Ethical Hacking and Penetration Testing Guide

  Network Sniffing ......................................................................................................139

Yüklə 22,44 Mb. Pdf görüntüsü səhifə 7/235 tarix 07.08.2023 ölçüsü 22,44 Mb. #138846

6  Network Sniffing ......................................................................................................139 Introduction ...................................................................................................................139 Types of Sniffing .............................................................................................................140 Active Sniffing .......................................................................................................140 Passive Sniffing ......................................................................................................140 Hubs versus Switches ......................................................................................................140 Promiscuous versus Nonpromiscuous Mode ...................................................................141 MITM Attacks ...............................................................................................................141 ARP Protocol Basics .......................................................................................................142 How ARP Works ............................................................................................................142 ARP Attacks ...................................................................................................................143 MAC Flooding ......................................................................................................143 Macof ...........................................................................................................143 ARP Poisoning ......................................................................................................144 Scenario—How It Works ...............................................................................................144 Denial of Service Attacks ................................................................................................144 Tools of the Trade ...........................................................................................................145 Dsniff ....................................................................................................................145 Using ARP Spoof to Perform MITM Attacks.................................................................145 Usage .....................................................................................................................146 Sniffing the Traffic with Dsniff .......................................................................................147 Sniffing Pictures with Drifnet .........................................................................................147 Urlsnarf and Webspy ......................................................................................................148 Sniffing with Wireshark ..................................................................................................149 Ettercap ..........................................................................................................................150 ARP Poisoning with Ettercap .........................................................................................150 Hijacking Session with MITM Attack ............................................................................152 Attack Scenario ...............................................................................................................152 ARP Poisoning with Cain and Abel ................................................................................153 Sniffing Session Cookies with Wireshark ........................................................................155 Hijacking the Session ......................................................................................................156 SSL Strip: Stripping HTTPS Traffic ...............................................................................157 Requirements ..................................................................................................................157 Usage .....................................................................................................................158 Automating Man in the Middle Attacks .........................................................................158 Usage .....................................................................................................................158 DNS Spoofing ................................................................................................................159 ARP Spoofing Attack ............................................................................................159 Manipulating the DNS Records ............................................................................160 Using Ettercap to Launch DNS Spoofing Attack ...................................................160 DHCP Spoofing .............................................................................................................160 Conclusion ......................................................................................................................161 Yüklə 22,44 Mb. Dostları ilə paylaş: