Professional Documents
Culture Documents
ﭘﻮﻳﺎ ﺩﺍﻧﺸﻤﻨﺪ
ﻓﻬﺮﺳﺖ:
ﺭﻭﺵ ﻫﺎﯼ ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ۱۱ ............................................................................................................................ ARP
ﻣﻘﺪﻣﻪ ﺑﺮ :MITM
ﺗﻮﺳﻂ ﺣﻤﻼﺕ Man-in-the-middleﻛﻪ ﺑﻪ ﺍﺧﺘﺼﺎﺭ MITMﻭ ﺑﻪ ﻓﺎﺭﺳﻲ ﺣﻤﻠﻪ ﻣﺮﺩﻱ ﺩﺭ ﻣﻴﺎﻥ ﺧﻮﺍﻧﺪﻩ ﻣﻲ ﺷﻮﺩ ﺍﻣﻜﺎﻥ
ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻭ ﺗﺠﺴﺲ ﺑﺮ ﺍﻃﻼﻋﺎﺕ ﺭﺩ ﻭ ﺑﺪﻝ ﺷﺪﻩ ﺑﻴﻦ ﺩﻭ ﺳﻴﺴﺘﻢ ﻣﻴﺴﺮ ﻣﻲ ﮔﺮﺩﺩ .ﺑﺮﺍﻱ ﻧﻤﻮﻧﻪ ﻫﻨﮕﺎﻡ ﻣﺒﺎﺩﻟﻪ ﺍﻃﻼﻋﺎﺕ ﺍﺯ
ﻧﻮﻉ ،HTTPﻫﺪﻑ ﺣﻤﻠﻪ ،ﺍﺭﺗﺒﺎﻁ TCPﻣﻴﺎﻥ ﻛﺎﺭﺑﺮ ﻭ ﺳﺮﻭﺭ ﺍﺳﺖ .ﺷﺨﺺ ﻣﻬﺎﺟﻢ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﻣﺨﺘﻠﻒ ،ﺍﺭﺗﺒﺎﻁ TCP
ﺍﺻﻠﻲ ﺭﺍ ﺑﻪ ﺩﻭ ﺍﺭﺗﺒﺎﻁ ﺟﺪﻳﺪ ﺗﻘﺴﻴﻢ ﻣﻲ ﻛﻨﺪ.
ﻫﻤﺎﻥ ﻃﻮﺭ ﻛﻪ ﺩﺭ ﺗﺼﻮﻳﺮ ۱ﻣﺸﺨﺺ ﺍﺳﺖ ،ﺍﻳﻦ ﺩﻭ ﺍﺭﺗﺒﺎﻁ ﺷﺎﻣﻞ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﻭ ﮐﺎﺭﺑﺮ ﻭ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ ﺣﻤﻠﻪ
ﮐﻨﻨﺪﻩ ﻭ ﺳﺮﻭﺭ ﻣﻲ ﺑﺎﺷﺪ .ﻫﻨﮕﺎﻣﻴﮑﻪ ﺍﺭﺗﺒﺎﻁ TCPﺭﺩﻳﺎﺑﯽ ﺷﺪ ،ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﺑﻪ ﻋﻨﻮﺍﻥ ﻳﮏ ﻓﻴﻠﺘﺮ ﮐﻪ ﻗﺎﺩﺭ ﺑﻪ ﺧﻮﺍﻧﺪﻥ،
ﺗﻐﻴﻴﺮ ﻭ ﺍﺿﺎﻓﻪ ﮐﺮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺍﺳﺖ ﻋﻤﻞ ﻣﻲ ﻛﻨﺪ.
ﺍﺯ ﺁﻧﺠﺎﻳﯽ ﮐﻪ ﺑﺮﻧﺎﻣﻪ ﻫﺎﯼ httpﻭ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩﻩ ﺑﺮ ﭘﺎﻳﻪ ASCIIﻃﺮﺍﺣﯽ ﺷﺪﻩ ﺍﻧﺪ ،ﺣﻤﻼﺕ MITMﻣﯽ ﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﻣﺆﺛﺮ ﺑﺎﺷﺪ.
ﺗﻮﺳﻂ ﺍﻳﻦ ﺣﻤﻼﺕ ،ﺍﻣﮑﺎﻥ ﻣﺸﺎﻫﺪﻩ ﻳﺎ ﺟﻤﻊ ﺁﻭﺭﯼ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ httpﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻃﻼﻋﺎﺕ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺑﺮﺍﺣﺘﻲ ﻣﻴﺴﺮ
ﻣﻲ ﺷﻮﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ،ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﺩﺭ ﺷﮑﻞ ۲ﻣﺸﺨﺺ ﺍﺳﺖ ،ﻭﻗﺘﯽ ﺑﺘﻮﺍﻥ ﻳﮏ ﮐﻮﮐﯽ sessionﺭﺍ ﮐﻪ ﺩﺭ ﺣﺎﻝ ﺧﻮﺍﻧﺪﻥ
ﺍﻃﻼﻋﺎﺕ httpﻣﯽ ﺑﺎﺷﺪ ﮐﻨﺘﺮﻝ ﮐﺮﺩ ،ﭘﺲ ﺍﻳﻦ ﺍﻣﮑﺎﻥ ﻧﻴ ﺰ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﮐﻪ ﻣﺜﻼﹰ ﻋﺪﺩ ﻣﺮﺑﻮﻁ ﺑﻪ ﻣﻘﺪﺍﺭ ﭘﻮﻝ ﺭﺍ ﺩﺭ
ﺑﺮﻧﺎﻣﺔ ﺗﺮﺍﮐﻨﺶ ﺗﻐﻴﻴﺮ ﺩﺍﺩ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺷﮑﻞ .۲ﻧﻤﻮﻧﻪ ﺗﺼﻮﻳﺮﯼ ﻳﮏ ﺑﺴﺘﺔ httpﮐﻪ ﺗﻮﺳﻂ Paros Proxyﺭﺩﻳﺎﺑﻲ ﺷﺪﻩ ﺍﺳﺖ
ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺵ ﻫﺎﯼ ﻣﺸﺎﺑﻪ ،ﻣﯽ ﺗﻮﺍﻥ ﺍﻗﺪﺍﻡ ﺑﻪ ﺣﻤﻠﺔ MITMﺑﻪ ﺍﺭﺗﺒﺎﻃﺎﺕ httpsﻧﻤﻮﺩ .ﺗﻨﻬﺎ ﺗﻔﺎﻭﺕ ﺍﻳﻦ ﺣﻤﻠﻪ ،ﺩﺭ ﻧﺤﻮﻩ
ﺑﺮﻗﺮﺍﺭﯼ ﺩﻭ SSL sessionﻣﺴﺘﻘﻞ ﺩﺭ ﺩﻭﺳﺮ ﺍﺭﺗﺒﺎﻁ TCPﻣﯽ ﺑﺎﺷﺪ .ﺩﺭ ﺍﻳﻦ ﺣﺎﻟﺖ ،ﻣﺮﻭﺭﮔﺮ ﺍﻳﻨﺘﺮﻧﺖ ﻳﮏ ﺍﺭﺗﺒﺎﻁ SSLﺑﺎ ﻓﺮﺩ
ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﺍﻳ ﺠﺎﺩ ﻧﻤﻮﺩﻩ ﻭ ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﻧﻴﺰ ﻳﮏ ﺍﺭﺗﺒﺎﻁ SSLﺩﻳﮕﺮ ﺑﺎ ﺳﺮﻭﺭ ﺑﺮﻗﺮﺍﺭ ﻣﯽ ﻧﻤﺎﻳﺪ.
ﺩﺭ ﺍﻳﻦ ﻫﻨﮕﺎﻡ ،ﻣﻌﻤﻮﻻﹰ ﻣﺮﻭﺭﮔﺮ ﺍﻳﻨﺘﺮﻧﺖ ﻳﮏ ﭘﻴﻐﺎﻡ ﻫﺸﺪﺍﺭ ﺩﻫﻨﺪﻩ ﺑﺮﺍﯼ ﮐﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ ﻣﯽ ﮐﻨﺪ ﻭﻟﯽ ﮐﺎﺭﺑﺮ ﺑﻪ ﻋﻠﺖ ﻋﺪﻡ ﺁﮔﺎﻫﯽ
ﺍﺯ ﻭﺟﻮﺩ ﺗﻬﺪﻳﺪ ،ﺍﻳﻦ ﭘﻴﻐﺎﻡ ﺭﺍ ﻧﺎﺩﻳﺪﻩ ﻣﯽ ﮔﻴﺮﺩ .ﺩﺭ ﺑﺮﺧﯽ ﻣﻮﺍﺭﺩ ﺍﻣﮑﺎﻥ ﺩﺍﺭﺩ ﭘﻴﻐﺎﻡ ﻫﺸﺪﺍﺭ ﺑﺮﺍﯼ ﮐﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ ﻧﮕﺮﺩﺩ .ﺑﻪ ﻋﻨﻮﺍﻥ
ﻣﺜﺎﻝ ،ﻫﻨﮕﺎﻣﻲ ﮐﻪ ﺗﺄﻳﻴ ﺪﻩ ﺳﺮﻭﺭ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ ﻳﺎ ﺩﺭ ﺷﺮﺍﻳﻄﯽ ﮐﻪ ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﻳﮏ CA
ﻣﻌﺘﻤﺪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ ﮐﻪ CNﺁﻥ ﻫﻤﺎﻥ CNﻭﺏ ﺳﺎﻳﺖ ﺍﺻﻠﯽ ﺑﺎﺷﺪ.
ﺣﻤﻼﺕ MITMﻓﻘﻂ ﺑﻪ ﻣﻨﻈﻮﺭ ﺣﻤﻠﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﻫﺎ ﺩﺭ ﺷﺒﮑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﯽ ﺷﻮﻧﺪ ،ﻣﻌﻤﻮﻻﹰ ﺍﺯ ﺍﻳﻦ ﺣﻤﻼﺕ ﻫﻨﮕﺎﻡ ﺍﺟﺮﺍﯼ ﻳﮏ
ﺑﺮﻧﺎﻣﺔ ﺷﺒﮑﻪ ﻳﺎ ﺩﺭ ﺟﻬﺖ ﮐﻤﮏ ﺑﻪ ﺁﺳﻴﺐ ﭘﺬﻳﺮ ﻧﻤﻮﺩﻥ ﺷﺒﮑﻪ ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮔﺮﺩﺩ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺍﻳﻦ ﺭﻭﺵ )ﮐﻪ ﮔﺎﻫﯽ ﺑﺎ ﻧﺎﻡ ﺭﺩﻳﺎﺑﯽ ﺳﻤﯽ ARPﺷﻨﺎﺧﺘﻪ ﻣﯽ ﺷﻮﺩ( ﺑﻪ ﻋﻨﻮﺍﻥ ﻳﮑﯽ ﺍﺯ ﻗﺪﻳﻤﯽ ﺗﺮﻳﻦ ﺭﻭﺵ ﻫﺎﯼ ﺣﻤﻼﺕ ﻣﺪﺭﻥ
MITMﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ ﺍﺳﺖ .ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ ﺑﻪ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﺍﺟﺎﺯﻩ ﺩﺍﺩﻩ ﻣﯽ ﺷﻮﺩ ﺗﺎ ﺩﺭ ﻫﻤﺎﻥ ﺯﻳﺮ ﺷﺒﮑﻪ ﺍﯼ ﮐﻪ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺩﺭ ﺁﻥ
ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﺑﻪ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻭ ﺗﺠﺴﺲ ﺑﺮ ﺗﻤﺎﻣﯽ ﺍﻃﻼﻋﺎﺕ ﺭﺩﻭﺑﺪﻝ ﺷﺪﻩ ﺑﻴﻦ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺑﭙﺮﺩﺍﺯﺩ ،ﺍﻳﻦ ﺣﻤﻠﻪ ﻳﮑﯽ ﺍﺯ ﺁﺳﺎﻧﺘﺮﻳﻦ ﻭ
ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﻣﺆﺛﺮﺗﺮﻳﻦ ﺭﻭﺵ ﻫﺎﯼ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺣﻤﻠﻪ ﮐﻨﻨﺪﮔﺎﻥ ﺍﺳﺖ.
