Man-in-the-middle attack (MITM)
Today we will talk about Man-in-the-middle attacks. In computer security, a man-in-the-middle attack (often abbreviated mitm, or the same using all capital letters) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
In this guide we will be working with a Linux distribution called Kali Linux as it comes with all the tools we need pre-installed.
We will be working with the following tools Aprsproof, Urlsnarf, Driftnet.
This tutorial will work on any Linux distribution if you don’t have any of the tools installed you can install them using the following command.
# sudo apt-get install aprsproof && sudo apt-get install urlsnarf && sudo apt-get install driftnet
Victim IP address: 192.168.XX.YY1
Routers IP address: 192.168.XX.1
Attackers Network Interface: 192.168.XX.YY2
The first step is to configure our attacking machine to enable packet forwarding this will allow our attacking machine to mimic itself as the router. Tricking the victim machine into thinking it’s connecting to the router but really it will be connecting back to the attacking machine.
To start fire up your system and open a new terminal.
# echo '1'> /proc/sys/net/ipv4/ip_forward
This will allow us to provide and forward traffic from attacking machine to the victim machine.
Now our ip forwarding setup we now need to setup aprsproof between the victim and the router.
To find our what your local ip address is you can use ifconfig where it says inet is your local ip address.
Now we need to discover what hosts are live on the network to do this we will be using a tool called nmap.
# nmap -sP 192.168.XX.1/24
To setup aprsproof between the victim and the router. Open up a command terminal and use the following commands Note: You will need to open up 2 separate terminals terminator is a great tool to allow you to use a split view.
# arpspoof -i wlan0 -t <victimip> <routerip>
Now we need to set up arpspoof between the router and the victim.
# arpspoof -i wlan0 -t <routerip> <victimip>
Now we have the above steps complete all data sent or received by the victim machine should be getting forwarded to the attacking machine.
When the victim machine visits a website all of the image traffic will be forwarded to attacking machine. You can intercept these images using driftnet to start driftnet open up a new terminal and using the following command.
# driftnet -i wlan0
If you would like to see what websites the victim is visiting you can use urlsnarf.
Urlsnarf will record all websites visited by the victim and forward them back the attacker.
# urlsnarf -i wlan0
Now we will use dsniff it will allow us to grab passwords in plain text for protocols such as ftp, telnet, HTTP, SNMP, POP, LDAP, etc.
To use dniff open a new terminal up and use command dsniff.
If your using a Wireless Interface and want to grab traffic other then your own put your Wireless interface into Promiscuous Mode.