Man in the Middle/Wired/Network Tap
For a wired network tap, we need an attacking device with two network interfaces - one to connect to the sheep, one to connect to the network device.
A physical network tap can be as simple as a crossover cable connecting to the target computer. This is easier if the attacking computer is a router running OpenWRT or a Raspberry Pi or some other low form factor computer.
The Network Arrangement
The network will be arranged as follows:
[ Router ]-----[ Kronos (Attacker) ]------[ Mars (Sheep) ]
Usually the attacker has two ethernet ports, but in this case I'll be using one ethernet port and one wireless card:
[ Router ] ~ ~ ~ ~ [ Kronos (Attacker) ]---------[ Mars (Sheep) ]
Install Bridge Utils on Attacker
On machine doing the attacking, you will need bridge utilities to the build the network bridge. Install this before you do any of the rest of these steps.
kronos $ apt-get install bridge-utils
Connect to Target and Router
First step is to replicate the connection described above, either with wireless or wired connections.
Having a wired connection between the attacker and the sheep greatly simplifies the attack.
The attacking machine has an ethernet device connected to a crossover cable connected to the sheep:
kronos $ ifconfig eth0
It also has a wireless card,
kronos $ ifconfig wlan5
which is connected to a wireless network and to the internet. This is the connection the sheep will share.
Open IP Addresses
Configure both devices as open.
kronos $ ifconfig eth0 0.0.0.0 kronos $ ifconfig wlan5 0.0.0.0
Now bridge the two devices with a
bridge0 interface and the
kronos $ brctl addbr bridge0 kronos $ brctl addif bridge0 eth0 kronos $ brctl addif bridge0 wlan5 can't add wlan5 to bridge bridge0: Operation not supported
Edit network interfaces:
kronos $ vim /etc/network/interfaces
We'll make a bridge in the network interfaces file, instead of ad hoc on the command line.
Add this info to
auto br0 iface br0 inet dhcp bridge_ports wlan0 eth2 up \ /sbin/iwconfig wlan0 essid MyHomeRouter && \ /sbin/iwconfig wlan0 channel 11 && \ /sbin/iwconfig wlan0 mode Master
Now you can refresh your network devices and you should see your bridge.
To refresh your network devices:
kronos $ service networking restart
Check if it's there - aaaaaand, cha-ching!
kronos $ ifconfig br0 br0 Link encap:Ethernet HWaddr 36:6b:d8:b6 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:2052 (2.0 KiB)
Only an idiot would go across a bridge without testing it..... right?
1. Start browsing the web on the sheep. (FAIL: Sheep can't get an IP or a network connection out.)
2. Run tcpdump on the attacking machine.
Gonna switch this around.
Wireless access point, routing to ethernet.
man in the middle attacksin which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: Man in the Middle/Wireless
Wired Attacks: Man in the Middle/Wired
Layer 1 and 2 MITM Attacks:
Network Tap: Man in the Middle/Wired/Network Tap
Layer 3 and 4 MITM Attacks:
ARP Poisoning: Man in the Middle/ARP Poisoning
Traffic Injection/Modification: Man in the Middle/Traffic Injection
DHCP Attacks: Man in the Middle/DHCP
WPAD MITM Attack: Man in the Middle/WPAD
Port Stealing: Man in the Middle/Port Stealing
Rushing Attack: Man in the Middle/Rushing Attack
Attacking HTTPS: Man in the Middle/HTTPS
Session Hijacking: Man in the Middle/Session Hijacking
Man in the Middle Labs:
Dsniff ARP Poisoning:
Bettercap ARP Poisoning: MITM Labs/Bettercap Over Wifi
Bettercap to Replace Images: MITM Labs/Bettercap to Replace Images
MITMf to Backdoor Browsers: MITM Labs/MITMf to Backdoor Browsers
Browser + Wireshark/SSLSniff to Decrypt HTTPS: MITM Labs/Decrypting HTTPS Traffic with Private Key File
Browser + Wireshark to Decrypt HTTPS: MITM Labs/Decrypting HTTPS Traffic by Obtaining Browser SSL Session Info
Bettercap to MITM Android Phone: MITM Labs/Bettercap Android Evo
Bettercap to MITM iPhone: MITM Labs/Bettercap iPhone
Flags · Template:MITMFlag · e