ﻋﻠیﺮﻏﻢ ﺍﻳﻨﮑﻪ ﻧﻴﺎﺯﯼ ﺑﻪ ﺍﺑﺪﺍﻉ ﺳﻴﺴﺘﻢ ARPﺍﺣﺴﺎﺱ ﻧﻤﯽ ﺷﺪ ،ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﺟﻬﺖ ﺗﺴﻬﻴﻞ ﺩﺭ ﻓﺮﺍﻳﻨﺪ ﺗﺮﺟﻤﻪ ﺁﺩﺭﺱ ﻫﺎﯼ
ﻣﻮﺟﻮﺩ ﺩﺭ ﻣﻴﺎﻥ ﻻﻳﻪ ﻫﺎﯼ ﺩﻭﻡ ﻭ ﺳﻮﻡ ﻣﺪﻝ OSIﻃﺮﺍﺣﯽ ﺷﺪ .ﻻﻳﺔ ﺩﻭﻡ ﻳﺎ ﻫﻤﺎﻥ ﻻﻳﻪ ﺍﺗﺼﺎﻝ ﺩﺍﺩﻩ ،ﺍﺯ ﺁﺩﺭﺱ ﻫﺎﯼ MAC
ﺟﻬﺖ ﺍﻣﮑﺎﻥ ﺑﺮﻗﺮﺍﺭﯼ ﺍﺭﺗﺒﺎﻁ ﻣﺴﺘﻘﻴﻢ ﺑﻴﻦ ﺩﺳﺘﮕﺎﻩ ﻫﺎﯼ ﺳﺨﺖ ﺍﻓﺰﺍﺭﯼ ﺩﺭ ﻣﻘﻴﺎﺱ ﮐﻮﭼﮏ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﺪ .ﻻﻳﺔ ﺳﻮﻡ ﻳﺎ
ﻻﻳﻪ ﺷﺒﮑﻪ ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﻗﻊ ﺍﺯ ﺁﺩﺭﺱ ﻫﺎﯼ IPﺟﻬﺖ ﺍﻳﺠﺎﺩ ﺷﺒﮑﻪ ﻫﺎﯼ ﻣﻘﻴﺎﺱ ﺯﺩﻧﯽ ﺑﺎ ﻗﺎﺑﻠﻴﺖ ﺍﺭﺗﺒﺎﻁ ﺟﻬﺎﻧﯽ ﺍﺳﺘﻔﺎﺩﻩ
ﻣﯽ ﻧﻤﺎﻳﺪ .ﻻﻳﺔ ﺍﺗﺼﺎﻝ ﺩﺍﺩﻩ ﺑﺎ ﺩﺳﺘﮕﺎﻩ ﻫﺎﻳﯽ ﮐﻪ ﻣﺴﺘﻘﻴﻤﺎﹰ ﺑﻪ ﻳﮑﺪﻳﮕﺮ ﻣﺘﺼﻞ ﻫﺴﺘﻨﺪ ﺳﺮﻭﮐﺎﺭ ﺩﺍﺭﺩ .ﺩﺭ ﺣﺎﻟﻴﮑﻪ ،ﻻﻳﺔ ﺷﺒﮑﻪ ﺑﺎ
ﺩﺳﺘﮕﺎﻩ ﻫﺎﻳﯽ ﺳﺮﻭ ﮐﺎﺭ ﺩﺍﺭﺩ ﮐﻪ ﺑﻄﻮﺭ ﻣﺴﺘﻘﻴﻢ ﻭ ﻏﻴﺮ ﻣﺴﺘﻘﻴﻢ ﺑﻪ ﻳﮑﺪﻳﮕﺮ ﻣﺘﺼﻞ ﺷﺪﻩ ﺍﻧﺪ .ﻫﺮ ﻻﻳﻪ ﻓﺮﻡ ﺁﺩﺭﺳﯽ ﻣﺨﺼﻮﺹ ﺑﻪ
ﺧﻮﺩ ﺭﺍ ﺩﺍﺷﺘﻪ ﻭ ﺑﺮﺍﯼ ﺑﺮﻗﺮﺍﺭﯼ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﺒﮑﻪ ﻻﺯﻡ ﺍﺳﺖ ﺗﻤﺎﻣﯽ ﺍﻳﻦ ﻻﻳﻪ ﻫﺎ ﺑﻪ ﻫﻤﺮﺍﻩ ﻳﮑﺪﻳﮕﺮ ﻋﻤﻞ ﮐﻨﻨﺪ .ﺍﻳﻦ ﺣﻘﻴﻘﺖ،
ﭘﺎﺳﺦ ﻣﺤﮑﻤﯽ ﺑﺮﺍﯼ ﺍﻳﻦ ﺳﻮﺍﻝ ﺍﺳﺖ ﮐﻪ ﭼﺮﺍ ARPﻫﻤﻴﺸﻪ ﺑﻪ ﻫﻤﺮﺍﻩ RFC 826ﮐﻪ ﻳﮏ ﺳﻴﺴﺘﻢ ﺭﺯﻭﻟﻮﺷﻦ ﺑﺎ ﺁﺩﺭﺱ ﺩﺍﺧﻠﯽ
ﺍﺳﺖ ،ﺳﺎﺧﺘﻪ ﻣﯽ ﺷﻮﺩ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﻋﻤﻠﮑﺮﺩ ﺯﻳﺮﮐﺎﻧﺔ ARPﺣﻮﻝ ﺩﻭ ﺩﺳﺘﻪ ﮐﻠﯽ ﻣﺘﻤﺮﮐﺰ ﺷﺪﻩ ﺍﺳﺖ :ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ ARPﻭ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ .ARPﺍﻫﺪﺍﻑ ﺍﻳﻦ
ﺩﺳﺘﻪ ﻫﺎ ،ﭘﻴﺪﺍ ﮐﺮﺩﻥ ﻣﮑﺎﻥ ﺁﺩﺭﺱ ﻫﺎﯼ MACﻣﯽ ﺑﺎﺷﺪ ﮐﻪ ﺍﻳﻦ ﺁﺩﺭﺱ ﻫﺎ ،ﺑﺎ ﺁﺩﺭﺱ IPﺩﺍﺩﻩ ﺷﺪﻩ ﺗﺮﮐﻴﺐ ﺷﺪﻩ ﺍﻧﺪ .ﻳﺎﻓﺘﻦ
ﻣﮑﺎﻥ ﺁﺩﺭﺱ ﻫﺎﯼ MACﺑﺎﻳﺪ ﻃﻮﺭﯼ ﺻﻮﺭﺕ ﭘﺬﻳﺮﺩ ﮐﻪ ﺩﺭ ﻣﺴﻴﺮ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩﻩ ﻫﺎ ﺩﺭ ﺷﺒﮑﻪ ﺧﻠﻠﯽ ﻭﺍﺭﺩ ﻧﺸﻮﺩ .ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ
ﺑﻪ ﺗﻤﺎﻣﯽ ﺩﺳﺘﮕﺎﻩ ﻫﺎﯼ ﺷﺒﮑﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩ ﻭ ﺣﺎﻭﯼ ﺍﻳﻦ ﭘﻴﺎﻡ ﺍﺳﺖ "" :ﺁﻫﺎﯼ ،ﺁﺩﺭﺱ IPﻣﻦ XX:XX:XX:XXﻭ ﺁﺩﺭﺱ
MACﻣﻦ XX:XX:XX:XX:XX:XXﺍﺳﺖ .ﻣﻦ ﺑﺎﻳﺪ ﻣﻄﻠﺒﯽ ﺭﺍ ﺑﺮﺍﯼ ﺷﺨﺼﯽ ﮐﻪ ﺩﺍﺭﺍﯼ XX.XX.XX.XX IPﻣﯽ ﺑﺎﺷﺪ ﺍﺭﺳﺎﻝ ﮐﻨﻢ
ﻭﻟﯽ ﺁﺩﺭﺱ ﺳﺨﺖ ﺍﻓﺰﺍﺭﯼ ﺁﻥ ﺷﺨﺺ ﺭﺍ ﻧﻤﯽ ﺩﺍﻧﻢ .ﺁﻳﺎ ﺍﻣﮑﺎﻥ ﺩﺍﺭﺩ ﮐﺴﯽ ﮐﻪ ﺍﻳﻦ ﺁﺩﺭﺱ IPﺭﺍ ﺩﺍﺭﺩ ،ﺑﺎ ﺍﻋﻼﻡ ﺁﺩﺭﺱ MAC
ﺧﻮﺩ ،ﺑﻪ ﻣﻦ ﭘﺎﺳﺦ ﺩﻫﺪ؟"" .ﭘﺎﺳﺦ ﺍﺯ ﻃﺮﻳﻖ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ARPﺍﻋﻼﻡ ﺷﺪﻩ ﻭ ﺣﺎﻭﯼ ﺍﻳﻦ ﻣﺘﻦ ﺍﺳﺖ "" :ﺁﻫﺎﯼ ﺳﻴﺴﺘﻢ ﺍﻧﺘﻘﺎﻝ،
ﻣﻦ ﻫﻤﺎﻥ ﺷﺨﺼﯽ ﻫﺴﺘﻢ ﮐﻪ ﺗﻮ ﺑﻪ ﺩﻧﺒﺎﻝ ﺁﻥ ﻣﯽ ﮔﺮﺩﯼ ﻭ ﺁﺩﺭﺱ IPﻣﻦ ﺍﻳﻦ ﺍﺳﺖ XX.XX.XX.XX :ﻭ ﺁﺩﺭﺱ MACﻣﻦ ﻫﻢ:
.""XX:XX:XX:XX:XX:XXﺑﻪ ﻣﺤﺾ ﺍﻳﻨﮑﻪ ﺍﻳﻦ ﺭﻭﻧﺪ ﺗﮑﻤﻴﻞ ﺷﺪ ،ﺩﺳﺘﮕﺎﻩ ﺍﻧﺘﻘﺎﻝ ﺟﺪﻭﻝ ﺣﺎﻓﻈﺔ ﮐﺶ ARDﺧﻮﺩ ﺭﺍ ﺑﻪ ﺭﻭﺯ ﮐﺮﺩﻩ
ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ،ﻫﺮ ﺩﻭ ﺩﺳﺘﮕﺎﻩ ﻗﺎﺩﺭ ﺑﻪ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﻳﮑﺪﻳﮕﺮ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ.
