MITM: Difference between revisions
From charlesreid1
No edit summary |
|||
| Line 2: | Line 2: | ||
A man-in-the-middle attack is a general concept from encryption. It consists of two parties, Alice and Bob, trying to have an encrypted conversation. However, it is foiled by an attacker, Eve, who gets in the middle. This means that Alice and Eve communicate with one encryption key, while Bob and Eve communicate with another key. | A man-in-the-middle attack is a general concept from encryption. It consists of two parties, Alice and Bob, trying to have an encrypted conversation. However, it is foiled by an attacker, Eve, who gets in the middle. This means that Alice and Eve communicate with one encryption key, while Bob and Eve communicate with another key. | ||
==The Key Pieces== | |||
Any man in the middle attack on a computer network must have three key pieces: | |||
1. Tricking the router/network device/destination into thinking they are connected to the Sheep, when they are really connected to the Attacker | |||
2. Tricking the Sheep into thinking they are really connected to their router/network device/destination, when they are really connected to the Attacker | |||
3. Building a bridge between the two connections so that traffic can continue to pass between the two parties and be observed/modified. | |||
=Wired Network= | =Wired Network= | ||
Revision as of 15:44, 25 August 2015
What It Is
A man-in-the-middle attack is a general concept from encryption. It consists of two parties, Alice and Bob, trying to have an encrypted conversation. However, it is foiled by an attacker, Eve, who gets in the middle. This means that Alice and Eve communicate with one encryption key, while Bob and Eve communicate with another key.
The Key Pieces
Any man in the middle attack on a computer network must have three key pieces:
1. Tricking the router/network device/destination into thinking they are connected to the Sheep, when they are really connected to the Attacker
2. Tricking the Sheep into thinking they are really connected to their router/network device/destination, when they are really connected to the Attacker
3. Building a bridge between the two connections so that traffic can continue to pass between the two parties and be observed/modified.
Wired Network
Man-in-the-middle attacks on a wired network are explained on the Man in the Middle/Wired page.
Wireless Network
A wireless network man-in-the-middle attack can be conducted a couple of different ways.
ARP Cache Poisoning
If you are actually on the wireless network, you can conduct a man-in-the-middle attack by masquerading as someone else via ARP poisoning, which allows you to spoof another MAC address on the same network. Normally, this is done on a wired network (see Man in the Middle/Wired), but this can be done on most home routers that have a swtich connected to the wireless router.
Evil Twin Access Point
If you are not on the wireless network, but are physically located close to the client, you can conduct a man-in-the-middle attack using an EvilTwin access point attack.
The EvilTwin page describes how the wireless attack takes place. however, this page only describes how a client is tricked into connecting to a spoofed access point (which is actually the attacker's wireless card). This is just the setup for a man in the middle attack.
Once the sheep/client is connected to the Evil Twin, the Man in the Middle/Evil Twin attack can occur.
 |
aircrack-ng a suite of tools for wireless cracking.
aircrack-ng Many Ways to Crack a Wifi: Cracking Wifi Aircrack Benchmarking: Aircrack/Benchmarking WEP Attacks with Aircrack: Aircrack/WEP Cracking WPA Attacks with Aircrack: Aircrack/WPA Cracking Aircrack Hardware: Aircrack/Packet Injection Testing Harvesting Wireless Network Information
airodump-ng Basic Usage of Airodump
Category:Security · Category:Wireless · Category:Passwords
|