We must first run the program fragrouter. In this simple step, we will open a terminal window by clicking the icon at the bottom of the screen. When the terminal window opens, enter the following command:
fragrouter -B1
After running this command, the computer will be begin normal IP forwarding. This is what should
happen, so minimize the terminal window and continue to the next step.
Step 2 Running ARPSPOOF
Open a new shell, do not disturb the fragrouter shell, and enter the following command:
arpspoof –t victims_ip victim2_ip
In our example, we decided to place ourselves between a computer on the network, and the router. Thus, allowing us to intercept incoming and outgoing packets from our target computer. Our command looked like this:
arpspoof –t 192.168.1.104 192.168.1.1
Step3. DNSSPOOF
This is the simplest step of the procedure. Simply open a new shell and run the command:
dnsspoof
Step 4. WEBMITM
Spoofing a Certificate
This step is the heart of the attack. We will be creating a spoofed certificate that will resemble a cert that
the user would normally accept. The WEBMITM tool will then sit on the network and wait for someone to attempt to access a secure (ssl) site. As soon as that attempt is detected, WEBMITM will then send the user our fake certificate. Assuming that the user accepts the certificate, we will then have enough information to decrypt any traffic that is now intercepted.
Running WEBMITM
Once again, open a new shell. Enter the command:
webmitm -d
You will be now be prompted to enter the information that you would like to show up on the certificate if the user decides to examine it closely. It is a good idea to examine real certificates before attempting to create a spoofed one.
7. Sniffing Network Traffic with Ethereal
We will now begin to sniff the network traffic with ethereal. This will allow us to capture the encrypted traffic when a user attempts to access a secure site. After sniffing the traffic, we will use ethereal to create a dump file that can be searched for keywords such as “pass, passwd, or login” using a simple grep
command.
· Start Ethereal
· Select Capture Options
· Choose network card
· Select Start
When the user has accessed a secure site, and the attack has been successfully carried out, you may save the ethereal scan to a file. If you selected the option update packets in real time then you will begin to see a lot of HTTP, TLS, and SSL traffic as soon as the victim attempts to access a secure site. That is a queue that you can stop the ethereal scan and begin to crack the data. For test purpose continue to the next section before saving the ethereal scan.
We will now begin to sniff the network traffic with ethereal. This will allow us to capture the encrypted traffic when a user attempts to access a secure site. After sniffing the traffic, we will use ethereal to create a dump file that can be searched for keywords such as “pass, passwd, or login” using a simple grep command.
· Start Ethereal
· Select Capture Options
· Choose network card
· Select Start
When the user has accessed a secure site, and the attack has been successfully carried out, you may save the ethereal scan to a file. If you selected the option update packets in real time then you will begin to see a lot of HTTP, TLS, and SSL traffic as soon as the victim attempts to access a secure site. That is a queue that you can stop the ethereal scan and begin to crack the data. For test purpose continue to the next section before saving the ethereal scan.
8. Testing a Connection on Your Home Network
In order to test this attack It will be easy for u if u install WinXp inside your Linux box For more information Click Here , simply use another computer (in this case the victim of the attack) and attempt to access a secure site. You may note that when running nslookup of a site (gmail.com for example) you will see the attacker’s IP address instead of the real one.
A series of pictures will show the victim’s screen during this process. An additional picture was added to show the process of saving an ethereal scan.
9. Decrypting the SSL Data With SSLdump Decrypting the Data
Open a new terminal window, and run the command:
ssldump –r test_ethereal_scan –k webmitm.crt –d > out
This will decrypt the data using the spoofed certificate and the dump file we created with the results of the
ethereal scan.
10 Finding the Passwords
Last, we will grep the file that is created from SSLdump in order to find the user’s login name and password. In our example we tested gmail, we happen to know that the login name is represented as Email. So a simple grep of the string “Email” will return the results we want. In order to find the appropriate strings for other websites, you can test it on yourself and grep for your password, this will return the string of text containing the login information so that you know what to grep for the next attack.
cat out | grep Email
The results will look similar to that of the results displayed in the image below.
Posts
No comments:
Post a Comment