MITM/WPAD: Difference between revisions

From charlesreid1

No edit summary
Line 6: Line 6:


In the end, the sheep's browser has asked for, and received, an IP address for what it thinks is a trusted web proxy on a trusted network. However, the web proxy is actually controlled by the attacker. Thus, the sheep's browser is now willingly passing all of its traffic through this hostile proxy server.
In the end, the sheep's browser has asked for, and received, an IP address for what it thinks is a trusted web proxy on a trusted network. However, the web proxy is actually controlled by the attacker. Thus, the sheep's browser is now willingly passing all of its traffic through this hostile proxy server.
==Tools==


The [[MITMf]] (man in the middle framework) is capable of doing this: https://github.com/byt3bl33d3r/MITMf
The [[MITMf]] (man in the middle framework) is capable of doing this: https://github.com/byt3bl33d3r/MITMf

Revision as of 07:52, 23 August 2016

What is it?

WPAD is an Internet Explorer vulnerability in the way that IE searches for a proxy server. When IE is set to auto-detect proxy settings, it sends out a request for a server named WPAD to ask for a proxy server IP address. A malicious attacker can set up their own proxy server, and listen for that WPAD request. When the request comes in, the attacker responds with the fake proxy's IP address.

To add additional maliciousness, you can ask the user to re-enter their network credentials, and then store those.

In the end, the sheep's browser has asked for, and received, an IP address for what it thinks is a trusted web proxy on a trusted network. However, the web proxy is actually controlled by the attacker. Thus, the sheep's browser is now willingly passing all of its traffic through this hostile proxy server.

Tools

The MITMf (man in the middle framework) is capable of doing this: https://github.com/byt3bl33d3r/MITMf

Flags


Defcon.png
monkey in the middle attacks
in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.

MITM

Wireless Attacks: MITM/Wireless

Wired Attacks: MITM/Wired


Layer 1 and 2 MITM Attacks:

MITM/Layer 1 and 2

Network Tap: MITM/Wired/Network Tap

Evil Twin Attack: Evil Twin  · MITM/Evil Twin


Layer 3 and 4 MITM Attacks:

MITM/Layer 3 and 4

Traffic Sniffing: MITM/Sniffing

ARP Poisoning: MITM/ARP Poisoning

Traffic Injection/Modification: MITM/Traffic Injection

DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2

DHCP Attacks: MITM/DHCP

WPAD MITM Attack: MITM/WPAD

Port Stealing: MITM/Port Stealing

Rushing Attack: MITM/Rushing Attack

Attacking HTTPS: MITM/HTTPS


Layer 5 MITM Attacks:

Session Hijacking: MITM/Session Hijacking


Toolz:

Ettercap  · Bettercap  · MITMf  · EvilFOCA

Wireshark  · Aircrack

Dsniff  · Arpspoof  · Dnsspoof

SSLSniff  · SSLStrip  · Frankencert

Driftnet  · Karma


MITM Labs: {{MITMLabs}}


Category:MITM  · Category:Attacks  · Category:Kali Attack Layers

Template:MITMLabs  · Template:MITMFlag

Flags  · Template:MITMFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=MITM/WPAD&oldid=13157"