Man in the Middle/DHCP
So what is DHCP anyway? DHCP is domain host control protocol - it's how IP addresses get handed out to different devices.
ACK injection consists of an attacker monitoring a DHCP conversation between the DHCP server and a potential network node, and at some point during the conversation, sending a packet to interfere with the conversation. By controlling the DHCP process, the attacker controls the association between the IP address and MAC address of the sheep device - an alternative attack to ARP Poisoning with the same end.
EvilFOCA converts the attacker machine into a fake DHCP server on the network.
See #EvilFOCA tool below.
DNS Hijacking consists in modifying the way the sheep's DNS system works. This can be achieved at multiple levels (e.g., at the system level, by breaking into and modifying the client's system to permanently point to a pirate DNS server; or at the network level, by conducting a MITM attack on DNS requests.) By poisoning routes, the attacker receives the sheep's DNS requests and can respond to specific DNS requests from the sheep to a destination of the attacker's choosing.
Tool for conducting various DNS attacks (and other types of attacks)
- Capable of conducting DHCP ACK Injection - attacker monitors DHCP exchanges, interferes by sending packets, attacker acts as fake DHCP server
- DNS Hijacking - hijacking the shee's DNS channel to control where the sheep's requests point them
man in the middle attacksin which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: Man in the Middle/Wireless
Wired Attacks: Man in the Middle/Wired
Layer 1 and 2 MITM Attacks:
Network Tap: Man in the Middle/Wired/Network Tap
Layer 3 and 4 MITM Attacks:
ARP Poisoning: Man in the Middle/ARP Poisoning
Traffic Injection/Modification: Man in the Middle/Traffic Injection
DHCP Attacks: Man in the Middle/DHCP
WPAD MITM Attack: Man in the Middle/WPAD
Port Stealing: Man in the Middle/Port Stealing
Rushing Attack: Man in the Middle/Rushing Attack
Attacking HTTPS: Man in the Middle/HTTPS
Session Hijacking: Man in the Middle/Session Hijacking
Man in the Middle Labs:
Dsniff ARP Poisoning:
Bettercap ARP Poisoning: MITM Labs/Bettercap Over Wifi
Bettercap to Replace Images: MITM Labs/Bettercap to Replace Images
MITMf to Backdoor Browsers: MITM Labs/MITMf to Backdoor Browsers
Browser + Wireshark/SSLSniff to Decrypt HTTPS: MITM Labs/Decrypting HTTPS Traffic with Private Key File
Browser + Wireshark to Decrypt HTTPS: MITM Labs/Decrypting HTTPS Traffic by Obtaining Browser SSL Session Info
Bettercap to MITM Android Phone: MITM Labs/Bettercap Android EvoFlags · Template:MITMFlag · e