MITM/Wired/Network Tap
From charlesreid1
Contents
Setup
For a wired network tap, we need an attacking device with two network interfaces - one to connect to the sheep, one to connect to the network device.
A physical network tap can be as simple as a crossover cable connecting to the target computer. This is easier if the attacking computer is a router running OpenWRT or a Raspberry Pi or some other low form factor computer.
The Network Arrangement
The network will be arranged as follows:
[ Router ]-----[ Kronos (Attacker) ]------[ Mars (Sheep) ]
Usually the attacker has two ethernet ports, but in this case I'll be using one ethernet port and one wireless card:
[ Router ] ~ ~ ~ ~ [ Kronos (Attacker) ]---------[ Mars (Sheep) ]
Procedure
Install Bridge Utils on Attacker
On machine doing the attacking, you will need bridge utilities to the build the network bridge. Install this before you do any of the rest of these steps.
kronos $ apt-get install bridge-utils
Connect to Target and Router
First step is to replicate the connection described above, either with wireless or wired connections.
Having a wired connection between the attacker and the sheep greatly simplifies the attack.
The attacking machine has an ethernet device connected to a crossover cable connected to the sheep:
kronos $ ifconfig eth0
It also has a wireless card,
kronos $ ifconfig wlan5
which is connected to a wireless network and to the internet. This is the connection the sheep will share.
Open IP Addresses
Configure both devices as open.
kronos $ ifconfig eth0 0.0.0.0 kronos $ ifconfig wlan5 0.0.0.0
Create Bridge
Attempt 1
Now bridge the two devices with a bridge0 interface and the brctl command:
kronos $ brctl addbr bridge0 kronos $ brctl addif bridge0 eth0 kronos $ brctl addif bridge0 wlan5 can't add wlan5 to bridge bridge0: Operation not supported
crap.
Attempt 2
Edit network interfaces:
kronos $ vim /etc/network/interfaces
We'll make a bridge in the network interfaces file, instead of ad hoc on the command line.
Add this info to /etc/network/interfaces:
auto br0 iface br0 inet dhcp bridge_ports wlan0 eth2 up \ /sbin/iwconfig wlan0 essid MyHomeRouter && \ /sbin/iwconfig wlan0 channel 11 && \ /sbin/iwconfig wlan0 mode Master
Now you can refresh your network devices and you should see your bridge.
To refresh your network devices:
kronos $ service networking restart
Check if it's there - aaaaaand, cha-ching!
kronos $ ifconfig br0
br0 Link encap:Ethernet HWaddr 36:6b:d8:b6
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:2052 (2.0 KiB)
Test Bridge
Only an idiot would go across a bridge without testing it..... right?
Attempt 1
1. Start browsing the web on the sheep. (FAIL: Sheep can't get an IP or a network connection out.)
2. Run tcpdump on the attacking machine.
Dunno
Gonna switch this around.
Wireless access point, routing to ethernet.
Man in the Middle/Wireless/Network Tap
 |
monkey in the middle attacks in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: MITM/Wireless Wired Attacks: MITM/Wired
Layer 1 and 2 MITM Attacks: Network Tap: MITM/Wired/Network Tap Evil Twin Attack: Evil Twin · MITM/Evil Twin
Layer 3 and 4 MITM Attacks:
ARP Poisoning: MITM/ARP Poisoning Traffic Injection/Modification: MITM/Traffic Injection DNS Attacks: MITM/DNS · Bettercap/Failed DNS Spoofing Attack · Bettercap/Failed DNS Spoofing Attack 2 DHCP Attacks: MITM/DHCP WPAD MITM Attack: MITM/WPAD Port Stealing: MITM/Port Stealing Rushing Attack: MITM/Rushing Attack Attacking HTTPS: MITM/HTTPS
Session Hijacking: MITM/Session Hijacking
Toolz:
SSLSniff · SSLStrip · Frankencert
MITM Labs: {{MITMLabs}}
Category:MITM · Category:Attacks · Category:Kali Attack Layers Template:MITMLabs · Template:MITMFlag Flags · Template:MITMFlag · e |