ﺭﻭﺵ ﺣﻤﻠﻪ ﺍﺯ ﻃﺮﻳﻖ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ،ARPﺍﺯ ﻃﺒﻴﻌﺖ ﻧﺎ ﺍﻣﻦ ﺳﻴ ﺴﺘﻢ ARPﺑﻬﺮﻩ ﻣﯽ ﺟﻮﻳﺪ .ﺑﺮ ﺧﻼﻑ ﺳﻴﺴﺘﻢ
ﻫﺎﻳﯽ ﻧﻈﻴﺮ DNSﮐﻪ ﺑﻪ ﻧﺤﻮﯼ ﻃﺮﺍﺣﯽ ﻣﯽ ﺷﻮﻧﺪ ﮐﻪ ﺗﻨﻬﺎ ﺩﺍﺭﺍﯼ ﻗﺎﺑﻠﻴﺖ ﺑﻪ ﺭﻭﺯ ﺷﻮﻧﺪﮔﯽ ﺩﻳﻨﺎﻣﻴﮑﯽ ﺍﻣﻦ ﻫﺴﺘﻨﺪ ،ﺩﺳﺘﮕﺎﻩ
ﻫﺎﻳﯽ ﮐﻪ ﺍﺯ ARPﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻨﺪ ،ﻣﯽ ﺗﻮﺍﻧﻨﺪ ﺩﺭ ﻫﺮ ﺯﻣﺎﻧﯽ ﺑﻪ ﺭﻭﺯ ﺷﻮﻧﺪ .ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﯽ ﺍﺳﺖ ﮐﻪ ﻫﺮ ﺩﺳﺘﮕﺎﻫﯽ ﺩﺭ ﺷﺒﮑﻪ
ﻣﯽ ﺗﻮﺍﻧﺪ ﻳﮏ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ARPﺑﻪ ﻣﻴﺰﺑﺎﻥ ﻓﺮﺳﺘﺎﺩﻩ ﻭ ﺁﻥ ﺭﺍ ﻣﺠﺒﻮﺭ ﻧﻤﺎﻳﺪ ﺗﺎ ﺣﺎﻓﻈﺔ ﮐﺶ ARPﺧﻮﺩ ﺭﺍ ﻣﻄﺎﺑﻖ ﺑﺎ ﻣﻘﺎﺩﻳﺮ
ﺟﺪﻳﺪ ﺑﻪ ﺭﻭﺯ ﻧﻤﺎﻳﺪ .ﺍﺭﺳﺎﻝ ﻳﮏ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ARPﺑﺪﻭﻥ ﺍﻳﻨﮑﻪ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ ،ﻓﺮﺳﺘﺎﺩﻩ ﺑﻼﻋﻮﺽ ARP
ﻧﺎﻣﻴﺪﻩ ﻣﯽ ﺷﻮﺩ .ﻫﻨﮕﺎﻣﻴﮑﻪ ﻧﻴﺖ ﺳﻮﺋﯽ ﺗﻮﺳﻂ ﺣﻤﻠﻪ ﮐﻨﻨﺪﮔﺎﻥ ﺩﺭ ﺣﺎﻝ ﭘﻴﮕﻴﺮﯼ ﺑﺎﺷﺪ ،ﺍﺭﺳﺎﻝ ﭼﻨﺪ ﻓﺮﺳﺘﺎﺩﻩ ﺑﻼﻋﻮﺽ ARP
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺑﺎﻋﺚ ﻣﯽ ﮔﺮﺩﺩ ﺗﺎ ﻗﺮﺑﺎﻧﯽ ﮔﻤﺎﻥ ﮐﻨﺪ ﮐﻪ ﺑﺎ ﻳﮏ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻣﻴﺰﺑﺎﻥ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﺍﺳﺖ ،ﺩﺭ ﺻﻮﺭﺗﻴﮑﻪ ،ﺩﺭ ﻭﺍﻗﻊ ﺁﻥ ﻗﺮﺑﺎﻧﯽ ﺩﺭ ﺣﺎﻝ
ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﻳﮏ ﺣﻤﻠﻪ ﮐﻨﻨﺪﺓ ﺩﺭ ﺣﺎﻝ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻣﯽ ﺑﺎﺷﺪ.
ﻧﺮﻡ ﺍﻓﺰﺍﺭ Cain & Ableﻗﺎﺑﻠﻴﺖ ﻫﺎﻱ ﻓﺮﺍﺗﺮ ﺍﺯ ﺁﻧﭽﻪ ﻣﺎ ﺩﺭ ﺍﻳﻨﺠﺎ ﻧﻴﺎﺯ ﺩﺍﺭﻳﻢ ﺭﺍ ﺩﺍﺭﺍﺳﺖ ،ﻫﻨﮕﺎﻣﻴﮑﻪ ﺑﺮﺍﯼ ﺍﻭﻟﻴﻦ ﺑﺎﺭ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺭﺍ
ﺍﺟﺮﺍ ﻣﯽ ﮐﻨﻴﺪ ،ﻣﺘﻮﺟﻪ ﻳﮏ ﺳﺮﯼ ﺩﮔﻤﻪ ﻫﺎ ﺩﺭ ﻗﺴﻤﺖ ﺑﺎﻻﻳﯽ ﭘﻨﺠﺮﻩ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻣﯽ ﺷﻮﻳﺪ .ﻣﺎ ﺍﺯ ﻣﺤﻴﻂ ) Snifferﺟﺎﺳﻮﺱ(
ﺟﻬﺖ ﺭﺳﻴﺪﻥ ﺑﻪ ﻫﺪﻑ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ .ﻫﻨﮕﺎﻣﻴ ﮑﻪ ﺑﺮ ﺭﻭﯼ ﺩﮔﻤﻪ Snifferﮐﻠﻴﮏ ﮐﻨﻴﺪ ،ﻳﮏ ﺟﺪﻭﻝ ﺧﺎﻟﯽ ﻣﺸﺎﻫﺪﻩ
ﺧﻮﺍﻫﻴﺪ ﮐﺮﺩ .ﺟﻬﺖ ﭘﺎﺭﺍﻣﺘﺮ ﺩﻫﯽ ﺑﻪ ﺍﻳﻦ ﺟﺪﻭﻝ ،ﻣﯽ ﺑﺎﻳﺴﺖ Snifferﻃﺮﺍﺣﯽ ﺷﺪﻩ ﺩﺭ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺭﺍ ﻓﻌﺎﻝ ﺳﺎﺧﺘﻪ ﻭ ﺷﺒﮑﻪ ﺧﻮﺩ
ﺭﺍ ﺟﻬﺖ ﺍﺳﺘﻔﺎﺩﺓ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺍﺳﮑﻦ ﮐﻨﻴﺪ.
ﺑﺮ ﺭﻭﯼ ﺁﻳﮑﻮﻥ ﺩﻭﻡ ﺩﺭ ﺟﻌﺒﻪ ﺍﺑﺰﺍﺭ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﮐﻠﻴﮏ ﮐﻨﻴﺪ .ﺍﻳﻦ ﺁﻳﮑﻮﻥ ﺷﺒﻴﻪ ﻳﮏ ﮐﺎﺭﺕ ﺷﺒﮑﻪ ﺍﺳﺖ .ﻫﻨﮕﺎﻣﻴﮑﻪ ﺑﺮﺍﯼ ﺍﻭﻟﻴﻦ ﺑﺎﺭ
ﺑﺮ ﺭﻭﯼ ﺍﻳﻦ ﺁﻳﮑﻮﻥ ﮐﻠﻴﮏ ﻣﯽ ﮐﻨﻴﺪ ،ﺍﺯ ﺷﻤﺎ ﺧﻮﺍﺳﺘﻪ ﻣﯽ ﺷﻮﺩ ﮐﻪ ﺗﺮﻣﻴﻨﺎﻟﯽ ﺭﺍ ﮐﻪ ﻗﺼﺪ ﺩﺍﺭﻳﺪ ﺗﺠﺴﺲ ﺩﺍﺭﻳﺪ ﻣﺸﺨﺺ ﻧﻤﺎﻳﻴﺪ
.ﺷﻤﺎ ﺑﺎﻳﺪ ﺗﺮﻣﻴﻨﺎﻟﯽ ﺭﺍ ﻣﺸﺨﺺ ﮐﻨﻴﺪ ﮐﻪ ﺑﻪ ﻫﻤﺎﻥ ﺷﺒﮑﻪ ﺍﯼ ﻣﺘﺼﻞ ﺍﺳﺖ ﮐﻪ ﻗﺼﺪ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺁﻥ ﺭﺍ ﺩﺍﺭﻳﺪ .ﭘﺲ ﺍﺯ
ﻣﺸﺨﺺ ﻧﻤﻮﺩﻥ ﺗﺮﻣﻴﻨﺎﻝ ﺍﺗﺼﺎﻟﯽ ﺑﻪ ﺷﺒﮑﻪ ،ﺑﺮ ﺭﻭﯼ OKﮐﻠﻴﮏ ﮐﻨﻴﺪ ﺗﺎ ﺍﺑﺰﺍﺭ ﺗﺠﺴﺴﯽ ﺑﺮﻧﺎﻣﻪ ﻓﻌﺎﻝ ﮔﺮﺩﺩ .ﺩﺭ ﺍﻳﻦ ﺯﻣﺎﻥ ﻣﯽ
ﺑﺎﻳﺴﺖ ﺁﻳﮑﻮﻥ ﺟﻌﺒﻪ ﺍﺑﺰﺍﺭ ﮐﻪ ﺷﺒﻴﻪ ﻳﮏ ﮐﺎﺭﺕ ﺷﺒﮑﻪ ﺍﺳﺖ ﻓﺸﺮﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ .ﺩﺭ ﺻﻮﺭﺗﻴﮑﻪ ﺍﻳﻦ ﺁﻳﮑﻮﻥ ﺩﺭ ﻭﺿﻌﻴﺖ ﻓﺸﺮﺩﻩ
ﺷﺪﻩ ﻧﺒﺎﺷﺪ ،ﺑﺎ ﮐﻠﻴﮏ ﺑﺮ ﺭﻭﯼ ﺁﻥ ،ﺑﺼﻮﺭﺕ ﺩﺳﺘﯽ ﺍﻳﻦ ﺁﻳ ﮑﻮﻥ ﺭﺍ ﺩﺭ ﻭﺿﻌﻴﺖ ﻓﺸﺮﺩﻩ ﻗﺮﺍﺭ ﺩﻫﻴﺪ .ﺟﻬﺖ ﺳﺎﺧﺘﻦ ﻟﻴﺴﺘﯽ ﺍﺯ
ﻣﻴﺰﺑﺎﻧﺎﻥ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﺔ ﺷﻤﺎ ،ﺑﺮ ﺭﻭﯼ ﺁﻳﮑﻮﻥ ﺷﺒﻴﻪ ﻋﻼﻣﺖ ﺑﻌﻼﻭﻩ ) (+ﺩﺭ ﺟﻌﺒﻪ ﺍﺑﺰﺍﺭ ﺍﺻﻠﯽ ﮐﻠﻴﮏ ﮐﺮﺩﻩ ،ﺳﭙﺲ ﺑﺮ ﺭﻭﯼ OK
ﮐﻠﻴﮏ ﮐﻨﻴﺪ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺁﻥ ﺟﺪﻭﻝ ﮐﻪ ﺯﻣﺎﻧﯽ ﺧﺎﻟﯽ ﺍﺯ ﭘﺎﺭﺍﻣﺘﺮ ﺑﻮﺩ ،ﺍﮐﻨﻮﻥ ﻣﯽ ﺑﺎﻳﺴﺖ ﺑﺎ ﺍﻃﻼﻋﺎﺗﯽ ﺷﺎﻣﻞ ﻟﻴﺴﺖ ﺗﻤﺎﻣﯽ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺩﺭ ﺷﺒﮑﻪ ﺑﻪ ﻫﻤﺮﺍﻩ
