Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Redirecting traffic

From: Rodrigo Blanco <rodrigo.blanco.r () gmail com>
Date: Sun, 7 Aug 2005 06:07:01 -0600
Hello Andrés,

I wold say that if you ARP-spoof the client, you will be able to
perform a full man-in-the-middle attack betwee the client and the
server on Layer 2 (no layer 3 - routing, IP) changes needed.

An application like ettercap should be a good beginning for this. It
is really easy to use and you ca find plenty of doc just by googling.

Regards,
Rodrigo.

On 8/5/05, Andres Molinetti <andymolinetti () hotmail com> wrote:

I am pen-testing a client application and I 've found, analysing traffic
dumps, that it seems to connect to a hardcoded internal IP and retrieve data
from a strange port that is afterwards displayed in the application.
I want to be able to redirect that traffic to another IP in order to test it
for overflows and other issues.
I have found a way to change the default gateway of the application's host.
So I thought of setting my linux box as its gateway and using iptables to
redirect the traffic to the other IP.
I'm needing help with the building of the rules...

Thks,
Andy

_________________________________________________________________
Descubre la descarga digital con MSN Music. Más de medio millón de
canciones. http://music.msn.es/


------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------




------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: