Man in the middle attack

Man-in-the-Middle Attack
—————————————
Man-In-The-Middle attack is the type of
attack where attackers intrude into an
existing connection to intercept the
exchanged data and inject false
information. It involves eavesdropping on
a connection, intruding into a connection,
intercepting messages, and selectively
modifying data.
DEFINITION :
——————
The term "Man-in-the-middle
attack" (MITM attack) refers to the type of
attack where the attacker intrudes into the
communication between the endpoints on
a network to inject false information and
intercept the data transferred between
them.
MITM attack is also known as:
—————————————
Bucket-brigade attack
——————————
Fire brigade attack
—————————
Monkey-in-the-middle attack
—————————————
Session hijacking
————————
TCP hijacking
———————
TCP session hijacking
———————————
Name Origin:
——————
The name "Man-in-the-Middle" is derived
from the basketball scenario where two
players intend to pass a ball to each other
while one player between them tries to
seize it. MITM attacks are sometimes
referred to as "bucket brigade attacks" or
"fire brigade attacks." Those names are
derived from the fire brigade operation of
dousing off the fire by passing buckets
from one person to another between the
water source and the fire.
MITM TECHNIQUES
——————————
The techniques used for MITM attacks can
be classified below in consideration of the
following three network environment types:
Local Area Network
—————————
From Local To Remote (through a
gateway)
—————————————————————
Remote
———
Local Area Network :-
—————————
—————————
1 ) ARP spoofing :
—————————
Briefing: ARP (Address Resolution
Protocol) spoofing is also known as "ARP
poisoning" or ARP Poison Routing. The
attacker may use ARP spoofing to sniff
data frames on LAN and to modify the
packets. The attacker may corrupt the ARP
caches of directly connected hosts and
finally take over the IP address of the
victim host.
Tools used:
***********
ARPoison : is a UNIX Command-line tool
that can be used to create spoofed ARP
packets.
Ettercap : can be used for filtering,
hijacking, poisoning, sniffing, including
SSH v.1 sniffing (transparent attack).
Dsniff : can be used for poisoning, sniffing,
including SSH v.1 sniffing (proxy attack)
Parasite : is a daemon used to watch a
LAN for ARP requests and automatically
send spoofed ARP replies.
—————————
2) DNS spoofing :
—————————
Briefing: The attacker starts by sniffing the
ID of any DNS request, and then replies to
the target requests before the real DNS
server.
Tools used:
**********
ADM DNS spoofing tools can spoof DNS
packets via various active and passive
methods.
Ettercap (Plugin needed: phantom plugin)
Dsniff (dnsspoof)
Zodiac can be used for DNS name server
versioning, DNS local spoofing (answering
DNS queries before the remote name
server), DNS jizz spoofing, and DNS ID
spoofing.
—————————
3) IP address spoofing :
—————————
Briefing: The attacker creates IP packets
with a forged source IP address in order to
conceal the identity of the packet sender or
to impersonate another computer system.
(This method of attack on a remote system
can be very difficult, because it involves
modifying thousands of packets at a time.
This type of attack is most effective where
trust relationships exist between
endpoints.)
Tools used:
*********
Hping. can be used to prepare spoofed IP
datagrams with only a one-line command,
and the attacker can send the prepared
datagrams to almost any target victim.
Spoofed IP.
—————————
4) Port stealing
—————————
Briefing:
The term "Port Stealing" refers to the MITM
technique used to spoof the switch
forwarding database (FDB) and usurp the
switch port of the victim host for packet
sniffing on Layer 2 switched networks. The
attacker starts by flooding the switch with
the forged ARP packets that contain the
same source MAC address as that of the
victim host and the same destination MAC
address as that of the attacker host. Note
that those packets are invisible to other
host on the same network. Now that the
victim host also sends packets to the
switch at the same time, the switch will
receive packets containing the same
source MAC address with two different
ports. Therefore, the switch will repeatedly
alter the MAC address binding to either of
the two ports by referencing the relevant
information in the packets. If the attacker's
packets are faster, the switch will send the
attacker the packets intended for the victim
host. Then the attacker sniffs the received
packet, stops flooding and sends an ARP
request for the victim’s IP address. After
receiving the ARP reply from the victim
host, the attacker will manage to forward
the "stolen" packet to the victim host.
Finally, the flooding is launched again for
another attacking cycle.
Tools used:
Ettercap (Plugin needed: Confusion plugin)
—————————
5) STP mangling
—————————
Briefing:
STP (Spanning-Tree Protocol) mangling
refers to the technique used for the
attacker host to be elected as the new root
bridge of the spanning tree. The attacker
may start either by forging BPDUs (Bridge
Protocol Data Units) with high priority
assuming to be the new root, or by
broadcasting STP Configuration/Topology
Change Acknowledgement BPDUs to get
his host elected as the new root bridge. By
taking over the root bridge, the attacker
will be able to intercept most of the traffic.
Tools used:
Ettercap (Plugin needed: Lamia plugin)
Yersinia
From Local To Remote (through a
gateway) :-
—————————————————————
ARP poisoning
DNS spoofing
DHCP spoofing (e.g., Spoofing the DHCP
Server)* is a type of attack on DHCP server
to obtain IP addresses using spoofed
DHCP messages
Gateway spoofing (usually, spoofing the
default gateway)
ICMP redirection
IRDP spoofing - route mangling
Remote
———
DNS poisoning
Route mangling
Traffic tunneling
TOOLS
———
The fowllowing tools are commonly used
for launching, detecting or testing MITM
attacks.
Ettercap :-
———
Tool Name: Ettercap
Current Version: NG-0.7.3 (Release Date:
May 29, 2005)
Developer: Alberto Ornaghi, Marco Valleri
Platform/OS:
FreeBSD 4.x 5.x;
Linux 2.0.x, 2.2.x, 2.4.x, 2.6.x;
Microsoft Windows 2000/XP/2003;
NetBSD 1.5;
OpenBSD 2.[789], 3.x;
OS X (darwin 6.x, 7.x);
Solaris 2.x.
Commercial or Freeware: Freeware
URL: http://ettercap.sourceforge.net/
Briefing: Ettercap is a multipurpose
hacking suite for the switched LAN
environment. As a LAN-based sniffer,
interceptor and logger, it is chiefly featured
by live-connection sniffing and content
filtering on the fly. It supports the active
and passive dissection of many protocols
(even the ciphered ones) and includes
some functionalities for network and host
analysis. Ettercap can be used to launch
an MITM attack via ARP poisoning or port
stealing.
Dsniff :-
———
Tool Name: Dsniff
Current Version: 2.3 (Release Date:
December 19, 2000)
Developer: Dug Song
Platform/OS:
OpenBSD (i386);
Redhat Linux (i386);
Solaris (sparc).
Commercial or Freeware: Freeware
URL: http://www.monkey.org/~dugsong/
dsniff
Briefing: Dsniff is claimed as a tool suite
developed for network auditing and
penetration testing, but the attacker can
use it for SSL MITM attacks. Its
components "dsniff", "filesnarf",
"mailsnarf", "msgsnarf", "urlsnarf", and
"webspy" can be used to passively monitor
a network for sensitive data (e-mail, files
and passwords). Its other components like
"arpspoof", "dnsspoof", and "macof" allow
the attacker to intercept network packets
normally unavailable to the attacker. Its
components "SSHMITM" and "WEBMITM"
may help the attacker to launch active
man-in-the-middle attacks against
redirected SSH and HTTPS sessions by
exploiting weak bindings in ad-hoc PKI.
Yersinia :-
————
Tool Name: Yersinia
Current Version: 0.7.1 (Release Date: May
8, 2007)
Developer: Alfredo Andrés Omella (Slay),
David Barroso Berrueta (tomac)
Platform/OS:
Linux 2.4.x and 2.6.x;
Mac OSX 10.4 Tiger (Intel);
OpenBSD 3.4 (note: upgrade your pcap
libraries to at least 0.7.2);
Solaris 5.8 64bits SPARC.
Commercial or Freeware: Freeware
URL: http://www.yersinia.net/
Briefing: Yersinia takes its name from the
bacteria "Yersinia pestis." It can be used
to exploit the vulnerabilities of the following
network protocols: STP, CDP, DTP, DHCP,
HSRP, IEEE 802.1Q, IEEE 802.1X, ISL
(Inter-Switch Link Protocol), and VTP
(VLAN Trunking Protocol).
Yersinia supports multithreading: multiple
users and multiple attacks per user. It has
three main modes: command line, network
client and ncurses GUI. The attacker can
use it to listen to the network, sniff packets,
edit protocol fields, intercept network data
in pcap format, analyze captured packets
and replay them with the attacker's
modifications.
Yersinia can be used for 29 types of
attacks. In STP cases, the MITM attacker
may use it on computers with two Ethernet
cards to disguise as a root role dual-
homed switch. In HSRP cases, the MITM
attacker may use it to become an active
router.

Comments

Post a Comment

Popular posts from this blog

How to Watch 18+ Videos On You-tube Without Signing In?

Image
Sometime its annoying when youtube ask you to sign in for your age verification to watch 18+ videos. So i will make it easy for you by showing you a simple youtube trick to watch adult or 18+ youtube videos without signing In. This trick is 100% working as of 2013. So lets get started. Here are the steps:- 1. First get the Url of video you want to watch. As shown below. http://www.youtube.com/ watch?v= 4Xkh6j7RMqk 2. Then cop y the Video Id. For above link video Id is 4Xkh6j7RMqk 3. Now paste the Video Id in the link given below. http://www.youtube.com/v/ VideoId ?fs=1 Replace VideoId with the Id you copied in Step 2 4. Now the url will become as shown below. http://www.youtube.com/ v/4Xkh6j7RMqk ?fs=1 5. Done.
Read more

Basic Of Electric Guitar And Electric Guitar Buying Guide

Image
Electric Guitar Buying Guide Home > Do It Online > Learn online > Guitar How to Choose an Electric Guitar The anatomy of an electric guitar Tonewoods: sonic signature Since the earliest days of music, instruments and woods have had a relationship, and electric guitars are no different. The woods used in electric guitars are often referred to as tonewoods. These are are well known for having desirable tone and sustain when used in musical instruments. It’s interesting to note that the wood itself takes on different characteristics depending on which part of the guitar it’s used for. The woods listed below are the most commonly used tonewoods for electric guitars, though you will find others. Even though one guitar may have the same tonewoods as another, they may still sound very different. Common Tone Woods Alder Lightweight with balanced tone. Ash Open grain with balanced tone, great for transparent finishes. Basswood Lightweight and warm
Read more

Cancer :Facts Which are Common And Death Which Are Popular

Image
Cancer :Facts Which are Common And Death Which Are Popular What is cancer and what causes it?   Cancer  is a term used for diseases in which abnormal cells divide without control and are able to invade other tissues.  Cancer  cells can spread to other parts of the body through the blood and lymph systems. Cancer  is not just one disease but many diseases. There are more than 100 different types of  cancer .
Read more