ﺁﺩﺭﺱ ﻫﺎﯼ MACﻭ IPﺁﻧﺎﻥ ﻭ ﻣﺸﺨﺼﺎﺕ ﺍﺭﺍﺋﻪ ﮐﻨﻨﺪﻩ ﺧﺪﻣﺎﺕ ﺷﺒﮑﺔ ﻣﻴﺰﺑﺎﻧﺎﻥ ،ﭘﺮ ﺷﺪﻩ ﺑﺎﺷﺪ .ﺍﻳﻦ ﻫﻤﺎﻥ ﺟﺪﻭﻟﯽ ﺍﺳﺖ ﮐﻪ
ﺷﻤﺎ ﺭﺍ ﺑﺮﺍﺳﺎﺱ ﺍﻃﻼﻋﺎﺕ ﺁﻥ ،ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ARPﺍﻧﺠﺎﻡ ﻣﯽ ﺩﻫﻴﺪ .ﺩﺭ ﭘﺎﻳﻴﻦ ﭘﻨﺠﺮﺓ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ،ﺷﻤﺎ ﺷﺎﻫﺪ ﺳﺮﯼ
ﺩﮔﻤﻪ ﻫﺎﻳﯽ ﻣﯽ ﺑﺎﺷﻴﺪ ﮐﻪ ﺩﺭ ﺻﻮﺭﺕ ﮐﻠﻴﮏ ﺭﻭﯼ ﺁﻧﻬﺎ ،ﺷﻤﺎ ﺗﺤﺖ ﻋﻨﻮﺍﻥ ) Snifferﺟﺎﺳﻮﺱ( ﺑﻪ ﭘﻨﺠﺮﻩ ﻫﺎﯼ ﺩﻳﮕﺮﯼ ﻫﺪﺍﻳﺖ
ﻣﯽ ﺷﻮﻳﺪ .ﺣﺎﻝ ﮐﻪ ﺷﻤﺎ ﻟﻴﺴﺘﯽ ﺍﺯ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺗﻬﻴﻪ ﻧﻤﻮﺩﻩ ﺍﻳﺪ ،ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺩﺭ ﻣﺤﻴﻂ APRﻣﺸﻐﻮﻝ ﺑﻪ ﻓﻌﺎﻟﻴﺖ ﺷﻮﻳﺪ.
ﺩﺭ ﻫﻨﮕﺎﻡ ﻓﻌﺎﻟﻴﺖ ﺩﺭ ﭘﻨﺠﺮﺓ ، APRﺩﻭ ﺟﺪﻭﻝ ﺧﺎﻟﯽ ﺑﻪ ﺷﻤﺎ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﻣﯽ ﺷﻮﺩ :ﺟﺪﻭﻝ ﺑﺎﻻﻳﯽ ﻭ ﺟﺪﻭﻝ ﭘﺎﻳﻨﯽ .ﺑﺎ ﻧﺼﺐ ﺍﻳﻦ
ﺟﺪﺍﻭﻝ ،ﺟﺪﻭﻝ ﺑﺎﻻﻳﯽ ﻟﻴﺴﺖ ﺩﺳﺘﮕﺎﻩ ﻫﺎﻳﯽ ﮐﻪ ﺩﺭ ﺭﻭﻧﺪ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﻧﻘﺶ ﺩﺍﺭﻧﺪ ﺭﺍ ﻧﺸﺎﻥ ﻣﯽ ﺩﻫﺪ ،ﺟﺪﻭﻝ ﭘﺎﻳﻴﻨﯽ ﺗﻤﺎﻣﯽ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻴﻦ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻫﺎﯼ ﻣﺴﻤﻮﻡ ﺷﺪﻩ ﺗﻮﺳﻂ ﺷﻤﺎ ﺭﺍ ﻧﺸﺎﻥ ﻣﯽ ﺩﻫﺪ .ﺟﻬﺖ ﺍﺩﺍﻣﺔ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ،ﺑﺮ ﺭﻭﯼ ﺁﻳﮑﻮﻥ ﺷﺒﻴﻪ
ﻋﻼﻣﺖ ﺑﻌﻼﻭﻩ ) (+ﺩﺭ ﻗﺴﻤﺖ ﺟﻌﺒﻪ ﺍﺑﺰﺍﺭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﮐﻠﻴﮏ ﮐﻨﻴﺪ .ﭘﻨﺠﺮﺓ ﺑﺎﺯ ﺷﺪﻩ ،ﺩﺍﺭﺍﯼ ﺩﻭ ﺳﺘﻮﻥ ﮐﻨﺎﺭ ﻫﻢ ﻣﯽ ﺑﺎﺷﺪ .ﻟﻴﺴﺖ
ﻣﻴﺰﺑﺎﻧﺎﻥ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﻪ ﺩﺭ ﺳﺘﻮﻥ ﭼﭙﯽ ﻗﺎﺑﻞ ﺭﺅﻳﺖ ﺍﺳﺖ .ﺑﺮ ﺭﻭﯼ ﺁﺩﺭﺱ IPﻳﮑﯽ ﺍﺯ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺧﻮﺩ ﮐﻠﻴﮏ ﮐﻨﻴﺪ .ﺍﻳﻦ ﻋﻤﻞ
ﺑﺎﻋﺚ ﻣﯽ ﺷﻮﺩ ﮐﻪ ﻟﻴﺴﺖ ﺗﻤﺎﻣﯽ ﻣﻴﺰﺑﺎﻧﺎﻥ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﻪ ﺩﺭ ﺳﺘﻮﻥ ﺳﻤﺖ ﺭﺍﺳﺘﯽ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭﺁﻣﺪﻩ ﻭ ﺁﺩﺭﺱ IPﺍﻧﺘﺨﺎﺏ
ﺷﺪﻩ ،ﺣﺬﻑ ﮔﺮﺩﺩ .ﺑﺮ ﺭﻭﯼ ﺁﺩﺭﺱ IPﺩﻳﮕﺮ ﻗﺮﺑﺎﻧﯽ ﺩﺭ ﺳﺘﻮﻥ ﺳﻤﺖ ﺭﺍﺳﺘﯽ ﮐﻠﻴﮏ ﮐﺮﺩﻩ ﺳﭙﺲ ﺑﺮ ﺭﻭﯼ OKﮐﻠﻴﮏ ﮐﻨﻴﺪ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺍﮐﻨﻮﻥ ﻣﯽ ﺑﺎﻳﺴﺖ ﺁﺩﺭﺱ ﻫﺎﯼ IPﻫﺮ ﺩﻭ ﮐﺎﻣﭙﻴﻮﺗﺮ ﮐﻪ ﺩﺭ ﺟﺪﻭﻝ ﺑﺎﻻﻳﯽ ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﺍﻧﺪ ﻗﺎﺑﻞ ﺭﺅﻳﺖ ﺑﺎﺷﺪ .ﺟﻬﺖ ﺗﮑﻤﻴﻞ
ﻓﺮﺍﻳﻨﺪ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ،ﺑﺮ ﺭﻭﯼ ﻧﻤﺎﺩﯼ ﮐﻪ ﺑﻪ ﺷﮑﻞ ﺍﺷﻌﺔ ﺯﺭﺩ ﻭ ﻣﺸﮑﯽ ﺩﺭ ﺟﻌﺒﺔ ﺍﺑﺰﺍﺭ ﻭﺟﻮﺩ ﺩﺍﺭﺩﮐﻠﻴﮏ ﻧﻤﺎﻳﻴﺪ .ﺍﻳﻦ ﻋﻤﻞ
ﺑﺎﻋﺚ ﻓﻌﺎﻝ ﺳﺎﺯﯼ ﺍﻣﮑﺎﻧﺎﺕ ﻭﻳﮋﺓ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﻣﯽ ﮔﺮﺩﺩ ﻭ ﺳﻴﺴﺘﻢ ﺁﻧﺎﻟﻴﺰ ﮐﻨﻨﺪﺓ ﺷﻤﺎ ﺭﺍ ﻗﺎﺩﺭ ﻣﯽ ﺳﺎﺯﺩ ﮐﻪ ﺑﻪ ﻋﻨﻮﺍﻥ
ﺷﺨﺺ ﻣﻴﺎﻧﯽ ﺩﺭ ﺗﻤﺎﻣﯽ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺩﻭ ﻗﺮﺑﺎﻧﯽ ﻋﻤﻞ ﮐﻨﺪ .ﺩﺭ ﺻﻮﺭﺗﻴﮑﻪ ﮐﻨﺠﮑﺎﻭ ﺑﻪ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﺟﺮﻳﺎﻧﺎﺕ ﭘﺸﺖ ﭘﺮﺩﻩ ﺑﺎﺷﻴﺪ،
ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﻧﺮﻡ ﺍﻓﺰﺍﺭ Wiresharkﺭﺍ ﻧﺼﺐ ﮐﺮﺩﻩ ﻭ ﻫﻨﮕﺎﻡ ﻓﻌﺎﻝ ﮐﺮﺩﻥ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ،ﺍﻃﻼﻋﺎﺕ ﺭﺩ ﻭ ﺑﺪﻝ ﺷﺪﻩ ﺍﺯ ﺗﺮﻣﻴﻨﺎﻝ ﺭﺍ
ﻣﺸﺎﻫﺪﻩ ﮐﻨﻴﺪ .ﺩﺭ ﺻﻮﺭﺕ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ،ﺷﻤﺎ ﻧﻈﺎﺭﻩ ﮔﺮ ﺣﺠﻢ ﺑﺎﻻﻳﯽ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ARPﮐﻪ ﺑﺎ ﺳﺮﻋﺖ ﺑﺎﻻﻳﯽ ﺑﻴﻦ ﺩﻭ
ﻗﺮﺑﺎﻧﯽ ﺭﺩﻭﺑﺪﻝ ﻣﯽ ﺷﻮﻧﺪ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﻭ ﺑﻼﻓﺎﺻﻠﻪ ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺍﺭﺗﺒﺎﻁ ﺑﻴﻦ ﺁﻧﻬﺎ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﮐﻨﻴﺪ.
ﭘﺲ ﺍﺯ ﺍﺗﻤﺎﻡ ﮐﺎﺭﮐﺎﻓﻴﺴﺖ ﺩﻭﺑﺎﺭﻩ ﺑﺮ ﺭﻭﯼ ﻧﻤﺎﺩﯼ ﮐﻪ ﺑﻪ ﺷﮑﻞ ﺍﺷﻌﺔ ﺯﺭﺩ ﻭ ﻣﺸﮑﯽ ﺍﺳﺖ ﮐﻠﻴﮏ ﮐﻨﻴﺪ ﺗﺎ ﺑﻪ ﻋﻤﻠﻴﺎﺕ ﻣﺴﻤﻮﻡ
ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ARPﺧﺎﺗﻤﻪ ﺩﻫﻴﺪ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺑﺎ ﻣﺸﺎﻫﺪﺓ ﺭﻭﺵ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺍﺯ ﺩﻳﺪ ﻣﻘﺎﺑﻠﻪ ﮐﻨﻨﺪﮔﺎﻥ ﺑﺎ ﺍﻳﻦ ﺭﻭﺵ ﺩﺭ ﻣﻴﺎﺑﺒﻢ ﮐﻪ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺩﺭ ﺷﺮﺍﻳﻂ ﻧﺎ ﻣﺴﺎﻋﺪﯼ ﻧﺴﺒﺖ ﺑﻪ
ﺣﻤﻠﻪ ﮐﻨﻨﺪﮔﺎﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ .ﻓﺮﺍﻳﻨﺪ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ARPﺩﺭ ﺧﻔﺎ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﻭ ﺍﻣﮑﺎﻥ ﮐﻨﺘﺮﻝ ﻣﺴﺘﻘﻴﻢ ﺁﻥ ﺗﻮﺳﻂ ﻣﺎ ﻣﺤﺪﻭﺩ ﻣﯽ
ﺑﺎﺷﺪ .ﺭﻭﺷﯽ ﮐﻠﯽ ﺑﺮﺍﯼ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﺣﻤﻼﺕ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﺍﻣﺎ ﺩﺭ ﺻﻮﺭﺕ ﻧﮕﺮﺍﻧﯽ ﺍﺯ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻭﺍﻗﻊ ﺷﺪﻥ ،ﻣﯽ ﺗﻮﺍﻥ ﺗﻮﺳﻂ
ﺑﺮﺧﯽ ﺍﺯ ﺍﻗﺪﺍﻣﺎﺕ ﭘﻴﺸﮕﻴﺮﯼ ﮐﻨﻨﺪﻩ ﻭ ﻭﺍﮐﻨﺸﯽ ﺑﺎ ﺍﻳﻦ ﺣﻤﻼﺕ ﻣﻘﺎﺑﻠﻪ ﮐﺮﺩ.
ﺩﺭ ﻳﮏ ﺷﺒﮑﻪ ﻣﺤﻠﯽ ،ﺗﻨﻬﺎ ﺗﺎ ﺯﻣﺎﻧﯽ ﻣﯽ ﺗﻮﺍﻥ ﺍﺯ ﺭﻭﺵ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺟﻬﺖ ﺣﻤﻠﻪ ﺍﺳﺘﻔﺎﺩﻩ ﮐﺮﺩ ﮐﻪ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺑﻴﻦ ﺩﻭ
ﻗﺮﺑﺎﻧﯽ ﺑﺮﻗﺮﺍﺭ ﺑﺎﺷﺪ .ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ،ﺩﺭ ﻳﮏ ﺷﺒﮑﺔ ﻣﺤﻠﯽ ،ﺩﺭ ﺻﻮﺭﺕ ﻭﻗﻮﻉ ﻳﮑﯽ ﺍﺯ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﺎﻳﺪ ﻧﮕﺮﺍﻥ ﺍﻣﻨﻴﺖ
ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺷﻮﻳﺪ :ﺍﮔﺮ ﻳﮏ ﺩﺳﺘﮕﺎﻩ ﺩﺭ ﺷﺒﮑﻪ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ ،ﻳﮏ ﮐﺎﺭﺑﺮ ﻣﻌﺘﻤﺪ ﻗﺼﺪ ﺣﻤﻠﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻳﺎ
ﺷﺨﺼﯽ ﻗﺼﺪ ﻧﺼﺐ ﻳﮏ ﺳﻴﺴﺘﻢ ﻏﻴﺮﻣﻄﻤﺌﻦ ﺩﺭ ﺷﺒﮑﻪ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺍﮔﺮﭼﻪ ﻣﺎ ﺍﻏﻠﺐ ﺑﺮ ﺣﻔﻆ ﺍﻣﻨﻴﺖ ﻓﻀﺎﯼ ﺷﺒﮑﻪ ﺗﻤﺮﮐﺰ
ﺩﺍﺭﻳﻢ ،ﻭﻟﯽ ﺑﺎ ﻣﻘﺎﺑﻠﻪ ﺑﺮﺍﺑﺮ ﺗﻬﺪﻳﺪﺍﺕ ﺩﺍﺧﻠﯽ ﻭ ﺑﺎ ﺩﺍﺷﺘﻦ ﻭﺿﻌﻴﺖ ﺍﻣﻨﻴﺘﯽ ﻣﻨﺎﺳﺐ ،ﻣﯽ ﺗﻮﺍﻧﻴﻢ ﺑﻪ ﺍﺯ ﺑﻴﻦ ﺑﺮﺩﻥ ﻧﮕﺮﺍﻧﯽ ﻫﺎ ﺩﺭﺑﺎﺭﻩ
ﺣﻤﻼﺕ ﺫﮐﺮ ﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻣﻘﺎﻻﺕ ﮐﻤﮏ ﮐﻨﻴﻢ.
ﻳﮑﯽ ﺍﺯ ﺭﺍﻩ ﻫﺎﯼ ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﻃﺒﻴﻌﺖ ﻧﺎﺍﻣﻦ ﻭ ﭘﻮﻳﺎﯼ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻭ ﭘﺎﺳﺨﯽ ،ARPﮐﺎﻫﺶ ﺧﺎﺻﻴﺖ ﺩﻳﻨﺎﻣﻴﮑﯽ
ﻋﻤﻠﮑﺮﺩ ﺍﻳﻦ ﺩﺳﺘﻪ ﻫﺎ ﻣﯽ ﺑﺎﺷﺪ .ﺍﻳﻦ ﺭﻭﺵ ﺭﺍ ﻣﯽ ﺗﻮﺍﻥ ﺑﻪ ﻋﻨﻮﺍﻥ ﻳﮏ ﺭﺍ ﺣﻞ ﻣﻔﻴﺪ ﺩﺭ ﻧﻈﺮ ﮔﺮﻓﺖ ﺯﻳﺮﺍ ﻣﻴﺰﺑﺎﻧﺎﻧﯽ ﮐﻪ ﺍﺯ ﺳﻴﺴﺘﻢ
ﻋﺎﻣﻞ ﻭﻳﻨﺪﻭﺯ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻨﺪ ،ﺍﺟﺎﺯﻩ ﻭﺭﻭﺩ ﺩﺍﺩﻩ ﻫﺎﯼ ﺍﺿﺎﻓﯽ ﺍﺳﺘﺎﺗﻴﮏ ﺭﺍ ﺑﻪ ﺣﺎﻓﻈﺔ ﮐﺶ ﺧﻮﺩ ﻣﯽ ﺩﻫﻨﺪ .ﺷﻤﺎ ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺑﺎ
ﮔﺸﻮﺩﻥ ﻳﮏ ﺻﻔﺤﺔ ﺩﺳﺘﻮﺭ ﻭ ﺗﺎﻳﭗ ﻓﺮﻣﺎﻥ ، arp-aﺣﺎﻓﻈﺔ ﮐﺶ ARPﻭﻳﻨﺪﻭﺯ ﻳﮏ ﻣﻴﺰﺑﺎﻥ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﮐﻨﻴﺪ.
ﺷﻤﺎ ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺗﻮﺳﻂ ﺩﺳﺘﻮﺭ ﺯﻳﺮ ،ﻭﺭﻭﺩﯼ ﻫﺎﯼ ﺟﺪﻳﺪ ﺭﺍ ﺑﻪ ﻟﻴ ﺴﺖ ﺧﻮﺩ ﺍﺿﺎﻓﻪ ﻧﻤﺎﻳﻴﺪ :
ﺩﺭ ﺻﻮﺭﺗﻴﮑﻪ ﺳﺎﺧﺘﺎﺭ ﺷﺒﮑﻪ ﺷﻤﺎ ﺧﻴﻠﯽ ﺑﻪ ﻧﺪﺭﺕ ﺗﻐﻴﻴﺮ ﻣﻲ ﮐﻨﺪ ،ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﮐﻪ ﻟﻴﺴﺘﯽ ﺍﺯ ﻭﺭﻭﺩﯼ ﻫﺎﯼ ﺍﺳﺘﺎﺗﻴﮏ ARP
ﺗﻬﻴﻪ ﮐﺮﺩﻩ ﻭ ﺍﻳﻦ ﻭﺭﻭﺩﯼ ﻫﺎ ﺭﺍ ﺗﻮﺳﻂ ﻣﺘﻮﻥ ﮐﺎﻣﭙﻴﻮﺗﺮﯼ ﺍﺗﻮﻣﺎﺗﻴﮏ ﺑﻪ ﻣﻴﺰﺑﺎﻥ ﺍﺭﺳﺎﻝ ﮐﻨﻴﺪ .ﺍﻳﻦ ﺍﻗﺪﺍﻡ ﺳﺒﺐ ﻣﯽ ﮔﺮﺩﺩ ﺗﺎ ﺍﺯ ﺍﻳﻦ
ﻣﻮﺿﻮﻉ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﮔﺮﺩﺩ ﮐﻪ ﮐﺎﻣﭙﻴ ﻮﺗﺮ ﻫﺎﯼ ﺷﺒﮑﻪ ﺑﺠﺎﯼ ﺍﻋﺘﻤﺎﺩ ﺑﻪ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻭ ﭘﺎﺳﺨﯽ ،ARPﻫﻤﻴﺸﻪ
ﺑﺮﺍﺳﺎﺱ ﺣﺎﻓﻈﺔ ﮐﺶ ﻣﺤﻠﯽ ARPﺧﻮﺩ ﻋﻤﻞ ﻣﯽ ﮐﻨﻨﺪ.
