Man in the Middle/Sniffing
This page covers man in the middle attacks and tools that focus on sniffing traffic.
When it comes to sniffing traffic during a man in the middle attack, you have multiple options. You can utilize tools to conduct a man in the middle attack that have built-in functionality to sniff traffic (e.g., Ettercap). You can use tools that expect a tapped network connection to already exist. You can even capture traffic from a man-in-the-middle session and record it for later offline analysis.
Different tools for different objectives and techniques.
Ettercap is a tool for conducting man in the middle attacks that has sniffing functionality built in. Ettercap works by creating a network bridge between two network interfaces, and it allows you to look at (and modify) traffic that flows through that network bridge. The sniffing comes along for the ride when you use Ettercap.
Dsniff is a suite of tools, each relating to particular protocols. It has the capability to deal with SSL/SSH/HTTPS. It can also deal specifically with web traffic, email traffic, ftp, sql, socks, cvs, images, etc. This provides a very targeted method of attacking streams of particular types of data.
man in the middle attacksin which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: Man in the Middle/Wireless
Wired Attacks: Man in the Middle/Wired
Layer 1 and 2 MITM Attacks:
Network Tap: Man in the Middle/Wired/Network Tap
Layer 3 and 4 MITM Attacks:
ARP Poisoning: Man in the Middle/ARP Poisoning
Traffic Injection/Modification: Man in the Middle/Traffic Injection
DHCP Attacks: Man in the Middle/DHCP
WPAD MITM Attack: Man in the Middle/WPAD
Port Stealing: Man in the Middle/Port Stealing
Rushing Attack: Man in the Middle/Rushing Attack
Attacking HTTPS: Man in the Middle/HTTPS
Session Hijacking: Man in the Middle/Session Hijacking
Man in the Middle Labs:
Dsniff ARP Poisoning:
Bettercap ARP Poisoning: MITM Labs/Bettercap Over Wifi
Bettercap to Replace Images: MITM Labs/Bettercap to Replace Images
MITMf to Backdoor Browsers: MITM Labs/MITMf to Backdoor Browsers
Browser + Wireshark/SSLSniff to Decrypt HTTPS: MITM Labs/Decrypting HTTPS Traffic with Private Key File
Browser + Wireshark to Decrypt HTTPS: MITM Labs/Decrypting HTTPS Traffic by Obtaining Browser SSL Session Info
Bettercap to MITM Android Phone: MITM Labs/Bettercap Android EvoFlags · Template:MITMFlag · e