MITM: Difference between revisions
From charlesreid1
| Line 49: | Line 49: | ||
===2015-08-25=== | ===2015-08-25=== | ||
Backing up a step. | |||
Man in the middle experiments on a wired network. | Man in the middle experiments on a wired network. | ||
Revision as of 15:57, 25 August 2015
What It Is
A man-in-the-middle attack is a general concept from encryption. It consists of two parties, Alice and Bob, trying to have an encrypted conversation. However, it is foiled by an attacker, Eve, who gets in the middle. This means that Alice and Eve communicate with one encryption key, while Bob and Eve communicate with another key.
The Key Pieces
Any man in the middle attack on a computer network must have three key pieces:
1. Tricking the router/network device/destination into thinking they are connected to the Sheep, when they are really connected to the Attacker
2. Tricking the Sheep into thinking they are really connected to their router/network device/destination, when they are really connected to the Attacker
3. Building a bridge between the two connections so that traffic can continue to pass between the two parties and be observed/modified.
Wired Network
Man-in-the-middle attacks on a wired network are explained on the Man in the Middle/Wired page.
Wireless Network
A wireless network man-in-the-middle attack can be conducted a couple of different ways.
ARP Cache Poisoning
More on the ARP Poisoning page.
On a wireless router, ARP cache poisoning is only possible if the wireless router device itself has a physical switch built into it (i.e., multiple ethernet ports). If there is a single ethernet port or no ethernet ports, ARP cache poisoning will not work on that wireless router.
Network Tap: Evil Twin Access Point
The analogy of a physical tap, for a wireless network, is the Evil Twin access point attack. This creates a fake access point with the same information as the authentic access point. In this way, the target Sheep will connect to your device, rather than to the network device. Just as with a physical network tap, where the target device is physically connected to your network tap, with the Evil Twin access point the target device is wirelessly connected to your network tap.
This can be tricky to pull off, or even know when the Sheep is connected to your fake access point, as signal strength, distance, and scatter are important factors that are constantly shifting.
The Evil Twin page describes the configuration for the attack (but only half). This describes how a fake access point is created, and how a Sheep is tricked into connecting to the fake access point.
The Man in the Middle/Evil Twin page describes more details about the other half of the attack, namely, connecting to the network, and creating an interface to sniff traffic.
Notes
Evil Twin Attack
2015-08-24
I've built an Evil Twin, gotten the sheep to connect, built a working bridge from the sheep to the internet, and sniffed the traffic with tcpdump. However, Wireshark and Ettercap both failed to recognize the bridge or see traffic on it, and I'm not sure what to do with it.
2015-08-25
Backing up a step.
Man in the middle experiments on a wired network.
 |
aircrack-ng a suite of tools for wireless cracking.
aircrack-ng Many Ways to Crack a Wifi: Cracking Wifi Aircrack Benchmarking: Aircrack/Benchmarking WEP Attacks with Aircrack: Aircrack/WEP Cracking WPA Attacks with Aircrack: Aircrack/WPA Cracking Aircrack Hardware: Aircrack/Packet Injection Testing Harvesting Wireless Network Information
airodump-ng Basic Usage of Airodump
Category:Security · Category:Wireless · Category:Passwords
|