Man in the Middle/Wireless/Network Tap
Installing a wireless network tap involves the attacker placing a physical device between the target and the network device they're trying to communicate with.
Just as a phone tap is a physical bug installed on a phone line, and an ethernet tap is a physical device with two ethernet ports physically on the network, a wireless tap is a physical device with a wireless connection to both the attacker and their authentic network device (the router, modem, etc.)
This involves creating a wireless access point, plus a corresponding network tap device, on the attacker's machine. The attacker can then bridge the network tap and the ethernet device, and bridge the two devices. In this way, when a sheep connects to the access point all of their traffic will be forwarded through the access point, allowing a MITM attack to occur.
In this configuration you're bridging two wireless devices to create a wireless network tap. This is gonna be slow...
To set this up we need three things:
1. be able to turn wireless device into an access point with airbase-ng
2. bridge network traffic from wireless ap to ethernet
Wireless Access Point
We can create a wireless access point with our wireless card by using airbase-ng.
We specify the MAC address and ESSID of the resulting access point.
$ airbase-ng -a <MAC for our access point> -c <channel> -e 'testing' wlan5
Now we can take a look at the available networks on the Sheep, and we'll see "testing" show up as an unencrypted wireless network.
Our hapless sheep is enthralled by the prospect of free wifi, so the sheep connects.
man in the middle attacksin which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: Man in the Middle/Wireless
Wired Attacks: Man in the Middle/Wired
Layer 1 and 2 MITM Attacks:
Network Tap: Man in the Middle/Wired/Network Tap
Layer 3 and 4 MITM Attacks:
ARP Poisoning: Man in the Middle/ARP Poisoning
Traffic Injection/Modification: Man in the Middle/Traffic Injection
DHCP Attacks: Man in the Middle/DHCP
WPAD MITM Attack: Man in the Middle/WPAD
Port Stealing: Man in the Middle/Port Stealing
Rushing Attack: Man in the Middle/Rushing Attack
Attacking HTTPS: Man in the Middle/HTTPS
Session Hijacking: Man in the Middle/Session Hijacking
Man in the Middle Labs:
Dsniff ARP Poisoning:
Bettercap ARP Poisoning: MITM Labs/Bettercap Over Wifi
Bettercap to Replace Images: MITM Labs/Bettercap to Replace Images
MITMf to Backdoor Browsers: MITM Labs/MITMf to Backdoor Browsers
Browser + Wireshark/SSLSniff to Decrypt HTTPS: MITM Labs/Decrypting HTTPS Traffic with Private Key File
Browser + Wireshark to Decrypt HTTPS: MITM Labs/Decrypting HTTPS Traffic by Obtaining Browser SSL Session Info
Bettercap to MITM Android Phone: MITM Labs/Bettercap Android EvoFlags · Template:MITMFlag · e