MITM Labs/Bettercap Over Wifi: Difference between revisions
From charlesreid1
(→Plan) |
|||
| Line 26: | Line 26: | ||
==Plan== | ==Plan== | ||
The attack steps are as follows: | |||
* Perform recon and gather information about gateway, sheep, network, hardware | |||
* Prepare for ARP poisoning attack (packet forwarding, network interface setup, etc.) | |||
* Run ARP poisoning attack to broadcast packets to poison ARP tables of sheep and router | |||
* Run dsniff and/or urlsnarf to capture goodies from HTTP traffic (good example site: nytimes) | |||
* Start with HTTP traffic goodies | |||
* Add SSLStrip and aim for HTTPS traffic goodies | |||
==Step 1: Recon/Info Gathering== | ==Step 1: Recon/Info Gathering== | ||
Revision as of 09:15, 21 August 2016
Lab Scenario/Overview
This lab covers the use of Ettercap to carry out a Man in the Middle attack on a wifi network. This also covers the case of SSL encryption and how it may be defeated using other tools like SSLStrip.
Make sure you check out the Ettercap page for notes before you start. That's where a lot of the detail has been worked out. This is a CNP (copy-and-paste) project.
Setting Up
Let's walk through the setup required for this type of attack. This does not require any kind of tricky setup. It's a fast and easy attack to carry out, and an attack that virtually all networking equipment is susceptible to.
Wifi Network
This lab will utilize a standard home wifi router, which incorporates an ethernet switch and a wireless router all on board a single device and on a single LAN. The router is the gateway, 192.168.0.1, and both the sheep and the attacker are laptops connected to the router via wifi.
Sheep
The sheep is a normal laptop connected to the wifi. Given the failures with HTTP traffic with Dsniff, this lab will aim low and focus on intercepting HTTP and HTTPS traffic only. We'll work on SSH, email, and sql some other time. The sheep is at 192.168.0.7.
Attacker
The attacker is the same model of laptop, same operating system, connected to the wifi. The attacker is at 192.168.0.8.
Execution
Once the components are in place, we proceed with the execution of the attack. Of course, we start the execution with passive listening and information gathering.
Plan
The attack steps are as follows:
- Perform recon and gather information about gateway, sheep, network, hardware
- Prepare for ARP poisoning attack (packet forwarding, network interface setup, etc.)
- Run ARP poisoning attack to broadcast packets to poison ARP tables of sheep and router
- Run dsniff and/or urlsnarf to capture goodies from HTTP traffic (good example site: nytimes)
- Start with HTTP traffic goodies
- Add SSLStrip and aim for HTTPS traffic goodies