MITM Labs/Bettercap iPhone

From charlesreid1

Procedure

Hardware

Conducting an attack with Kali Linux running on a laptop.

The target is a sheep running an iPhone 5.

Connect to Wireless with iPhone

Obtain IP address on local network. Next step is to attack.

Surveillance

Start by doing recon. Scan the network with nmap to find the phone's IP: 

$ nmap -F 192.168.0.*

-F is for fast scan, which only scans the lowest 100 ports.

This reveals a scan report for the iPhone at 192.168.0.14.

Now we have our target for the MITM.

Do an aggressive nmap scan so you know what services are running on the sheep: 

$ nmap -A 192.168.0.14

No open ports, no running services, and not enough information to produce a specific operating system fingerprint. Well, at least we tried.

MITM with Bettercap

On the Kali machine, run a MITM attack with Bettercap: 

$ bettercap -I wlan1 -O betercap_androidmitm.log -S ARP -X --gateway 192.168.0.1 --target 192.168.0.14

then run Wireshark on the attacker machine to verify the traffic is flowing your direction.

Results

The iPhone is totally resistant to a MITM attack.

HTTP pages would NOT load on the phone. Apps that required an insecure network connection (e.g., news app) reported a network error. No HTTP traffic could be sniffed.

HTTPS services like Google search, large bank website, and map app worked fine and were not vulnerable to the MITM attack. They made it past the attacker unsniffed and uninterrupted.

Flags


Defcon.png
monkey in the middle attacks
in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.

MITM

Wireless Attacks: MITM/Wireless

Wired Attacks: MITM/Wired


Layer 1 and 2 MITM Attacks:

MITM/Layer 1 and 2

Network Tap: MITM/Wired/Network Tap

Evil Twin Attack: Evil Twin  · MITM/Evil Twin


Layer 3 and 4 MITM Attacks:

MITM/Layer 3 and 4

Traffic Sniffing: MITM/Sniffing

ARP Poisoning: MITM/ARP Poisoning

Traffic Injection/Modification: MITM/Traffic Injection

DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2

DHCP Attacks: MITM/DHCP

WPAD MITM Attack: MITM/WPAD

Port Stealing: MITM/Port Stealing

Rushing Attack: MITM/Rushing Attack

Attacking HTTPS: MITM/HTTPS


Layer 5 MITM Attacks:

Session Hijacking: MITM/Session Hijacking


Toolz:

Ettercap  · Bettercap  · MITMf  · EvilFOCA

Wireshark  · Aircrack

Dsniff  · Arpspoof  · Dnsspoof

SSLSniff  · SSLStrip  · Frankencert

Driftnet  · Karma


MITM Labs: {{MITMLabs}}


Category:MITM  · Category:Attacks  · Category:Kali Attack Layers

Template:MITMLabs  · Template:MITMFlag

Flags  · Template:MITMFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=MITM_Labs/Bettercap_iPhone&oldid=13398"