Man-in-the-Middle attacks can prove to be very useful, they
allow us to do many things, such as monitoring, injection, and recon.
What Is a Man-in-the-Middle Attack?
Essentially,
a man-in-the-middle attack is when an attacker places them self between
two parties. This passes all data through the attacking system which
allows the attacker to view the victims activity and perform some useful
recon.
Before
we can do anything with a man-in-the-middle, we have to establish one.
That is what we'll build here today, so, let's get started!
Just a Heads Up
We'll
be defining functions throughout this script in order to use them
later, the order in which we define the functions is NOT the order in
which their events take place. I just wanted to clarify that before it
caused confusion.
Step 1 Importing Modules & Getting Input
The first thing we'll do in this script is import all our needed modules...
Of
these modules, the most important is scapy. This lets us craft and send
custom packets, which is what enables us to send the ARP responses.
After we import these, we'll get some simple input form the user...
Here
we've asked the user for an interface, the victim IP address, and the
router IP address. We've added an exception just in case the user
doesn't want to continue. We've also enabled IP forwarding for the user
so they don't have to do it.
Step 2 Getting MAC Addresses
In
order to properly create our ARP responses, we'll need the victim and
router MAC addresses. We can do this by making ARP requests and
returning the result...
In
the above snippet of code we send an ARP request with the destination
of the user's choice, we'll use this function later in our script.
Step 3 Re-ARPing the Targets
Once
our attack is over, we need to re-assign the target's addresses so they
know where to send their information properly. If we don't do this than
it will be very obvious that something has happened.
In
this function, we call our get-mac() function that we created earlier
to find the MAC addresses. Once we have those it'll send replies out
telling the systems where the other system is. We'll send each reply
seven times for good measure. Once we've done that we'll disable IP
forwarding for the user.
Step 4 Tricking the Targets
The next function is the simplest one, yet the most important.
This
function simply sends a single ARP reply to each of the targets telling
them that we are the other target, placing ourselves in between them.
Step 5 Putting It All Together
Finally, we put it all together for the main function of our script...
Here, we try
to get the victim and router MAC addresses, this is in case of failure.
We don't want to send packets to one and not the other, so in the case
that we can't find one of them, we disable IP forwarding and shut down
the script. If we are able to get the MAC address then we can start
sending our replies. We do this by making a while loop
and sending another set of replies every 1.5 seconds. Once the user
gives a keyboard interrupt (Control + C), we call the reARP() function
to re-assign the targets and shut the script down.
Step 6 Testing It Out
Now that have our script (Pastebin Here) we have to give it a test run to make sure it works.
Navigate
to your script and fire it up! I'll be entering "wlan0" as my desired
interface, 10.0.0.7 as the victim IP, and 10.0.0.1 as my router IP.
We can see above that we've begun to send out our replies. Let's open up wireshark and take a look at them!
We
can see here that we are successfully sending our replies, we've
officially established our man-in-the-middle! Now we just have to shut
it down and make sure the shut down function works...
We
can see that the script went off without a hitch! We we're able to
place ourselves between the targets and re-assign them once we were
done.
Step 7 Testing the Exceptions
In
a script like this, it is very import that it knows when to stop, we
need to test the exceptions to make sure they work in order to insure
that no packets get sent out by mistake. Let's test the input exception
first...
Now let's test the MAC address resolution exception...
We can give the script a faulty victim IP so it wont be able to find a
MAC address. Let's make sure it works for a faulty router IP as well...
vậy là chúng ta đã thành công
cuối cùng bạn co thể xem full code ở đây
Tác Giả là người chuyên nghiên cứu về các kỹ thuật hacking, security, marketing, là người có góc nhìn lạ và đi sâu vấn đề cũng như là một con người thẳng thắn góp ý. Nếu sử dụng bài trên blog mong các bạn dẫn lại nguồn tác giả!!! Tác Giả rất mong có sự đóng góp hội ý từ cộng đồng để cho an toàn an ninh mạng việt nam ngày càng được an toàn hơn!!
0 nhận xét:
Post a Comment