MITM/Wired: Difference between revisions

From charlesreid1

No edit summary
No edit summary
Line 39: Line 39:




=Tools=


[[Ettercap]] - for setting up and executing a man in the middle attack via ARP cache poisoning (among other methods)
[[Wireshark]] - for viewing packets and plaintext HTTP traffic during a man in the middle session
[[Driftnet]] - for viewing images during a man in the middle session






{{MITMFlag}}
{{MITMFlag}}

Revision as of 06:04, 28 August 2015

Wired Networks

Man in the Middle attacks on wired networks can happen with two different configurations, each requiring different strategies:

  • Network Neighbor setup
  • Network Tap setup

Network Neighbor

See Man in the Middle/Wired/ARP Poisoning page

The Network Neighbor setup involves an attacker and a sheep that are both connected directly to a router or network switch: 

+----[Target computer]
|
|      +---[Attack computer]
|      |
|      |
[Router]

This configuration requires a man in the middle attack to proceed by ARP spoofing, in which the attacker changes the router/network switch table that maps MAC addresses to IP addresses. This allows the attacker to send/receive traffic, and pass it through to another computer on the network (the target).

Network Tap

See Man in the Middle/Wired/Network Tap page

In the network tap setup, the attacker physically sits between the sheep and the network router or network switch: 

    +--------[Target computer]
    |
    |
[ Attack computer ]
    |
    |
[Router]


Tools

Ettercap - for setting up and executing a man in the middle attack via ARP cache poisoning (among other methods)

Wireshark - for viewing packets and plaintext HTTP traffic during a man in the middle session

Driftnet - for viewing images during a man in the middle session



Defcon.png
monkey in the middle attacks
in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.

MITM

Wireless Attacks: MITM/Wireless

Wired Attacks: MITM/Wired


Layer 1 and 2 MITM Attacks:

MITM/Layer 1 and 2

Network Tap: MITM/Wired/Network Tap

Evil Twin Attack: Evil Twin  · MITM/Evil Twin


Layer 3 and 4 MITM Attacks:

MITM/Layer 3 and 4

Traffic Sniffing: MITM/Sniffing

ARP Poisoning: MITM/ARP Poisoning

Traffic Injection/Modification: MITM/Traffic Injection

DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2

DHCP Attacks: MITM/DHCP

WPAD MITM Attack: MITM/WPAD

Port Stealing: MITM/Port Stealing

Rushing Attack: MITM/Rushing Attack

Attacking HTTPS: MITM/HTTPS


Layer 5 MITM Attacks:

Session Hijacking: MITM/Session Hijacking


Toolz:

Ettercap  · Bettercap  · MITMf  · EvilFOCA

Wireshark  · Aircrack

Dsniff  · Arpspoof  · Dnsspoof

SSLSniff  · SSLStrip  · Frankencert

Driftnet  · Karma


MITM Labs: {{MITMLabs}}


Category:MITM  · Category:Attacks  · Category:Kali Attack Layers

Template:MITMLabs  · Template:MITMFlag

Flags  · Template:MITMFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=MITM/Wired&oldid=8448"