ﺁﺧﺮﻳﻦ ﺭﻭﺵ ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ،ARPﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﮏ ﺭﺍﻩ ﺣﻞ ﻭﺍﮐﻨﺸﯽ ﻣﯽ ﺑﺎﺷﺪ .ﺍﻳﻦ ﺭﺍﻩ ﺣﻞ،
ﺷﺎﻣﻞ ﺛﺒﺖ ﺍﻃﻼﻋﺎﺕ ﺗﺒﺎﺩﻝ ﺷﺪﻩ ﺗﻮﺳﻂ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺩﺭ ﺷﺒﮑﻪ ﻣﯽ ﺑﺎﺷﺪ .ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺗﻮﺳﻂ ﭼﻨﺪ ﺳﻴﺴﺘﻢ ﻧﻔﻮﺫ ﻳﺎﺏ
ﻣﺨﺘﻠﻒ )ﻣﺎﻧﻨﺪ (Snortﻳﺎ ﺗﻮﺳﻂ ﺍﺑﺰﺍﺭﻫﺎﯼ ﻗﺎﺑﻞ ﺩﺍﻧﻠﻮﺩﯼ ﮐﻪ ﺻﺮﻓﺎﹰ ﺟﻬﺖ ﻧﻴﻞ ﺑﻪ ﺍﻳﻦ ﻫﺪﻑ ﻃﺮﺍﺣﯽ ﺷﺪﻩ ﺍﻧﺪ)ﻣﺎﻧﻨﺪ (xARP
ﺍﻣﮑﺎﻥ ﭘﺬﻳﺮ ﻣﯽ ﺑﺎﺷﺪ .ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺭﺍﻩ ﺣﻞ ﻫﻨﮕﺎﻡ ﺗﻌﺎﻣﻞ ﺑﺎ ﻳﮏ ﻣﻴ ﺰﺑﺎﻥ ﺩﺭ ﺷﺒﮑﻪ ﺑﻪ ﺭﺍﺣﺘﯽ ﺍﻣﮑﺎﻥ ﭘﺬﻳﺮ ﻣﯽ ﺑﺎﺷﺪ ﻭﻟﯽ ﺩﺭ
ﺻﻮﺭﺕ ﻣﻮﺍﺟﻪ ﺑﻮﺩﻥ ﺑﺎ ﺗﻤﺎﻣﯽ ﺑﺨﺶ ﻫﺎﯼ ﺷﺒﮑﻪ ،ﺑﮑﺎﺭﮔﻴﺮﯼ ﺍﻳﻦ ﺭﻭﺵ ﮐﻤﯽ ﺩﺷﻮﺍﺭ ﻣﯽ ﺑﺎﺷﺪ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﻓﺮﻳﺐ :DNS
ﻓﺮﻳﺐ ﺩﺍﺩﻥ ،DNSﻧﻮﻋﯽ ﺩﻳﮕﺮ ﺍﺯ ﺣﻤﻼﺕ ﺷﺨﺺ ﻣﻴﺎﻧﯽ ) (MITMﻣﯽ ﺑﺎﺷﺪ .ﺗﻮﺳﻂ ﺍﻳﻦ ﺭﻭﺵ ،ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﻗﺎﺩﺭ
ﺍﺳﺖ ﺍﻃﻼﻋﺎﺕ DNSﻧﺎﺩﺭﺳﺘﯽ ﺑﺮﺍﯼ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻣﻴﺰﺑﺎﻥ )ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ( ﺍﻳﺠﺎﺩ ﻧﻤﺎﻳﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ،ﺯﻣﺎﻧﻴﮑﻪ ﺷﺨﺺ ﻗﺮﺑﺎﻧﯽ ﺗﺼﻤﻴﻢ
ﺩﺍﺭﺩ ﻭﺍﺭﺩ ﺳﺎﻳﺘﯽ ﻣﺎﻧﻨﺪ www.bankofamerica.comﺑﺎ ﺁﺩﺭﺱ XXX.XX.XX.XX : IPﮔﺮﺩﺩ ،ﺍﻳﻦ ﺷﺨﺺ ﺩﺭ ﻭﺍﻗﻊ ﺑﻪ ﺳﺎﻳﺖ
ﺟﻌﻠﯽ ﻭ ﺳﺎﺧﺘﮕﯽ www.bankofamerica.comﺑﺎ ﺁﺩﺭﺱ YYY.YY.YY.YY : IPﻓﺮﺳﺘﺎﺩﻩ ﻣﯽ ﺷﻮﺩ .ﺍﻳﻦ ﺳﺎﻳﺖ ﺟﻌﻠﯽ ﺗﻮﺳﻂ
ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﺳﺎﺧﺘﻪ ﺷﺪﻩ ﻭ ﻫﺪﻑ ﺍﻳﻦ ﺷﺨﺺ ،ﺩﺯﺩﯼ ﺍﻋﺘﺒﺎﺭﺍﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ ﻭ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺏ ﺷﺨﺺ ﻗﺮﺑﺎﻧﯽ ﺍﺳﺖ،
ﺍﺟﺮﺍﯼ ﭼﻨﻴﻦ ﺣﻤﻠﻪ ﺍﯼ ﺑﺮﺍﺣﺘﯽ ﺍﻣﮑﺎﻧﭙﺬﻳﺮ ﺍﺳﺖ.
ﻃﺒﻖ ﺗﻌﺮﻳﻒ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺩﺭ ،RFC 1034/1035ﭘﺮﻭﺗﮑﻞ ""ﺳﻴﺴﺘﻢ ﻧﺎﻣﮕﺬﺍﺭﯼ ﻭﺏ ﺳﺎﻳﺖ"" ﻳﺎ ،DNSﻣﻬﻤﺘﺮﻳﻦ ﭘﺮﻭﺗﮑﻞ ﻣﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﺗﻮﺳﻂ ﺍﻳﻨﺘﺮﻧﺖ ﻣﯽ ﺑﺎﺷﺪ .ﺯﻳﺮﺍ ﻭﺟﻮﺩ DNSﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺎﻋﺚ ﻣﯽ ﮔﺮﺩﺩ ﮐﻪ ﺑﻪ ﻗﻮﻝ ﻣﻌﺮﻭﻑ’:ﺁﺟﺮ ﺭﻭﯼ ﺁﺟﺮ ﺑﻨﺪ ﺷﻮﺩ’.
ﺑﻄﻮﺭ ﺧﻼﺻﻪ ﻣﯽ ﺗﻮﺍﻥ ﮔﻔﺖ ﻫﺮﮔﺎﻩ ﺷﻤﺎ ﺁﺩﺭﺳﯽ ﻣﺎﻧﻨﺪ http://www.google.comﺭﺍ ﺩﺭ ﺻﻔﺤﺔ ﻣﺮﻭﺭﮔﺮ ﺗﺎﻳﭗ ﻣﻲ ﮐﻨﻴﺪ ﺗﺎ
ﻭﺍﺭﺩ ﺁﻥ ﺳﺎﻳﺖ ﺷﻮﻳﺪ ،ﻳﮏ ﺩﺭﺧﻮﺍﺳﺖ DNSﺑﻪ ﺳﺮﻭﺭ DNSﺍﺭﺳﺎﻝ ﻣﯽ ﺷﻮﺩ ﺗﺎ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺷﻤﺎ ﺁﺩﺭﺱ IPﺁﻥ ﺳﺎﻳﺖ ﺭﺍ ﺑﺪﺳﺖ
ﺁﻭﺭﺩ .ﺑﻪ ﻫﻤﻴﻦ ﻋﻠﺖ ﺍﺳﺖ ﮐﻪ ﺩﺳﺘﮕﺎﻩ ﻫﺎﯼ ﺍﻳﺠﺎﺩ ﮐﻨﻨﺪﺓ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﯽ ،ﺁﺩﺭﺳﯽ ﻣﺎﻧﻨﺪ google.comﺭﺍ ﺗﺸﺨﻴﺺ
ﻧﻤیﺪﻫﻨﺪ .ﺍﻳﻦ ﺩﺳﺘﮕﺎﻩ ﻫﺎ ،ﺗﻨﻬﺎ ﺑﺎ ﺁﺩﺭﺱ IPﻭﺏ ﺳﺎﻳﺖ ﻫﺎ )ﻣﺎﻧﻨﺪ (74.125.95.103ﺁﺷﻨﺎ ﺑﻮﺩﻩ ﻭ ﺑﺮﺍﺳﺎﺱ ﺁﺩﺭﺱ ﻫﺎﯼ IP
ﭘﺮﻭﺗﮑﻞ DNSﺑﻪ ﺻﻮﺭﺕ ﺩﺭﺧﻮﺍﺳﺘﯽ /ﭘﺎﺳﺨﯽ ﻋﻤﻞ ﻣﯽ ﮐﻨﺪ .ﮐﺎﺭﺑﺮﯼ ﮐﻪ ﻗﺼﺪ ﺩﺍﺭﺩ ﻭﺍﺭﺩ ﻭﺏ ﺳﺎﻳﺘﯽ ﺑﺎ DNSﻭ IPﻣﺸﺨﺼﯽ
ﮔﺮﺩﺩ ،ﺍﺑﺘﺪﺍ ﺩﺭﺧﻮﺍﺳﺘﯽ ﺭﺍ ﺑﻪ ﺳﺮﻭﺭ DNSﺍﺭﺳﺎﻝ ﻣﯽ ﮐﻨﺪ .ﺳﭙﺲ ،ﺳﺮﻭﺭ ﺍﻃﻼﻋﺎﺕ ﺩﺭﺧﻮﺍﺳﺖ ﺷﺪﻩ ﺭﺍ ﺑﺮﺍﯼ ﺁﻥ ﮐﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ
ﻣﯽ ﻧﻤﺎﻳﺪ .ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﻳﮏ ﮐﺎﺭﺑﺮ ،ﺗﻨﻬﺎ ﻫﻤﻴﻦ ﺩﻭ ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻭ ﭘﺎﺳﺨﯽ ﺩﺭ ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ.
