Security Basics mailing list archives
Re: Man in the middle: get packets that are destined for other ethernet card
From: "Saif El Sherei" <SSherei () npcegypt com>
Date: Fri, 26 Nov 2010 23:36:45 +0200
I think ettercap can achieve this utilizing dns spoofing it can apply certain filters to change certain data strings into another. For example u can dns spoof google.com from victim to gateway to your attacking web server which contain "hello world" string. And apply filters to change "hello" to "bye" so when the victim request google.com he will be redirected to your page and any data containing string "hello" would be displayed to victim as "bye" Hope this helped. Regards, Saif OSCP Sent from my iPhone On Nov 26, 2010, at 9:23 PM, "Gary Golden" <mail () garygolden me> wrote:
Are you sure that your rule which catchs A<->C packets is in PREROUTING table? --- Gary Golden On 11/25/2010 03:15 AM, here we go wrote:Hello. Currently I'm learning packet capturing/modification/ crafting in my home network and I've got a little problem with active man in the middle attack with data modification. I will explain everything in steps and by giving an real-life examples because I want to avoid misunderstandings. In my home network there are 3 hosts with 3 ethernet cards (working with switch): host A - 192.168.1.1 host B - 192.168.1.2 host C - 192.168.1.3 Host A wants to communicate with C, but host B want to intercept traffic and modify packets. Scheme: 1. Host B activates kernel's ip_forwarding. 2. Host B ARP poisons host A, so that A thinks that B is C. 3. Host B ARP poisons host C, so that C thinks that B is A (afer doing that host B is in the middle of the communication between A and C, the unencrypted packets can be seen by using sniffer). 4. Host B doesn't want only to sniff data, he wants to DROP packets or modify them and then send to the original destination host, so he uses iptables with appropriate options to send specific packets to the QUEUE (NFQUEUE mechanisms to be more precise). He fires up the program that he has written to modify/drop/accept packets waiting in the NFQUEUE. And here is the problem, because it all works but only when packets are destined directly for host B. Example: 1) Packet A->B - works fine, goes to NFQUEUE and can be modified by the program. 2) Packet C->B - as above. 3) Packet A->C (to be specific A->B->C, because we have to remember that B is the middleman) - iptables does not work, packet doesn't go to the NFQUEUE, because it is destined for host C. 4) Packet C->A (C->B->A) - as above. What am I trying to do? For i.e.: 1. A sends packet to C 2. B captures the packet which goes to the NFQUEUE. 3. Running program makes all modifications and then packet from NFQUEUE is transmitted to host C (note that the packet data is modified and then packet leaves the queue and goes to C, B is not sending the packet!). 4. Host C gets the packet with modified data and thinks that it's the data that A send him. How can I achieve that? Is there a way to force B to receive all packets? How can B activly take part in transmission and decide which packet from A send to C and which not? I would appreciate ideas and clues what to use to achieve that. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Man in the middle: get packets that are destined for other ethernet card here we go (Nov 26)
- Re: Man in the middle: get packets that are destined for other ethernet card Gary Golden (Nov 26)
- Re: Man in the middle: get packets that are destined for other ethernet card Saif El Sherei (Nov 26)
- Re: Man in the middle: get packets that are destined for other ethernet card Gary Golden (Nov 26)