Setup

For a wired network tap, we need an attacking device with two network interfaces - one to connect to the sheep, one to connect to the network device.

A physical network tap can be as simple as a crossover cable connecting to the target computer. This is easier if the attacking computer is a router running OpenWRT or a Raspberry Pi or some other low form factor computer.

The Network Arrangement

The network will be arranged as follows:

[ Router ]-----[ Kronos (Attacker) ]------[ Mars (Sheep) ]

Usually the attacker has two ethernet ports, but in this case I'll be using one ethernet port and one wireless card:

[ Router ]  ~  ~  ~  ~   [ Kronos (Attacker) ]---------[ Mars (Sheep) ]

Procedure

Install Bridge Utils on Attacker

On machine doing the attacking, you will need bridge utilities to the build the network bridge. Install this before you do any of the rest of these steps.

kronos $ apt-get install bridge-utils

Connect to Target and Router

First step is to replicate the connection described above, either with wireless or wired connections.

Having a wired connection between the attacker and the sheep greatly simplifies the attack.

The attacking machine has an ethernet device connected to a crossover cable connected to the sheep:

kronos $ ifconfig eth0

It also has a wireless card,

kronos $ ifconfig wlan5

which is connected to a wireless network and to the internet. This is the connection the sheep will share.

Open IP Addresses

Configure both devices as open.

kronos $ ifconfig eth0 0.0.0.0
kronos $ ifconfig wlan5 0.0.0.0

Create Bridge

Attempt 1

Now bridge the two devices with a bridge0 interface and the brctl command:

kronos $ brctl addbr bridge0
kronos $ brctl addif bridge0 eth0
kronos $ brctl addif bridge0 wlan5
can't add wlan5 to bridge bridge0: Operation not supported

crap.

Attempt 2

Edit network interfaces:

kronos $ vim /etc/network/interfaces

We'll make a bridge in the network interfaces file, instead of ad hoc on the command line.

Add this info to /etc/network/interfaces:

auto br0
iface br0 inet dhcp
bridge_ports wlan0 eth2 up \
/sbin/iwconfig wlan0 essid MyHomeRouter && \
/sbin/iwconfig wlan0 channel 11 && \
/sbin/iwconfig wlan0 mode Master

Now you can refresh your network devices and you should see your bridge.

To refresh your network devices:

kronos $ service networking restart

cha-ching!

br0       Link encap:Ethernet  HWaddr 36:6b:d8:b6  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:2052 (2.0 KiB)

monkey in the middle attacks in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker. MITM Wireless Attacks: MITM/Wireless Wired Attacks: MITM/Wired Layer 1 and 2 MITM Attacks: MITM/Layer 1 and 2 Network Tap: MITM/Wired/Network Tap Evil Twin Attack: Evil Twin  · MITM/Evil Twin Layer 3 and 4 MITM Attacks: MITM/Layer 3 and 4 Traffic Sniffing: MITM/Sniffing ARP Poisoning: MITM/ARP Poisoning Traffic Injection/Modification: MITM/Traffic Injection DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2 DHCP Attacks: MITM/DHCP WPAD MITM Attack: MITM/WPAD Port Stealing: MITM/Port Stealing Rushing Attack: MITM/Rushing Attack Attacking HTTPS: MITM/HTTPS Layer 5 MITM Attacks: Session Hijacking: MITM/Session Hijacking Toolz: Ettercap  · Bettercap  · MITMf  · EvilFOCA Wireshark  · Aircrack Dsniff  · Arpspoof  · Dnsspoof SSLSniff  · SSLStrip  · Frankencert Driftnet  · Karma MITM Labs: {{MITMLabs}} Category:MITM  · Category:Attacks  · Category:Kali Attack Layers Template:MITMLabs  · Template:MITMFlag Flags  · Template:MITMFlag  · e