MITM
From charlesreid1
Man in the Middle Attacks
Welcome to the Man in the Middle (MITM) attacks page. This page will describe the many, many forms that a MITM attack may occur and the tools that are used to carry them out. It will also cover several laboratories, which cover specific, applied MITM scenarios.
The overarching way to think about these types of attacks is to use the 7-layer OSI model of networking:
| Layer | Name | Function |
|---|---|---|
| 7 | Application | Topmost layer, provides users a means to access network resources (only level seen by end user) |
| 6 | Presentation | Transforms data received into a format that is readable by the application layer. Handles encryption/description for secure data |
| 5 | Session | Manages communication sessions between computers. Manages connections with other devices. Half-duplex or full duplex. |
| 4 | Transport | Provide reliable data transport services to lower layers. |
| 3 | Network | Routes data between physical networks. Handles addressing, via IP. Handles packet fragmentation and error detection. Router level. Most complex layer. |
| 2 | Data Link | Transports data across a network. Provides addressing scheme to identify physical devices, bridges, switches, MAC addresses. |
| 1 | Physical | The physical medium for the network communication signals. |
(Please Do Not Touch Steve's Pet Alligator)
(Phys Dat Net Trans Sesh Prezzy App)
Man in the middle attacks can occur on Level 1 on up through Level 7, and at every level in between.
Let's run through a few specifics about MITM attacks first, then talk about what attacks at different layers look like.
What Are MITM Attacks
A man-in-the-middle attack is a general concept from encryption. It consists of two parties, Alice and Bob, trying to have an encrypted conversation. However, it is foiled by an attacker, Eve, who gets in the middle. This means that Alice and Eve communicate with one encryption key, while Bob and Eve communicate with another key.
Important Parts
Any man in the middle attack on a computer network must have the following four important pieces:
1. Recon
2. Tricking the router/network device/destination into thinking they are connected to the Sheep, when they are really connected to the Attacker
3. Tricking the Sheep into thinking they are really connected to their router/network device/destination, when they are really connected to the Attacker
4. Building a bridge between the two connections so that traffic can continue to pass between the two parties and be observed/modified.
Attack Layers Perspective on MITM
Layer 1 and Layer 2: Physical/Data Layer MITM Attacks
MITM attacks at the physical level involve interference with a normal physical channel of communication. On a wireless network, this might be a wireless radio that an attacker uses to transmit radio signals at high power at a victim, thus swamping out another radio signal. It may be physical tampering with a connection - security professionals always prefer physical network taps when possible as a way to obtain a reliable ear on a network.
These types of attacks involve not just the first layer, but also several layers up - for example, the attacker must be able to establish a connection to the sheep, which involves implementing more than just Layer 1 of the network stack. However, the main MITM mechanism occurs at Layer 1.
Main page: Man in the Middle/Layer 1 and 2
Evil twin attack: Evil Twin
Layer 3 and Layer 4: Network and Transport MITM Attacks
This is Wall of Sheep territory - Layer 3 and 4 are the layers where the protocols governing highways of networks are implemented.
Software Tools
Laboratories
Wherein we run experiments applying MITM techniques to a sandbox network and observe the results.
MITM Lab/Evil Twin MITM - creating the Evil Twin attack using two laptops (one sheep, one attacker) and a wireless router.
MITM Lab/Evil Twin MITM Directional Antenna - creating the Evil Twin attack, same setup as above, but now the attacker has a directional antenna.
MITM Lab/Wireless ARP Poisoning - creating an ARP poisoning attack using two laptops (one sheep, one attacker) and a wireless router.
Flags
 |
monkey in the middle attacks in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: MITM/Wireless Wired Attacks: MITM/Wired
Layer 1 and 2 MITM Attacks: Network Tap: MITM/Wired/Network Tap Evil Twin Attack: Evil Twin · MITM/Evil Twin
Layer 3 and 4 MITM Attacks:
ARP Poisoning: MITM/ARP Poisoning Traffic Injection/Modification: MITM/Traffic Injection DNS Attacks: MITM/DNS · Bettercap/Failed DNS Spoofing Attack · Bettercap/Failed DNS Spoofing Attack 2 DHCP Attacks: MITM/DHCP WPAD MITM Attack: MITM/WPAD Port Stealing: MITM/Port Stealing Rushing Attack: MITM/Rushing Attack Attacking HTTPS: MITM/HTTPS
Session Hijacking: MITM/Session Hijacking
Toolz:
SSLSniff · SSLStrip · Frankencert
MITM Labs: {{MITMLabs}}
Category:MITM · Category:Attacks · Category:Kali Attack Layers Template:MITMLabs · Template:MITMFlag Flags · Template:MITMFlag · e |