MITM/WPAD

From charlesreid1

Revision as of 07:33, 23 August 2016 by Admin (talk | contribs) (Created page with "WPAD is an Internet Explorer vulnerability in the way that IE searches for a proxy server. When IE is set to auto-detect proxy settings, it sends out a request for a server na...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

WPAD is an Internet Explorer vulnerability in the way that IE searches for a proxy server. When IE is set to auto-detect proxy settings, it sends out a request for a server named WPAD to ask for a proxy server IP address. A malicious attacker can set up their own proxy server, and listen for that WPAD request. When the request comes in, the attacker responds with the fake proxy's IP address.

To add additional maliciousness, you can ask the user to re-enter their network credentials, and then store those.

The MITMf (man in the middle framework) is capable of doing this: https://github.com/byt3bl33d3r/MITMf

Retrieved from "https://charlesreid1.com/w/index.php?title=MITM/WPAD&oldid=13147"