Professional Documents
Culture Documents
Nmap / Zenmap
Victim
Resources
eg:internet
Victim MITM
Victim
IP: 10.0.2.7
B MAC: 00:11:22:33:44:55
IP: 10.0.2.6
MAC: 00:11:22:33:44:66
IP: 10.0.2.5
MAC: 00:11:22:33:44:44
AR
P
Router
Re
A My Ih spo
nse
M AC ave 1
is 0 0.0
0:1 .2.6 IP: 10.0.2.1
1:2
2:3 MAC: 00:11:22:33:44:20
3:4
4:6
6
C
IP: 10.0.2.7
B MAC: 00:11:22:33:44:55
IP: 10.0.2.6
MAC: 00:11:22:33:44:66
IP: 10.0.2.5
MAC: 00:11:22:33:44:44
Typical Network
Requ
Hacker ests Access Point
Resp
onse
s
qu ests
Re
Resources
Victim o n ses
Resp eg:internet
ARP Spoofing
Resources
eg:internet
Victim
ARP Spoofing
Resources
eg:internet
Victim
ARP Spoofing
Using arpspoof
use:
arpspoof -i [interface] -t [clientIP] [gatewayIP]
arpspoof -i [interface] -t [gatewayIP] [clientIP]
ARP Spoofing
Using Bettercap
Solution:
● Use HTTPS.
● HTTPS is an adaptation of HTTP.
● Encrypt HTTP using TLS (Transport Layer Security) or SSL (Secure Sockets
Layer).
Bypassing HTTPS
Problem:
● Most websites use HTTPS
→ Sniffed data will be encrypted.
Solution:
● Downgrade HTTPS to HTTP.
SSL Stripping
HTT
SSLstrip
PS R Access Point
equ
ests
HTT
PS R
espo
Response
nses
Requests
Resources
s
eg:internet
Victim
HSTS
Problem:
→ Modern browsers are hard-coded to only load a list of HSTS websites
over https.
Solution:
● Trick the browser into loading a different website.
Bypassing HSTS
Problem:
→ Modern browsers are hard-coded to only load a list of HSTS websites
over https.
Solution:
● Trick the browser into loading a different website.
→ Replace all links for HSTS websites with similar links
Ex:
facebook.com → facebook.corn
Twitter.com → twiter.com
DNS Spoofing
● DNS → Domain Name System.
● Translates domain names to IP addresses.
● Eg: links www.google.com to the IP of Google’s server.
204.79.197.200
bing.com A
195.44.2.1
facebook.com A
zsecurity.org A 104.27.153.174
……..etc
live.com
live.com web server
Resources
eg:internet
Victim
Bettercap
Code Injection
● Web interface:
○ More user-friendly.
○ Requires more resources.
○ And more modules.
Creating a Fake Access Point
Using Mana-Toolkit
Resources
eg:internet
Victim
Typical Network
Client 1 Reque
sts
Respo
nses
s
Request
Access Point
Client 2 es internet
Respons s
u est
R eq
n ses
o
sp
Client 3 Re
Creating a Fake Access Point
Client 1 Reque
sts
Respo
nses
s
Request
Hacker
Client 2 es
Respons
e sts internet
e qu
R
n ses
o
sp
Client 3 Re
Creating a Fake Access Point
Hacker
internet
Creating a Fake Access Point
Hacker
internet
MITM Attacks
Detection & Prevention
Detection:
1. Analysing arp tables.
2. Using tools such as Xarp.
3. Using Wireshark.
MITM Attacks
Detection & Prevention
Detection:
1. Analysing arp tables.
2. Using tools such as Xarp.
3. Using Wireshark.
Problems:
1. Detection is not the same as prevention.
2. Only works for ARP Spoofing.
MITM Attacks
Detection & Prevention
Detection:
1. Analysing arp tables.
2. Using tools such as Xarp.
3. Using Wireshark.
Problems:
1. Detection is not the same as prevention.
2. Only works for ARP Spoofing.
Solution:
—> Encrypt traffic.
● HTTPS everywhere plugin.
● Using a VPN.
MITM Attacks
Prevention
Pros Cons
HTTPS Everywhere
- Encrypts everything.
+ - Not free
VPN - Protects from all MITM attacks.
MITM Attacks
Prevention
VPN - Virtual Private Network
User
Google.com
User
www.google.com
www.google.com
User
www.google.com
www.google.com
ASDW(£UFJ!DKHV
User
www.google.com
www.google.com
ASDW(£UFJ!DKHV
User
Google.com
User
Internet
Benefits:
● Extra layer of encryption.
● More privacy & anonymity.
● Bypass censorship.
● Protection from hackers.
User
Internet
Benefits:
● Extra layer of encryption.
● More privacy & anonymity.
● Bypass censorship.
● Protection from hackers.
User
Internet
Notes:
● Use reputable VPN.
User
Internet
Notes:
● Use reputable VPN.
● Avoid free providers.
User
Internet
Notes:
● Use reputable VPN.
● Avoid free providers.
● Make sure they keep no logs.
VPN encryption
TLS
+ TLS
User
Internet
Notes:
● Use reputable VPN.
● Avoid free providers.
● Make sure they keep no logs.
● Use HTTPS everywhere.
VPN encryption
TLS
+ TLS
User
Internet
Notes:
● Use reputable VPN.
● Avoid free providers.
● Make sure they keep no logs.
● Use HTTPS everywhere.
● Optional - pay with crypto.