class_identifier: 'android-dhcp-8.0.0'
[ ][061] client_identifier: [300, 3645, 28093]
[ pydhcp_server ] 00:38:33 - REQUEST: packet from 10.0.0.21 to 10.0.0.1
[*] 2c:0e:3d:6d:bd:84 client join the AP
[ pydhcp_server ] 00:38:33 - SEND to ('0.0.0.0', 68):
::Header::
op: BOOTREPLY
hwmac: MAC('2c:0e:3d:6d:bd:84')
flags:
hops: 0
secs: 0
xid: 753498575
siaddr: IPv4Address('0.0.0.0')
giaddr: IPv4Address('0.0.0.0')
ciaddr: IPv4Address('0.0.0.0')
yiaddr: IPv4Address('10.0.0.21')
sname: ''
file: ''
::Body::
[X][001] subnet_mask: IPv4Address('255.0.0.0')
[X][003] router: [IPv4Address('10.0.0.1'), IPv4Address('8.8.8.8')]
[X][006] domain_name_servers: [IPv4Address('10.0.0.1')]
[ ][012] hostname: 'Boo'
[X][051] ip_address_lease_time: 7200
[-][053] dhcp_message_type: DHCP_ACK
[X][054] server_identifier: IPv4Address('10.0.0.1')
[ pydhcp_server ] 00:38:33 - RECV from ('0.0.0.0', 68):
::Header::
op: BOOTREQUEST
hwmac: MAC('2c:0e:3d:6d:bd:84')
flags:
hops: 0
secs: 1
xid: 753498575
siaddr: IPv4Address('0.0.0.0')
giaddr: IPv4Address('0.0.0.0')
ciaddr: IPv4Address('0.0.0.0')
yiaddr: IPv4Address('0.0.0.0')
sname: ''
file: ''
::Body::
[ ][012] hostname: 'Boo'
[ ][050] requested_ip_address: IPv4Address('10.0.0.21')
[-][053] dhcp_message_type: DHCP_REQUEST
[X][054] server_identifier: IPv4Address('10.0.0.1')
[-][055] parameter_request_list: 053:dhcp_message_type, 054:server_identifier
[ ][057] maximum_dhcp_message_size: 1500
[ ][060] vendor_class_identifier: 'android-dhcp-8.0.0'
[ ][061] client_identifier: [300, 3645, 28093]
[ pydhcp_server ] 00:38:33 - REQUEST: packet from 10.0.0.21 to 10.0.0.1
[*] 2c:0e:3d:6d:bd:84 client join the AP
[ pydhcp_server ] 00:38:34 - SEND to ('0.0.0.0', 68):
::Header::
op: BOOTREPLY
hwmac: MAC('2c:0e:3d:6d:bd:84')
flags:
hops: 0
secs: 0
xid: 753498575
siaddr: IPv4Address('0.0.0.0')
giaddr: IPv4Address('0.0.0.0')
ciaddr: IPv4Address('0.0.0.0')
yiaddr: IPv4Address('10.0.0.21')
sname: ''
file: ''
::Body::
[X][001] subnet_mask: IPv4Address('255.0.0.0')
[X][003] router: [IPv4Address('10.0.0.1'), IPv4Address('8.8.8.8')]
[X][006] domain_name_servers: [IPv4Address('10.0.0.1')]
[ ][012] hostname: 'Boo'
[X][051] ip_address_lease_time: 7200
[-][053] dhcp_message_type: DHCP_ACK
[X][054] server_identifier: IPv4Address('10.0.0.1')
[ pydns_server ] 00:38:34 - no local zone found, proxying mtalk.google.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying clients3.google.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying connectivitycheck.gstatic.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying connectivitycheck.gstatic.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying mail.google.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying inbox.google.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying safebrowsing.googleapis.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying connectivitycheck.gstatic.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying connectivitycheck.gstatic.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying ci5.googleusercontent.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying ci6.googleusercontent.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying mobile-mail.google.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying mtalk.google.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying clients3.google.com.[A]
[ pydns_server ] 00:38:34 - no local zone found, proxying mail.google.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying inbox.google.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying app-measurement.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying safebrowsing.googleapis.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying ci6.googleusercontent.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying ci5.googleusercontent.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying mobile-mail.google.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying mtalk.google.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying clients3.google.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying mail.google.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying mail.google.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying mail.google.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying inbox.google.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying inbox.google.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying app-measurement.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying connectivitycheck.gstatic.com.[A]
[ pydns_server ] 00:38:35 - no local zone found, proxying connectivitycheck.gstatic.com.[A]
[ pydns_server ] 00:38:36 - no local zone found, proxying safebrowsing.googleapis.com.[A]
[ pydns_server ] 00:38:36 - no local zone found, proxying mobile-mail.google.com.[A]
[ pydns_server ] 00:38:36 - no local zone found, proxying ci5.googleusercontent.com.[A]
[ pydns_server ] 00:38:36 - no local zone found, proxying ci5.googleusercontent.com.[A]
[ pydns_server ] 00:38:36 - no local zone found, proxying mobile-mail.google.com.[A]
[ pydns_server ] 00:38:36 - no local zone found, proxying ci6.googleusercontent.com.[A]
[ pydns_server ] 00:38:36 - no local zone found, proxying ci6.googleusercontent.com.[A]
I added the iptables and ifconfig info as well.
wp3 > iptables -t nat -L && ifconfig
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether b4:b5:2f:85:cd:38 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 2114 bytes 298857 (291.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2114 bytes 298857 (291.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1400
inet 10.0.0.1 netmask 255.0.0.0 broadcast 10.255.255.255
inet6 fe80::caf7:33ff:fea5:3ed0 prefixlen 64 scopeid 0x20
ether c8:f7:33:a5:3e:d0 txqueuelen 1000 (Ethernet)
RX packets 816697 bytes 816720848 (778.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 715672 bytes 82063924 (78.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1400
ether 2e:92:08:a1:7c:12 txqueuelen 1000 (Ethernet)
RX packets 452 bytes 47529 (46.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 5641 (5.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I added the screenshot of samsung S7 edge (Client)
Help would be greatly appreciated.