ﺑﺎ ﺩﺭ ﻧﻈﺮ ﮔﺮﻓﺘﻦ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻮﺟﻮﺩ ﺑﻴﻦ ﺳﺮﻭﺭ ﻫﺎﯼ ،DNSﻓﺮﺍﻳﻨﺪ ﺍﺭﺳﺎﻝ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻭ ﭘﺎﺳﺨﯽ ﮐﻤﯽ ﭘﻴﭽﻴﺪﻩ ﺗﺮ
ﻣﯽ ﮔﺮﺩﺩ .ﻋﻤﻠﮑﺮﺩ ﺳﻠﺴﻠﻪ ﻣﺮﺍﺗﺒﯽ DNSﺩﺭﺍﻳﻨﺘﺮﻧﺖ ﺳﺒﺐ ﻣﯽ ﮔﺮﺩﺩ ﺗﺎ ﺳﺮﻭﺭ ﻫﺎﯼ DNSﺑﺮﺍﯼ ﺍﺭﺳﺎﻝ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ﺑﻪ ﮐﺎﺭﺑﺮ،
ﻧﺎﭼﺎﺭ ﺑﻪ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﻳﮑﺪﻳﮕﺮﮔﺮﺩﻧﺪ .ﺍﺯ ﺍﻳﻦ ﮔﺬﺷﺘﻪ ،ﺷﺎﻳﺪ ﺑﺘﻮﺍﻥ ﺍﺯ ﻳﮏ ﺳﺮﻭﺭ DNSﺩﺍﺧﻠﯽ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺷﺖ ﮐﻪ ﻧﺎﻡ ﺳﺮﻭﺭ ﻣﺤﻠﯽ
ﺍﻳﻨﺘﺮﺍﻧﺖ ﺑﺎ IPﻣﺸﺨﺺ ﺭﺍ ﺑﺪﺍﻧﺪ ،ﻭﻟﯽ ﻣﺴﻠﻤﺎﹰ ﻧﻤﯽ ﺗﻮﺍﻥ ﺍﺯ ﭼﻨﻴﻦ ﺳﺮﻭﺭﯼ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺷﺖ ﮐﻪ ﺁﺩﺭﺱ ﻫﺎﯼ IPﻣﺮﺑﻮﻁ ﺑﻪ ﺳﺎﻳﺖ
ﻫﺎﻳﯽ ﻣﺎﻧﻨﺪ Googleﻳﺎ Dellﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﺪ .ﺑﻪ ﻫﻤﻴﻦ ﺟﻬﺖ ﺍﺳﺖ ﮐﻪ ﺍﺭﺗﺒﺎﻁ ﺑﻴﻦ ﺳﺮﻭﺭ ﻫﺎﯼ DNSﻧﻘﺶ ﻣﻬﻤﯽ ﺩﺭ ﺍﻳﻦ
ﻓﺮﺍﻳﻨﺪ ﺑﺎﺯﯼ ﻣﯽ ﮐﻨﻨﺪ .ﺍﺭﺗﺒﺎﻁ ﺑﻴﻦ ﺳﺮﻭﺭ ﻫﺎﯼ ،DNSﺍﺯ ﻃﺮﻳﻖ ﺍﺭﺳﺎﻝ ﻳﮏ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ﺍﺯ ﻳﮏ ﺳﺮﻭﺭ )ﺍﺯ ﻃﺮﻑ ﮐﺎﺭﺑﺮ( ﺑﻪ
ﺳﺮﻭﺭ ﺩﻳﮕﺮ ﺍﻧﺠﺎﻡ ﻣﯽ ﮔﺮﺩﺩ .ﺩﺭ ﺣﻘﻴﻘﺖ ،ﺩﺭ ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﻳﮏ ﺳﺮﻭﺭ ﻧﻘﺶ ﮐﺎﺭﺑﺮ ﺭﺍ ﺑﺎﺯﯼ ﻣﯽ ﮐﻨﺪ )ﻣﻄﺎﺑﻖ ﺷﻜﻞ .(۱۲
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﺑﻪ ﺭﻭﺵ ﻫﺎﯼ ﻣﺨﺘﻠﻔﯽ ﻣﯽ ﺗﻮﺍﻥ ﺻﺪﺍﯼ ﻳﮏ ﮔﺮﺑﻪ ﺭﺍ ﺗﻘﻠﻴﺪ ﮐﺮﺩ ،ﻣﯽ ﺗﻮﺍﻥ ﺍﺯ ﺭﻭﺵ ﻫﺎﯼ ﻣﺘﻌﺪﺩﯼ ﻧﻴﺰ ﺟﻬﺖ
ﺍﺟﺮﺍﯼ ﺣﻤﻠﻪ ﺍﺯ ﻧﻮﻉ ""ﻓﺮﻳﺐ ""DNSﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ .ﻣﺎ ﺍﺯ ﺭﻭﺵ ""ﻓﺮﻳﺐ ﺩﺍﺩﻥ ﺷﻨﺎﺳﺔ ""DNSﺟﻬﺖ ﺣﻤﻠﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ.
ﻫﺮ ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ DNSﮐﻪ ﺩﺭ ﺷﺒﮑﻪ ﺍﺭﺳﺎﻝ ﻣﯽ ﺷﻮﺩ ،ﺩﺍﺭﺍﯼ ﺷﻤﺎﺭﺓ ﺷﻨﺎﺳﺔ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩﯼ ﻣﯽ ﺑﺎﺷﺪ .ﺍﻳﻦ ﺷﻨﺎﺳﻪ،
ﺟﻬﺖ ﺍﻣﮑﺎﻥ ﺷﻨﺎﺳﺎﻳﯽ ﻭ ﻣﺘﺼﻞ ﻧﻤﻮﺩﻥ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻭ ﭘﺎﺳﺨﯽ ﺑﮑﺎﺭ ﻣﯽ ﺭﻭﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ،ﺍﮔﺮ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ
ﻗﺎﺩﺭ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﺩﺭﺧﻮﺍﺳﺖ DNSﺍﺭﺳﺎﻝ ﺷﺪﻩ ﺍﺯ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ ﺑﺎﺷﺪ ،ﺁﻧﮕﺎﻩ ﮐﺎﻓﻴﺴﺖ ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﻳ ﮏ ﺩﺳﺘﺔ
ﭘﺎﺳﺨﯽ ﺟﻌﻠﯽ ﮐﻪ ﺷﺎﻣﻞ ﺍﻳﻦ ﺷﻨﺎﺳﻪ ﺑﺎﺷﺪ ﺑﺴﺎﺯﺩ ﻭ ﺑﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ ﺍﺭﺳﺎﻝ ﮐﻨﺪ.
ﺍﻳﻦ ﺣﻤﻠﻪ ،ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﮏ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻭ ﺗﻮﺳﻂ ﺍﺟﺮﺍﯼ ﺩﻭ ﻣﺮﺣﻠﻪ ﺭﻭﺑﺮﻭ ﺍﻧﺠﺎﻡ ﻣﯽ ﮔﻴﺮﺩ :ﺍﺑﺘﺪﺍ ،ﻣﺎ ﺍﻗﺪﺍﻡ ﺑﻪ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ
ﺣﺎﻓﻈﺔ ﮐﺶ ARPﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ ﻧﻤﻮﺩﻩ ﺗﺎ ﻗﺎﺩﺭ ﺷﻮﻳﻢ ﺍﻃﻼﻋﺎﺕ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺗﻮﺳﻂ ﺁﻥ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺭﺍ ﻣﻨﺤﺮﻑ ﺳﺎﺧﺘﻪ ﻭ ﺩﺭ
ﻧﺘﻴﺠﻪ ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ DNSﺍﺭﺳﺎﻟﯽ ﺍﺯ ﺁﻥ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﮐﻨﻴﻢ .ﺳﭙﺲ ،ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ﺟﻌﻠﯽ ﺭﺍ ﺑﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ
ﺍﺭﺳﺎﻝ ﻣﯽ ﮐﻨﻴﻢ .ﻫﺪﻑ ﺍﺯ ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﮐﻪ ﮐﺎﺑﺮﺍﻥ )ﻗﺮﺑﺎﻧﻴﺎﻥ( ﺑﺠﺎﯼ ﻭﺭﻭﺩ ﺑﻪ ﺳﺎﻳﺘﯽ ﮐﻪ ﻣﺪ ﻧﻈﺮﺷﺎﻥ ﺍﺳﺖ ،ﺑﻪ ﻭﺏ
ﺳﺎﻳﺖ ﺟﻌﻠﯽ ﻣﺎ ﻭﺍﺭﺩ ﺷﻮﻧﺪ ﺗﺎ ﻣﺎ ﺑﻪ ﺍﻫﺪﺍﻑ ﺷﻮﻡ ﺧﻮﺩ ﺑﺮﺳﻴﻢ .ﻧﻤﻮﻧﻪ ﺍﯼ ﺍﺯ ﺍﻳﻦ ﺣﻤﻠﻪ ﺩﺭ ﺷﻜﻞ ۱۳ﺁﻣﺪﻩ ﺍﺳﺖ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻫﺎﯼ ﻣﺨﺘﻠﻔﯽ ﺟﻬﺖ ﺍﺟﺮﺍﯼ ﺣﻤﻠﻪ ﺑﻪ ﺭﻭﺵ ""ﻓﺮﻳﺐ ""DNSﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ .ﻣﺎ ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭ Ettercapﺑﻪ ﺍﻳﻦ ﻣﻨﻈﻮﺭ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ .ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺩﺍﺭﺍﯼ ﻧﺴﺨﻪ ﻫﺎﯼ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﺩﺭ Windowsﻭ Linuxﻣﯽ ﺑﺎﺷﺪ .ﺑﺎ ﺗﺤﻘﻴﻖ ﺩﺭﺑﺎﺭﺓ ﻧﺮﻡ ﺍﻓﺰﺍﺭ
Ettercapﺩﺭ ﺍﻳﻦ ﻭﺏ ﺳﺎﻳﺖ ﻣﺘﻮﺟﻪ ﻣﯽ ﺷﻮﻳﺪ ﮐﻪ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺩﺍﺭﺍﯼ ﻗﺎﺑﻠﻴﺖ ﻫﺎﻳﯽ ﻓﺮﺍﺗﺮ ﺍﺯ ﺍﻧﺠﺎﻡ""ﻓﺮﻳﺐ ""DNSﺑﻮﺩﻩ ﻭ ﺩﺭ
ﺍﮐﺜﺮ ﺣﻤﻼﺕ ﺷﺨﺺ ﻣﻴﺎﻧﯽ ) (MITMﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﯽ ﮔﻴﺮﺩ.
