Penetration Testing mailing list archives
Re: ssh mitm at the router
From: Terry Vernon <tvernon24 () comcast net>
Date: Fri, 29 Jul 2005 09:43:07 -0500
Quoted from my own lips:gre_relay runs only in offensive mode which disables kernel routing which breaks the router.
Problem not solved. Terry Vernon CTO Sprite Technologies Andres Riancho wrote:
Quoted from ettercap documentation: gre_relay This plugin can be used to sniff GRE-redirected remote traffic. The basic idea is to create a GRE tunnel that sends all the traffic on a router interface to the ettercap machine. The plugin will send back the GRE packets to the router, after ettercap "manipulation" (you can use "active" plugins such as smb_down, ssh decryption, filters, etc... on redirected traffic) It needs a "fake" host where the traffic has to be redirected to (to avoid kernel's responses). The "fake" IP will be the tunnel endpoint. Gre_relay plugin will impersonate the "fake" host. To find an unused IP address for the "fake" host you can use find_ip plugin. Based on the original Tunnelx technique by Anthony C. Zboralski published in http://www.phrack.org/show.php?p=56&a=10 by HERT.When you create a GRE tunnel , you can redirect specific traffic. So, your problem is solved.Terry Vernon wrote:We have a client who wants to intercept ssh and ssl transmissions and sniff them going across their routers on their WAN. I've looked at ettercap, sshmitm, and ssharp and neither are suitable for this job. Is there anything out there that proxies these encrypted protocols and does a mitm without arp poisoning?Terry Vernon CTO Sprite Technologies
Current thread:
- list of address that you don't want to scan First Last (Jul 17)
- Re: list of address that you don't want to scan Jay D. Dyson (Jul 17)
- Re: list of address that you don't want to scan plug (Jul 18)
- Re: list of address that you don't want to scan H D Moore (Jul 18)
- ssh mitm at the router Terry Vernon (Jul 24)
- Re: ssh mitm at the router Andres Riancho (Jul 25)
- Re: ssh mitm at the router Terry Vernon (Jul 29)
- Re: ssh mitm at the router Andres Riancho (Jul 25)
- <Possible follow-ups>
- RE: list of address that you don't want to scan Lars Troen (Jul 17)
- Re: list of address that you don't want to scan Wes Young (Jul 18)
- Re: list of address that you don't want to scan Jay D. Dyson (Jul 17)