Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Tools of the Trade Now, let’s talk about some of the popular tools that could be used to perform Man in the Middle attacks. Dsniff
- Using ARP Spoof to Perform MITM Attacks
|
Tools of the Trade
Now, let’s talk about some of the popular tools that could be used to perform Man in the Middle attacks. Dsniff Dsniff is called the Swiss army knife of command line ARP spoofing tools. It includes many tools to sniff various types of traffic. The most popular of them is ARP spoof, which would be demon- strated next. Dsniff is not developed or updated any more, but the tool still works and is great for performing Man in the middle attacks. The set of tools include the following: ◾ Arpspoof —Used for poisoning the ARP cache by forging ARP replies ◾ Mailsnarf —Used to sniff e-mail messages sent from protocols like SMTP and POP ◾ Msgsnaf —Sniffs all the IM messaging conversations ◾ Webspy —Used to sniff all the URLs that a victim has visited via his browser and later use to open it in our browser ◾ Urlsnarf —Sniffs all the URLs ◾ Macof —Used to perform a MAC flooding attack Using ARP Spoof to Perform MITM Attacks Before we perform a man in the middle attack, we need to enable IP forwarding so that the traffic could be forwarded to the destination. In order to enable it, we will use the following command: echo 1 >/proc/sys/net/ipv4/ip_forward We can confirm that port forwarding is enabled by using the cat command to display the contents of the ip _ forward file . “1” means that IP forwarding is enabled; “0” means it’s disabled. Now that we have enabled IP forwarding, we need to gather the following information to perform an man in the middle attack: 1. Attacker’s IP 2. Victim’s IP 3. Default gateway 146 ◾ Ethical Hacking and Penetration Testing Guide Attacker’s IP —This will be the IP address of my BackTrack machine, which is 192.168.75.138. Victim’s IP —My victim is a Windows XP machine, which has an IP 192.168.75.142. Default gateway —The default gateway is the IP address of my router, which is 192.168.75.142. Next, we would take a note of the victim’s MAC addresses associated with each of them. We can view the MAC addresses in the ARP cache: From this ARP cache, we can see that we have the MAC address of the default gateway (192.168.75.2) and our machine (192.168.75.138). So what we would like to do is to tell the default gateway that the victim’s IP address is associated with our MAC address and vice versa. Let’s try ARP spoof to do this job. Usage The basic syntax for arpspoof is as follows: arpspoof –i [Interface] –t [Target Host] In this case, our interface is “eth0,” and our targets are 192.168.75.2 (gateway) and 192.168.75.142 (victim). So our command would be as follows: arpspoof –i eth0 –t 192.168.75.142 192.168.75.2 On taking a look at the ARP cache again, we figure out that the gateway MAC address has been replaced with our MAC address. So anything that the victim sends to the gateway will be forwarded to us. Network Sniffing ◾ 147 We also need to issue the same command in a reverse manner because when we are in the middle and we need to send ARP replies both ways. arpspoof –I eth0 –t 192.168.75.2 192.168.75.142 If we take a look at the ARP cache of the victim’s machine now, we will find our MAC address associated with both IP addresses (default gateway and victim). Yüklə 22,44 Mb. Dostları ilə paylaş:
|