Dsniff: Difference between revisions
From charlesreid1
| Line 40: | Line 40: | ||
* [[Arpspoof]] | * [[Arpspoof]] | ||
* [[Macof]] | * [[Macof]] | ||
* [[ | * [[Tcpkill]] | ||
* [[Tcpnice]] | * [[Tcpnice]] | ||
* [[Webmitm]] | * [[Webmitm]] | ||
Revision as of 19:13, 5 March 2022
Overview
What is dsniff?
dsniffi s a tool for sniffing plaintext traffic and extracting "goodies" from the traffic. There is an entire suite of sniffing/snarfing tools that are designed to work with dsniff to extract various types of information (passwords, images, emails, URLs, etc.).
dsniff can only sniff plaintext traffic, not encrypted traffic. That means that as SSL-protected communications have become much more common in modern browsers, websites, and networks in the past 15 years, the usefulness of dsniff on its own has diminished.
But because SSL will never be implemented everywhere, and because SSL itself has weaknesses, there are other tools to attack and remove the SSL layer, which makes communications vulnerable to dsniff.
How to use dsniff?
dsniff can be used in offline mode (pulling information from pcap files) or online mode.
To use dsniff to sniff live traffic, the machine running dsniff must be able to see traffic to/from the victim machine, unencrypted. (To use dsniff by itself to eavesdrop on communications, you don't have to control the traffic, just see it. To use dsniff with tools that actually modify the traffic, the machine running dsniff needs to control the traffic passing to/from the victim machine.)
An attacker can view or control traffic to a victim by using a man in the middle MITM attack. There are many types of MITM attacks, but one example might be an ARP spoofing attack, where the attacker sits between the network gateway and the victim, and tricks the gateway into thinking it is the victim, and tricks the victim into thinking it is the gateway.
Again, encrypted traffic is not visible to dsniff, so if the communications layer is protected with SSL, an SSL-stripping attack is needed in addition to the MITM attack, to strip the SSL layer. Then dsniff can see the traffic.
Tools
Other Dsniff Suite Tools
dsniff can be used with other analysis tools to extract particular types of content from the traffic stream:
Combo Attacks
dsniff attacks require a MITM attack tool, such as:
in case of SSL-encrypted traffic, attempt to strip the SSL layer using:
Installing
# apt-get install dsniff
That will install all of the utilities above.
References
Dsniff/PlasticForkGuide_HackBB
https://www.soldierx.com/tutorials/Sniffing-Various-Passwords-MITM-DSNIFF-and-SSL-Strip
Flags
 |
monkey in the middle attacks in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: MITM/Wireless Wired Attacks: MITM/Wired
Layer 1 and 2 MITM Attacks: Network Tap: MITM/Wired/Network Tap Evil Twin Attack: Evil Twin · MITM/Evil Twin
Layer 3 and 4 MITM Attacks:
ARP Poisoning: MITM/ARP Poisoning Traffic Injection/Modification: MITM/Traffic Injection DNS Attacks: MITM/DNS · Bettercap/Failed DNS Spoofing Attack · Bettercap/Failed DNS Spoofing Attack 2 DHCP Attacks: MITM/DHCP WPAD MITM Attack: MITM/WPAD Port Stealing: MITM/Port Stealing Rushing Attack: MITM/Rushing Attack Attacking HTTPS: MITM/HTTPS
Session Hijacking: MITM/Session Hijacking
Toolz:
SSLSniff · SSLStrip · Frankencert
MITM Labs: {{MITMLabs}}
Category:MITM · Category:Attacks · Category:Kali Attack Layers Template:MITMLabs · Template:MITMFlag Flags · Template:MITMFlag · e |