Browse Exploit & Auxiliary Modules
The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.
Search for modules
Airpwn TCP hijack
TCP streams are 'protected' only in so much as the sequence number is not guessable. Wifi is shared media. Got your nose. Responses which do not begin with Header: Value assumed to be HTML only and will have Header:Value data prepended. Responses which do not include a Content-Length header will have one generated.
Rank
- Normal
Authors
- toast < >
- dragorn < >
- ddz < ddz [at] theta44.org >
- hdm < hdm [at] metasploit.com >
Development
Similar Modules
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/spoof/wifi/airpwn
msf auxiliary(airpwn) > set RHOST [TARGET IP]
msf auxiliary(airpwn) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/spoof/wifi/airpwn
msf auxiliary(airpwn) > set RHOST [TARGET IP]
msf auxiliary(airpwn) > run
Module Options
| CHANNEL | The initial channel (default: 11) |
| DRIVER | The name of the wireless driver for lorcon (default: autodetect) |
| FILTER | Default BPF filter (default: port 80) |
| INTERFACE | The name of the wireless interface (default: wlan0) |
| MATCH | Default request match (default: GET ([^ ?]+) HTTP) |
| PCAPFILE | The name of the PCAP capture file to process |
| RESPONSE | Default response (default: Airpwn) |
| RHOST | The target address |
| SITELIST | YAML file of URL/Replacement pairs for GET replacement (default: /home/svn/jobs/msf3/data/exploits/wifi/airpwn/sitelist.yml) |
| SNAPLEN | The number of bytes to capture (default: 65535) |
| TIMEOUT | The number of seconds to wait for new data (default: 500) |
| USESITEFILE | Use site list file for match/response (default: false) |
| GATEWAY | The gateway IP address. This will be used rather than a random remote address for the UDP probe, if set. |
| NETMASK | The local network mask. This is used to decide if an address is in the local network. |
| UDP_SECRET | The 32-bit cookie for UDP probe requests. |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |