1

I have a device that can emulate an ethernet adapter and runs linux (not unlike a Bash Bunny).

I want to redirect all traffic from the machine it is connected to (victim) to the device itself. I tried using IPtables and it works but only on Windows (RNDIS) and not Mac or Linux (ECM). I want to understand why this happens since I can't find any specific IPtables example of the same kind other than Dnsspoofing over lan. The code I'm using right now is :

echo 1 > /proc/sys/net/ipv4/ip_forward  
iptables -A INPUT -i usb1 -p udp --dport 443 -j DROP
iptables -A FORWARD -i usb1 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -i usb1 -p udp --sport 53 -j ACCEPT
iptables -A INPUT -i usb0 -p udp --dport 443 -j DROP
iptables -A FORWARD -i usb0 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -i usb0 -p udp --sport 53 -j ACCEPT  
iptables -t nat -A PREROUTING -i usb1 -p tcp --dport 443 -j DNAT --to-destination $IF_IP:80
iptables -t nat -A PREROUTING -i usb1 -p tcp --dport 80 -j DNAT --to-destination $IF_IP:80
iptables -t nat -A PREROUTING -i usb1 -p udp --dport 53 -j DNAT --to-destination $IF_IP:53
iptables -t nat -A PREROUTING -i usb0 -p tcp --dport 443 -j DNAT --to-destination $IF_IP:80
iptables -t nat -A PREROUTING -i usb0 -p tcp --dport 80 -j DNAT --to-destination $IF_IP:80
iptables -t nat -A PREROUTING -i usb0 -p udp --dport 53 -j DNAT --to-destination $IF_IP:53
iptables -t nat -A POSTROUTING -j MASQUERADE

P.S : The device is P4wnP1 : https://github.com/mame82/P4wnP1

Matt Clark
  • 27,671
  • 19
  • 68
  • 123
Briskat
  • 11
  • 1
  • Note that you are using `-A` which appends rules to the chain. If packets are caught by rules higher up in the chain, your rules will never be seen. Use `iptables -vnL` or `iptables -t nat -vnL` to view all the existing rules. Using `-I` instead of `-A` will add rules to the top of the list vs the bottom. – Matt Clark Oct 25 '17 at 13:08

0 Answers0