[Pauldotcom] Security Assessment: Mobile Application on Windows Mobile 6

[Joshua Wright]

Are you successfully getting traffic from the victim through Ettercap? 
Press "c" in Ettercap to look at connection information after trying to 
browse to a web page with the WM6 device.

I've seen VMware have problems with running MitM attacks.  You might try 
running it from a native system.

-Josh

On 1/16/2012 10:27 AM, Dimitrios Kapsalis wrote:
> Having some difficulty setting this up on BT5. Maybe someone can see
> what I am missing.
>
> My set up is as follows.
>
> Devices:
> * BT5 running in VMWare
> * WM6 device
>
> Both devices are in the same network segment.
>
> The steps I took to configure the set up are:
>
> 1. Enable IP Forwarding
>      $ echo 1 > /proc/sys/net/ipv4/ip_forward
> 2. Set up ip tables rules to forward to port 8888 where my HTTP Proxy is
> listening. Tried multiple different ports and checked to ensure nothing
> is already running on them before settnig up the redirect.
>      $ iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT
> --to-port 8888
> 3. Ensure the ip tables command stuck by executing below command.
> Everything looks ok.
>      $ iptables -t nat -L -n -v
> 4. Started ettercap in text only mode.
>      $ ettercap -TqM arp:remote /<ip of wm6 device>/ /<Gateway IP>/
> 5. Ensured HTTP Proxy was running.
> 6. Ran ettercap plugin to check if the poison was occurring and
> everything check out.
> 7. Tried to browser to a resource using the browser on the device. No
> traffic was redirected to the proxy. Instead it looks like no connection
> was ever established. When checking connections in ettercap, I only see
> connections for DNS on port 53.
>
> Anything I have missed?
>
> Thanks.
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com