dSploit - questions

Started by darwish, November 05, 2012, 10:37:41 AM

Previous topic - Next topic

darwish

I don't know if this is the right session... but i have many questions about dSploit..

I'm testing dSploit framework on my Nexus7 and he looks great, but i found many problems and i'd like to have an answer (just to know if it's normal, it's an app problem, or if it's a my proble...)

- many hosts are not founded on network discovery.... for example, my Gnexus was not found (192.168.1.141)... other apps found it, but however if I add that host manually, it works fine

- MITM: the function for redirecting traffic, and image replacement seems not working at all.. i tried many times, with different hosts and connections, but nothing...

-do you integrate different apps on your framework, or is it all wrote by you?

This is all for now, I'll continue to test it

Regards

Stolas

I am not the dSploit author. But I've read a lot of source.


The MITM issue might be the static linker problem
And he uses nmap and ettercap.
Although he has a nice GUI for them (using pure terminal on tablets is a pain) and the vuln scanner is quite creative (although not so specific as nessus or nexpose)
Whenever you think you can or can't your right.

evilsocket

Quote from: darwish on November 05, 2012, 10:37:41 AM
I don't know if this is the right session... but i have many questions about dSploit..

I'm testing dSploit framework on my Nexus7 and he looks great, but i found many problems and i'd like to have an answer (just to know if it's normal, it's an app problem, or if it's a my proble...)

- many hosts are not founded on network discovery.... for example, my Gnexus was not found (192.168.1.141)... other apps found it, but however if I add that host manually, it works fine

- MITM: the function for redirecting traffic, and image replacement seems not working at all.. i tried many times, with different hosts and connections, but nothing...

-do you integrate different apps on your framework, or is it all wrote by you?

This is all for now, I'll continue to test it

Regards

Hi, i'm the dSploit author.
First of all, i need to know which version of dSploit you are using, and preferably have a logcat.
Then, to answer your other question, dSploit uses many native tools ( the main arp spoofer written by me ), but has a lot of builtin functionalities i wrote from scratch too, such the sslstripping, the transparent proxy and on a general note everything is needed for the mitm tools.
So what Stolas says is wrong, it's not just a bunch of native tools with a nice guy, you can freely look at the code on http://github.com/evilsocket/dsploit to see it by yourself :)

Stolas

I am not saying it's just a GUI for the tools. But I noticed a lot of features are 'just' gui's
That being said, It's a nice project as the terminal can be quite a pain on the tablets.
Whenever you think you can or can't your right.

darwish

#4
hi evilsocket, nice application  ;)

I'm using version 1.0.29b (now i'm in office so I can't have other information like logs etc. for now)

Yesterday night i made other tests and:

- this time dspoit found all the hosts in my network... i still don't understand why sometimes it doesn't

- mitm-general: this time it worked.. but only sometimes... most of the time it doesn't... sometimes it's necessary to reboot application, many times it simply doesn't work at all.. it's strange... the times that it worked fine are about 4/10

- mitm-redirect traffic: it worked just 1 time... but when the redirection started, the new page was not loaded... (loop effetct with stop/refresh page)

- mitm-session.hijack: it show just some session (mostly facebook, it didn't show twitter etc.) but it seems not to hijack any session... however most of the times it didn't show anything...

- what about a wireless cracker?

edit:

- i made other tests in my free time at work.. so, the first time i tried to make a mitm with replace image, it worked great. after that, it didn't work at all... replace image, redirect traffic, javascript in pages.... nothing...

- would it work with a ethernet adapter?

that's all for now... i'll make other 3240897789894328 tests :)


last edit: i have had problems with application crash... i read on xda forum and i read your post about the new version... after updating, all ok again..

the only thing is that it often says: "port 8080 which is needed by the transparent proxy is taken from another process, open application settings?" and the only app used is dsploit... closing it with task manager, and restarting... it's ok again. this appear everytime i made a MITM attack, the first time is ok, the second time says that message.

and after updating, mitm attack caused many problems to the network ( with the old version not)

by the way if you want you can contact me via private message for other tests