MITM/Wired: Difference between revisions
From charlesreid1
(→Tools) |
|||
| Line 26: | Line 26: | ||
The network tap scenario is one in which the attacker must have physical access to the wired network. They are physically conducting a man-in-the-middle attack by using two network devices, one connected to the sheep, one connected to the gateway, '' | The network tap scenario is one in which the attacker must have physical access to the wired network. They are physically conducting a man-in-the-middle attack by using two network devices, one connected to the sheep, one connected to the gateway, '' | ||
[[Man in the Middle/Wired/Network Tap]] - you can build a bridge between the two network devices, and sniff traffic crossing the bridge | |||
In the network tap setup, the attacker physically sits between the sheep and the network router or network switch: | In the network tap setup, the attacker physically sits between the sheep and the network router or network switch: | ||
Revision as of 17:30, 29 August 2015
Man in the middle attacks on wired networks.
Wired Networks
On wired networks, we have a couple of different ways the network can be configured.
Network Near Neighbor
The first scenario is that the attacker is a near-neighbor of the target. This means the attacker and the sheep that is the target of the attack are both connected directly to a router or network switch (see diagram below).
Man in the Middle/Wired/ARP Poisoning - an ARP poisoning attack works in this case.
+----[Target computer] | | +---[Attack computer] | | | | [Router]
This configuration requires a man in the middle attack to proceed by ARP spoofing, in which the attacker changes the router/network switch table that maps MAC addresses to IP addresses. This allows the attacker to send/receive traffic, and pass it through to another computer on the network (the target).
Network Tap
The network tap scenario is one in which the attacker must have physical access to the wired network. They are physically conducting a man-in-the-middle attack by using two network devices, one connected to the sheep, one connected to the gateway,
Man in the Middle/Wired/Network Tap - you can build a bridge between the two network devices, and sniff traffic crossing the bridge
In the network tap setup, the attacker physically sits between the sheep and the network router or network switch:
+--------[Target computer]
|
|
[ Attack computer ]
|
|
[Router]
Other Attacks
Man in the Middle/Wired/Port Stealing
Man in the Middle/Wired/DHCP Spoofing
Man in the Middle/Wired/NDP Poisoning
Tools
Ettercap - for setting up and executing a man in the middle attack. It has a variety of different methods that include ARP poisoning.
Wireshark - for viewing packets and plaintext HTTP traffic during a man in the middle session
Driftnet - for viewing images during a man in the middle session
Arpspoof - a command-line utility for ARP poisoning.
 |
monkey in the middle attacks in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: MITM/Wireless Wired Attacks: MITM/Wired
Layer 1 and 2 MITM Attacks: Network Tap: MITM/Wired/Network Tap Evil Twin Attack: Evil Twin · MITM/Evil Twin
Layer 3 and 4 MITM Attacks:
ARP Poisoning: MITM/ARP Poisoning Traffic Injection/Modification: MITM/Traffic Injection DNS Attacks: MITM/DNS · Bettercap/Failed DNS Spoofing Attack · Bettercap/Failed DNS Spoofing Attack 2 DHCP Attacks: MITM/DHCP WPAD MITM Attack: MITM/WPAD Port Stealing: MITM/Port Stealing Rushing Attack: MITM/Rushing Attack Attacking HTTPS: MITM/HTTPS
Session Hijacking: MITM/Session Hijacking
Toolz:
SSLSniff · SSLStrip · Frankencert
MITM Labs: {{MITMLabs}}
Category:MITM · Category:Attacks · Category:Kali Attack Layers Template:MITMLabs · Template:MITMFlag Flags · Template:MITMFlag · e |