MITM

From charlesreid1

Revision as of 03:52, 25 September 2015 by Admin (talk | contribs)

Man in the Middle attacks can happen on wired networks, or on wireless networks.

For more on man in the middle attacks on wired networks, see Man in the Middle/Wired

For more on man in the middle attacks on wireless networks, see Man in the Middle/Wireless


What It Is

A man-in-the-middle attack is a general concept from encryption. It consists of two parties, Alice and Bob, trying to have an encrypted conversation. However, it is foiled by an attacker, Eve, who gets in the middle. This means that Alice and Eve communicate with one encryption key, while Bob and Eve communicate with another key.

The Key Pieces

Any man in the middle attack on a computer network must have three key pieces:

1. Tricking the router/network device/destination into thinking they are connected to the Sheep, when they are really connected to the Attacker

2. Tricking the Sheep into thinking they are really connected to their router/network device/destination, when they are really connected to the Attacker

3. Building a bridge between the two connections so that traffic can continue to pass between the two parties and be observed/modified.


Notes

Evil Twin Attack

2015-08-24

Man in the Middle/Evil Twin

I've built an Evil Twin, gotten the sheep to connect, built a working bridge from the sheep to the internet, and sniffed the traffic with tcpdump. However, Wireshark and Ettercap both failed to recognize the bridge or see traffic on it, and I'm not sure what to do with it.

2015-08-25

Eliminating the complexity that wireless signals introduce, and backing up a step to attempt a man in the middle attack on a wired network.

Man in the Middle/Wired/ARP Poisoning - ARP poisoning attack was successful. Learned a lot about what the target of an attack will see, and what they won't see.



Defcon.png
monkey in the middle attacks
in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.

MITM

Wireless Attacks: MITM/Wireless

Wired Attacks: MITM/Wired


Layer 1 and 2 MITM Attacks:

MITM/Layer 1 and 2

Network Tap: MITM/Wired/Network Tap

Evil Twin Attack: Evil Twin  · MITM/Evil Twin


Layer 3 and 4 MITM Attacks:

MITM/Layer 3 and 4

Traffic Sniffing: MITM/Sniffing

ARP Poisoning: MITM/ARP Poisoning

Traffic Injection/Modification: MITM/Traffic Injection

DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2

DHCP Attacks: MITM/DHCP

WPAD MITM Attack: MITM/WPAD

Port Stealing: MITM/Port Stealing

Rushing Attack: MITM/Rushing Attack

Attacking HTTPS: MITM/HTTPS


Layer 5 MITM Attacks:

Session Hijacking: MITM/Session Hijacking


Toolz:

Ettercap  · Bettercap  · MITMf  · EvilFOCA

Wireshark  · Aircrack

Dsniff  · Arpspoof  · Dnsspoof

SSLSniff  · SSLStrip  · Frankencert

Driftnet  · Karma


MITM Labs: {{MITMLabs}}


Category:MITM  · Category:Attacks  · Category:Kali Attack Layers

Template:MITMLabs  · Template:MITMFlag

Flags  · Template:MITMFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=MITM&oldid=8679"