Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • 1.1 Interceptor PDF

    Încărcat de

    damianmr
    18 vizualizări34 pagini

    Titlu original

    1.1 interceptor.pdf.pdf

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    18 vizualizări34 pagini

    1.1 Interceptor PDF

    Încărcat de

    damianmr

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 34

    Intercepting & Modifying Packets

    ● Scapy can be used to:


    ○ Create packets.
    ○ Analyse packets.
    ○ Send/receive packets.
    ● But it can’t be used to intercept packets/flows.
    Classic MITM Scenario

    Requests Requests Requests


    Victim
    Responses Responses Responses Access Point

    Hacker
    MITM - Sniffing Data

    Requests Requests Requests


    Victim
    Responses Responses Responses Access Point

    Hacker
    MITM - Modifying Data

    Requests Requests Requests


    Victim
    Responses Responses Responses Access Point

    Hacker
    MITM - Modifying Data

    Requests Request Requests


    Victim
    Modified Request Modified Request
    Access Point

    Hacker
    Queue
    Packet 1

    Packet 2
    Requests Requests
    Packet 3

    Packet 4

    …..etc

    Hacker
    Queue
    Packet 1

    Packet 2
    Requests Modify in Requests
    Packet 3 python
    program
    Packet 4

    …..etc

    Hacker
    Queue
    Packet 1

    Packet 2
    Modify in
    python Packet 3
    Responses program
    Responses
    Packet 4

    …..etc

    Hacker
    Bing.com web server User
    204.79.197.200
    facebook.com web server
    195.44.2.1

    DNS server
    Bing.com web server User
    204.79.197.200
    facebook.com web server
    .com
    195.44.2.1
    bing

    DNS server
    DNS Records

    204.79.197.200
    bing.com A

    195.44.2.1
    facebook.com A

    zsecurity.org A 104.27.153.174

    ……..etc
    Bing.com web server User
    204.79.197.200
    facebook.com web server
    195.44.2.1
    0
    7.20
    . 79.19
    204

    DNS server
    204.7
    9.197.
    200
    Bing.com web server User
    204.79.197.200
    facebook.com web server
    195.44.2.1

    DNS server
    Bing.com web server User
    204.79.197.200
    facebook.com web server
    .com
    195.44.2.1
    bing

    DNS server
    Requests
    Requests
    Bing.com web server Hacker User
    204.79.197.200
    Responses
    facebook.com web server Responses
    195.44.2.1

    DNS server
    bing.com
    Bing.com web server

    facebook.com web server


    204.79.197.200 Hacker User
    195.44.2.1

    Hacker web server


    10.0.2.16 DNS server
    Bing.com web server
    204.79.197.200
    m Hacker User
    g.co
    facebook.com web server
    195.44.2.1
    bin

    Hacker web server


    10.0.2.16 DNS server
    Bing.com web server

    facebook.com web server


    204.79.197.200 Hacker User
    195.44.2.1

    0
    7.20
    9.19
    4.8
    20
    Hacker web server
    10.0.2.16 DNS server
    Bing.com web server

    facebook.com web server


    204.79.197.200 Hacker User
    195.44.2.1 10.0.2.16

    Hacker web server


    10.0.2.16 DNS server
    winzip.exe
    Bing.com web server

    facebook.com web server


    204.79.197.200 Hacker User
    195.44.2.1

    Hacker web server


    10.0.2.16 DNS server
    Bing.com web server

    facebook.com web server


    204.79.197.200 Hacker User
    195.44.2.1 backdoor.exe

    Hacker web server


    10.0.2.16 DNS server
    HTTPS
    Problem:
    ● Data in HTTP is sent as plain text.
    ● A MITM can read and edit requests and responses.
    → not secure

    Solution:
    ● Use HTTPS.
    ● HTTPS is an adaptation of HTTP.
    ● Encrypt HTTP using TLS (Transport Layer Security) or SSL (Secure Sockets
    Layer).
    ARP Spoofing

    Hacker Req Access Point


    uest
    s
    Res
    pon
    ses
    Responses
    Requests

    Resources
    eg:internet

    Victim
    ARP Spoofing

    Hacker Req Access Point


    uest
    s
    Requests

    Resources
    eg:internet

    Victim
    ARP Spoofing

    Hacker Access Point

    HTT
    PS R
    HTTPS Re

    esp
    ons
    es
    sponses

    Resources
    eg:internet

    Victim
    ARP Spoofing
    HTT
    PS R Access Point
    Hacker equ
    ests
    HTT
    PS R
    HTTPS Re

    esp
    HTTPS Requests

    ons
    es
    sponses

    Resources
    eg:internet

    Victim
    ARP Spoofing
    HTT
    PS R Access Point
    Hacker equ
    ests
    HTT
    PS R
    HTTPS Re

    esp
    HTTPS Requests

    ons
    es
    sponses

    Resources
    eg:internet

    Victim
    ARP Spoofing With SSLstrip

    SSLstrip Req Access Point


    uest
    s
    Requests

    Resources
    eg:internet

    Victim
    ARP Spoofing With SSLstrip

    SSLstrip Access Point

    HTT
    PS R
    esp
    Response

    ons
    es

    Resources
    s

    eg:internet

    Victim
    ARP Spoofing With SSLstrip

    SSLstrip Access Point

    HTT
    PS R
    esp
    Response

    ons
    es
    Requests

    Resources
    s

    eg:internet

    Victim
    ARP Spoofing With SSLstrip
    HTT
    SSLstrip
    PS R Access Point
    equ
    ests
    HTT
    PS R
    esp
    Response

    ons
    es
    Requests

    Resources
    s

    eg:internet

    Victim
    ARP Spoofing With SSLstrip
    HTT
    SSLstrip
    PS R Access Point
    equ
    ests
    HTT
    PS R
    esp
    Response

    ons
    es
    Requests

    Resources
    s

    eg:internet

    Victim
    Python On Windows

    ● Python programs needs an interpreter to run.


    ● Most Linux distros come with a built-in python interpreter.
    ● Python can be manually installed on Windows.
    ● Allows Windows to run python programs.

    Note: this is a python interpreter not a linux emulator, if your program relies
    on Linux commands or operations only available in Linux then the program
    will not run properly.
    ARPSpoof_Detector

    ● Watch value for gateway mac in the arp table


    ○ Nice and simple, but will not detect an attack if the tool is
    executed after the attack.

    ● Analyse ‘is-at’ ARP responses:


    ○ Check if IP is gateway ip.
    ○ Check if source mac is actually the gateway’s mac.
    ○ This method will detect attacks even if the attack was launched
    before the execution of the tool.

    S-ar putea să vă placă și