Metasploit Penetration Testing Framework
Airpwn TCP hijack
TCP streams are 'protected' only in so much as the sequence number is not guessable. Wifi is shared media. Got your nose. Responses which do not begin with Header: Value assumed to be HTML only and will have Header:Value data prepended. Responses which do not include a Content-Length header will have one generated.
Rank
- Normal
Authors
- toast < >
- dragorn < >
- ddz < ddz [at] theta44.org >
- hdm < hdm [at] metasploit.com >
Development
Similar Modules
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/spoof/wifi/airpwn
msf auxiliary(airpwn) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/spoof/wifi/airpwn
msf auxiliary(airpwn) > run
Module Options
| CHANNEL | The initial channel (default: 11) |
| DRIVER | The name of the wireless driver for lorcon (default: autodetect) |
| FILTER | Default BPF filter (default: port 80) |
| INTERFACE | The name of the wireless interface (default: wlan0) |
| MATCH | Default request match (default: GET ([^ ?]+) HTTP) |
| RESPONSE | Default response (default: Airpwn) |
| SITELIST | YAML file of URL/Replacement pairs for GET replacement (default: /usr/lib/msf3/data/exploits/wifi/airpwn/sitelist.yml) |
| USESITEFILE | Use site list file for match/response (default: false) |
| WORKSPACE | Specify the workspace for this module |
Metasploit Framework 3.3.3Copyright © 2003-2010 Rapid7 LLC