MITM/WPAD
From charlesreid1
What is it?
WPAD is an Internet Explorer vulnerability in the way that IE searches for a proxy server. When IE is set to auto-detect proxy settings, it sends out a request for a server named WPAD to ask for a proxy server IP address. A malicious attacker can set up their own proxy server, and listen for that WPAD request. When the request comes in, the attacker responds with the fake proxy's IP address.
To add additional maliciousness, you can ask the user to re-enter their network credentials, and then store those.
In the end, the sheep's browser has asked for, and received, an IP address for what it thinks is a trusted web proxy on a trusted network. However, the web proxy is actually controlled by the attacker. Thus, the sheep's browser is now willingly passing all of its traffic through this hostile proxy server.
Tools
The MITMf (man in the middle framework) is capable of doing this: https://github.com/byt3bl33d3r/MITMf
Flags
 |
monkey in the middle attacks in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: MITM/Wireless Wired Attacks: MITM/Wired
Layer 1 and 2 MITM Attacks: Network Tap: MITM/Wired/Network Tap Evil Twin Attack: Evil Twin · MITM/Evil Twin
Layer 3 and 4 MITM Attacks:
ARP Poisoning: MITM/ARP Poisoning Traffic Injection/Modification: MITM/Traffic Injection DNS Attacks: MITM/DNS · Bettercap/Failed DNS Spoofing Attack · Bettercap/Failed DNS Spoofing Attack 2 DHCP Attacks: MITM/DHCP WPAD MITM Attack: MITM/WPAD Port Stealing: MITM/Port Stealing Rushing Attack: MITM/Rushing Attack Attacking HTTPS: MITM/HTTPS
Session Hijacking: MITM/Session Hijacking
Toolz:
SSLSniff · SSLStrip · Frankencert
MITM Labs: {{MITMLabs}}
Category:MITM · Category:Attacks · Category:Kali Attack Layers Template:MITMLabs · Template:MITMFlag Flags · Template:MITMFlag · e |