Project in Computer Security Capstone.
- Redirect victim's traffic to attacker
- MITM - ARP spoofing - requires IP, MAC.
- Encrypted sessions - sslsplit
- MITM - sslsplit - do ARP spoofing first.
- PHARM - redirect HTTP requests to a phishing web page.
HOST_IP = get_if_addr(conf.iface) # default interface
HOST_MAC = get_if_hwaddr(conf.iface) # default interface
GW_IP = conf.route.route("0.0.0.0")[2] # gateway
SUBNET = GW_IP + '/24'- Scan interfaces
scapyornetifaces- Send ARP request packets to subnet, get MAC from the answered responses.
- ARP spoofing (consider both uplink and downlink)
- Send ARP reply packets to all possible victims. (modify the below fields)
- Source MAC: Attacker MAC
- Souce IP: AP IP
- Send ARP reply packets to AP. (modify the below fields)
- Source MAC: Attacker MAC
- Source IP: Victim IP
- Send ARP reply packets to all possible victims. (modify the below fields)
- Split SSL/TLS session
- Generate RSA key and certificate by
openssl - Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1
- Set NAT rules to redirect connections to ports: 8080, 8443
sslsplitcommand
- Generate RSA key and certificate by
- Intercept username and password
- parse HTTP content (input box)
- Scan interfaces
- ARP spoofing
- In order to do DNS spoofing, we need to become the middle man first, so that we can intercept the packet and then forward it.
- DNS spoofing
- Since we have the ability to intercept and forward packets, we can modify the values in the packet when capturing it, and then forward it.
scapy+netfilterqueue- Add a rule in iptables, so that whenever a packet is forwarded, redirect it to the netfilter queue with number 0.
iptables -I FORWARD -j NFQUEUE --queue-num 0
- DNS format
- Check if the packet is in
IP + UDP + DNS + DNSRRstructure - Keep the original IP + UDP layers
- Replace the original DNS layer with self created DNS layer with only one qd + one an
- Check if the packet is in
Build mitm_attack & pharm_attack & generate key, certificate
make
Clean
make clean
Run programs
./mitm_attack
./pharm_attack