MITM/Sniffing

From charlesreid1

This page covers man in the middle attacks and tools that focus on sniffing traffic.

Related laboratories:

Options

When it comes to sniffing traffic during a man in the middle attack, you have multiple options. You can utilize tools to conduct a man in the middle attack that have built-in functionality to sniff traffic (e.g., Ettercap). You can use tools that expect a tapped network connection to already exist. You can even capture traffic from a man-in-the-middle session and record it for later offline analysis.

Different tools for different objectives and techniques.

Ettercap

Main article: Ettercap

Ettercap is a tool for conducting man in the middle attacks that has sniffing functionality built in. Ettercap works by creating a network bridge between two network interfaces, and it allows you to look at (and modify) traffic that flows through that network bridge. The sniffing comes along for the ride when you use Ettercap.

Dsniff

Main article: Dsniff

Dsniff is a suite of tools, each relating to particular protocols. It has the capability to deal with SSL/SSH/HTTPS. It can also deal specifically with web traffic, email traffic, ftp, sql, socks, cvs, images, etc. This provides a very targeted method of attacking streams of particular types of data.

Flags


Defcon.png
monkey in the middle attacks
in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.

MITM

Wireless Attacks: MITM/Wireless

Wired Attacks: MITM/Wired


Layer 1 and 2 MITM Attacks:

MITM/Layer 1 and 2

Network Tap: MITM/Wired/Network Tap

Evil Twin Attack: Evil Twin  · MITM/Evil Twin


Layer 3 and 4 MITM Attacks:

MITM/Layer 3 and 4

Traffic Sniffing: MITM/Sniffing

ARP Poisoning: MITM/ARP Poisoning

Traffic Injection/Modification: MITM/Traffic Injection

DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2

DHCP Attacks: MITM/DHCP

WPAD MITM Attack: MITM/WPAD

Port Stealing: MITM/Port Stealing

Rushing Attack: MITM/Rushing Attack

Attacking HTTPS: MITM/HTTPS


Layer 5 MITM Attacks:

Session Hijacking: MITM/Session Hijacking


Toolz:

Ettercap  · Bettercap  · MITMf  · EvilFOCA

Wireshark  · Aircrack

Dsniff  · Arpspoof  · Dnsspoof

SSLSniff  · SSLStrip  · Frankencert

Driftnet  · Karma


MITM Labs: {{MITMLabs}}


Category:MITM  · Category:Attacks  · Category:Kali Attack Layers

Template:MITMLabs  · Template:MITMFlag

Flags  · Template:MITMFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=MITM/Sniffing&oldid=29109"