Author Topic: Question about MITM Attack.  (Read 1163 times)

0 Members and 1 Guest are viewing this topic.

Offline FurqanHanif

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -6
    • View Profile
Question about MITM Attack.
« on: April 19, 2015, 11:13:27 am »
i have a question about MITM attack (or Whatever This attack is Called).
Let's say i am connected to a Router and three more users are connected to it, router address is 192.168.0.1. Now i don't know the Login Credentials of the Router , so i use Ettercap and Some DNS poisoning etc Stuff and i do attack on an User "A" , now whenever User "A" type www.google.com it auto redirects to original Router Page whose address is 192.168.0.1 , now User type it's Login User and Pass (Because Router Page Not Using HTTPS so it's easy to Read data in PlainText) , now  i am using Wireshark to read all Trafic and Filter all Requests related to 192.168.0.1 and i get the user name and Pass.
So is this Possible ?? if yes Then How i do it ?? if NO then Why ??
Thanks in advance..  :)

Offline Display

  • NULL
  • Posts: 3
  • Cookies: 0
    • View Profile
Re: Question about MITM Attack.
« Reply #1 on: April 19, 2015, 12:12:34 pm »
You can easily do it on an android phone with the help of Zanti (a mobile pentesting app). You scan the whole network and then it shows you all the connected devices, tap on the one you want and then a new screen comes up with more options like running a script, connecting to a remote port on the target, shell shock, SSL poodle and for the one that your looking for MITM you get Lots of ways to play with anyone you would like to hit with just a click of a few buttons. Go to MITM and turn on SSL strip if the target is visiting a secured site but since you want to go for the router i doubt you'll be needing that. Now that you're done with that the next thing you want to do is turn MITM on it should be on the top right side on your screen then go to logged requests here is where you get live traffic of your target whenever the target visits a site and logs in the login credentials are displayed you can either jack that logged in session or just copy the username and password and login to the router manually.

Sent from my SM-N910F using Tapatalk
« Last Edit: April 19, 2015, 12:37:44 pm by Display »

Offline FurqanHanif

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -6
    • View Profile
Re: Question about MITM Attack.
« Reply #2 on: April 19, 2015, 01:38:25 pm »
Thanks for Your Reply But I don't Have an Android For real ...   :(
And Please Read My Post Carefully ...  :)
« Last Edit: April 19, 2015, 01:39:45 pm by FurqanHanif »

Offline ThePH30N1X

  • Peasant
  • *
  • Posts: 50
  • Cookies: 18
  • Java Programmer
    • View Profile
Re: Question about MITM Attack.
« Reply #3 on: April 19, 2015, 02:43:44 pm »
The most common MITM attack is performed via ARP spoofing. Go read up on the ARP protocol and you should instantly realize its security flaws. While you're learning you should refrain from using prewritten tools, instead try writing the exploit yourself in a language like Python. Python has the Scapy library that allows you to forge packets, and can also be used from the CLI (interactive Python interpreter).

Offline FurqanHanif

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -6
    • View Profile
Re: Question about MITM Attack.
« Reply #4 on: April 19, 2015, 04:12:01 pm »
Still Unexplained , How i Implement The above example in Real World?? i Don't Think only Learning ARP Spoofing Solve This.  :-\ And of course i 'm gonna Use Already made Tools , so no need for Python Explaination. :)

Offline Display

  • NULL
  • Posts: 3
  • Cookies: 0
    • View Profile
Re: Question about MITM Attack.
« Reply #5 on: April 19, 2015, 07:58:24 pm »
And Please Read My Post Carefully ...  :)


I knew that but i was just tipping you of hoping you had an android device. BTW use google as it is the gateway to the internet goodies :p here this should help you http://www.thegeekstuff.com/2012/05/ettercap-tutorial/
« Last Edit: April 19, 2015, 08:09:41 pm by Display »