ﺍﮔﺮ ﻧﺮﻡ ﺍﻓﺰﺍﺭ Ettercapﺭﺍ ﺗﺤﺖ ﺳﻴ ﺴﺘﻢ ﻋﺎﻣﻞ ﻭﻳﻨﺪﻭﺯ ﻧﺼﺐ ﮐﻨﻴﺪ ،ﻣﺘﻮﺟﻪ ﻣﯽ ﺷﻮﻳﺪ ﮐﻪ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺩﺍﺭﺍﯼ ﻳﮏ GUI
ﺍﺳﺖ ،ﮐﻪ ﺑﺨﻮﺑﯽ ﮐﺎﺭ ﻣﯽ ﮐﻨﺪ .ﺍﻣﺎ ﺩﺭ ﺍﻳﻦ ﻣﺜﺎﻝ ،ﻣﺎ ﺍﺯ ﺗﺮﻣﻴﻨﺎﻝ command-lineﺟﻬﺖ ﺍﺟﺮﺍﯼ ﺣﻤﻠﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ .ﻗﺒﻞ
ﺍﺯ ﺍﺟﺮﺍﯼ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ،Ettercapﻧﻴﺎﺯ ﺑﻪ ﭘﻴﮑﺮﺑﻨﺪﯼ ﻭ ﺍﻧﺠﺎﻡ ﺑﺮﺧﯽ ﺗﻨﻈﻴﻤﺎﺕ ﻣﯽ ﺑﺎﺷﺪ .ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺩﺭ ﺍﺻﻞ ﻳﮏ ﻭﺳﻴﻠﺔ
ﺗﺠﺴﺲ ﻣﯽ ﺑﺎﺷﺪ ﮐﻪ ﺍﺯ plug-inﻫﺎﯼ )ﺩﻭﺷﺎﺧﻪ ﻫﺎﯼ( ﻣﺨﺘﻠﻒ ﺟﻬﺖ ﺍﺟﺮﺍﯼ ﺣﻤﻠﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﺪ .ﺍﺯ ﺁﻧﺠﺎﻳﻴﮑﻪ ﺩﺭ ﺍﻳﻦ
ﻣﺜﺎﻝ plug-in ،ﻣﺮﺑﻮﻁ ﺑﻪ dns_spoofﺣﻤﻠﻪ ﺭﺍ ﺍﺟﺮﺍ ﻣﯽ ﻧﻤﺎﻳﺪ ،ﻣﺎ ﺑﺎﻳﺪ ﭘﻴﮑﺮ ﺑﻨﺪﯼ ﻓﺎﻳ ﻞ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻳﻦ plug-inﺭﺍ ﺍﺻﻼﺡ
ﮐﻨﻴﻢ .ﺩﺭ ﺻﻮﺭﺕ ﮐﺎﺭ ﺑﺎ ﺳﻴﺴﺘﻢ ﻋﺎﻣﻞ ﻭﻳﻨﺪﻭﺯ ،ﺍﻳﻦ ﻓﺎﻳﻞ ﻣﯽ ﺗﻮﺍﻧﺪ ﺩﺭ ﺁﺩﺭﺱ ﻫﺎﯼ ﺯﻳﺮ ﺫﺧﻴﺮﻩ ﺷﻮﺩ:
/usr/share/ettercap/etter.dns
ﺍﻳﻦ ﻓﺎﻳﻞ ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩ ﺑﻮﺩﻩ ﻭ ﺣﺎﻭﯼ ﺍﻃﻼﻋﺎﺕ DNSﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺭﻭﺵ ""ﻓﺮﻳﺐ ""DNSﻣﯽ ﺑﺎﺷﺪ .ﻫﺪﻑ ﻣﺎ ﺍﻳﻦ ﺍﺳﺖ ﮐﻪ
ﻫﺮ ﮐﺎﺭﺑﺮﯼ ﺭﺍ ﮐﻪ ﻗﺼﺪ ﻭﺍﺭﺩ ﺷﺪﻥ ﺑﻪ ﺳﺎﻳﺖ yahoo.comﺩﺍﺭﺩ ،ﺑﻪ ﻳﮏ ﺳﺎﻳﺖ ﻣﻴﺰﺑﺎﻥ ﺩﺭ ﺷﺒﮑﺔ ﻣﺤﻠﯽ ﻫﺪﺍﻳﺖ ﻭ ﻣﻨﺘﻘﻞ ﮐﻨﻴﻢ
ﺗﺎ ﺑﺘﻮﺍﻧﻴﻢ ﻭﺭﻭﺩﯼ ﻣﺸﺨﺺ ﺷﺪﻩ ﺩﺭ ﺷﻜﻞ ۱۴ﺭﺍ ﺍﺿﺎﻓﻪ ﻧﻤﺎﻳﻴﻢ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺍﺳﺎﺱ ﻋﻤﻠﮑﺮﺩ ﺍﻳﻦ ﻭﺭﻭﺩﯼ ﻫﺎ ﺑﻪ ﺍﻳﻨﺼﻮﺭﺕ ﺍﺳﺖ :ﺍﻳﻦ ﻭﺭﻭﺩﯼ ﻫﺎ ﺑﻪ plug-inﻣﺮﺑﻮﻁ ﺑﻪ dns_spoofﺩﺳﺘﻮﺭ ﻣﯽ ﺩﻫﻨﺪ ﮐﻪ ﺩﺭ
ﺻﻮﺭﺕ ﻣﺸﺎﻫﺪﺓ ﻳﮏ ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ DNSﺑﺮﺍﯼ yahoo.comﻳﺎ ) www.yahoo.comﺍﻃﻼﻋﺎﺕ ﻣﺮﺟﻊ ﮐﻼﺱ ،(Aﻳﮏ
ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ﺑﺎ ﺁﺩﺭﺱ 172.16.16.100 : IPﺗﻮﻟﻴﺪ ﮐﻨﻨﺪ .ﺳﭙﺲ ،ﮐﺎﻣﭙﻴﻮﺗﺮ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻳﻦ ﺁﺩﺭﺱ ،IPﻳﮏ ﺳﺎﻳﺖ ﺟﻌﻠﯽ ﺭﺍ
ﺩﺭ ﻣﻌﺮﺽ ﻧﻤﺎﻳﺶ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ ﻣﯽ ﮔﺬﺍﺭﺩ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺑﻪ ﻣﺤﺾ ﺍﻳﻨﮑﻪ ﻋﻤﻠﻴﺎﺕ ﭘﻴﮑﺮﺑﻨﺪﯼ ﻓﺎﻳﻞ ﺑﻪ ﺍﺗﻤﺎﻡ ﺭﺳﻴﺪ ﻭ ﺍﻳﻦ ﻓﺎﻳﻞ ﺫﺧﻴﺮﻩ ﺷﺪ ،ﻣﺎ ﻗﺎﺩﺭ ﻫﺴﺘﻴﻢ ﺩﺳﺘﻮﺭ ﺍﺟﺮﺍﻳﯽ ﺭﺍ ﺻﺎﺩﺭ
ﻧﻤﻮﺩﻩ ﻭ ﺣﻤﻠﻪ ﺭﺍ ﺁﻏﺎﺯ ﮐﻨﻴﻢ .ﺍﺯ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﺮﺍﯼ ﺻﺪﻭﺭ ﺩﺳﺘﻮﺭ ﺍﺟﺮﺍﻳﯽ ﻣﯽ ﺗﻮﺍﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ:
-Q ﺩﺳﺘﻮﺭﺍﺕ ﺭﺍ ﺩﺭ ﺣﺎﻟﺖ ﺑﯽ ﺳﺮ ﻭ ﺻﺪﺍ ﺍﺟﺮﺍ ﻣﯽ ﮐﻨﺪ ﺗﺎ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﻳﺎﻓﺘﯽ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭ ﻧﻴﺎﻳﻨﺪ
ﻭ ﻫﻤﭽﻨﻴﻦ ﺩﺳﺘﻮﺭ –M arpﺑﺎﻋﺚ ﺍﻧﺠﺎﻡ ﻳﮏ ﺣﻤﻠﺔ ""ﺷﺨﺺ ﻣﻴﺎﻧﯽ"" ﺍﺯ ﻧﻮﻉ ""ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ""ARPﻣﯽ ﮔﺮﺩﺩ ﻭ
ﺩﺭ ﻧﺘﻴﺠﻪ ﺍﻣﮑﺎﻥ ﺩﺭﻳﺎﻓﺖ ﻭ ﻣﺸﺎﻫﺪﺓ ﺍﻃﻼﻋﺎﺕ ﺭﺩﻭ ﺑﺪﻝ ﺷﺪﻩ ﺑﻴﻦ ﻗﺮﺑﺎﻧیﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﯽ ﺳﺎﺯﺩ.
ﺑﺎ ﺍﺟﺮﺍﯼ ﺩﺳﺘﻮﺭﺍﺕ ﺑﺎﻻ ،ﺣﻤﻠﻪ ﺩﺭ ﺩﻭ ﻣﺮﺣﻠﻪ ﺍﻧﺠﺎﻡ ﻣﯽ ﺷﻮﺩ -۱ :ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ARPﮐﺎﻣﭙیﻮﺗﺮ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺩﺭ
ﺷﺒﮑﻪ ﻭ -۲ﺍﻧﺘﻘﺎﻝ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ﺟﻌﻠﯽ ﺑﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﻴﺎﻥ.
ﺷﻜﻞ .۱۵ﻧﺮﻡ ﺍﻓﺰﺍﺭ Ettercapﺩﺍﺋﻤﺎﹰ ﺩﺭ ﺣﺎﻝ ﺩﺭﻳﺎﻓﺖ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﺧﻮﺍﺳﺘﯽ DNSﻣﯽ ﺑﺎﺷﺪ
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﭘﺲ ﺍﺯ ﺍﺟﺮﺍﯼ ﺍﻳﻦ ﺩﺳﺘﻮﺭﺍﺕ ﻭ ﺁﻏﺎﺯ ﺣﻤﻠﻪ ،ﻫﺮﮐﺲ ﮐﻪ ﻗﺼﺪ ﻭﺭﻭﺩ ﺑﻪ ﺳﺎﻳﺖ www.yahoo.comﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﺑﻪ ﺳﺎﻳﺖ
ﺟﻌﻠﯽ ﻣﺎ ﻫﺪﺍﻳﺖ ﺧﻮﺍﻫﺪ ﺷﺪ )ﺷﻜﻞ .(۱۶
ﺍﺯ ﺁﻧﺠﺎﻱ ﮐﻪ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺩﺍﺭﺍﯼ ﻃﺒﻴﻌﺘﯽ ﻭﺍﮐﻨﺸﯽ ﻣﯽ ﺑﺎﺷﺪ ،ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﺁﻥ ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﺍﺳﺖ .ﻗﺎﻋﺪﺗﺎﹰ ﺗﺎ ﺯﻣﺎﻧﻴﮑﻪ ﺷﻤﺎ
ﺑﻄﻮﺭ ﮐﺎﻣﻞ ﻗﺮﺑﺎﻧﯽ ﺍﻳﻦ ﺣﻤﻠﻪ ﻧﺸﺪﻩ ﺍﻳﺪ ،ﺍﺯ ﻓﺮﻳﺐ ﺧﻮﺭﺩﻥ DNSﺧﻮﺩ ﺑﯽ ﺍﻃﻼﻉ ﺑﺎﻗﯽ ﻣﯽ ﻣﺎﻧﻴﺪ .ﺩﺭ ﺻﻮﺭﺕ ﺍﻧﺠﺎﻡ ﭼﻨﻴﻦ ﺣﻤﻠﻪ
ﺍﯼ ،ﺷﻤﺎ ﺑﺎ ﻭﺏ ﺳﺎﻳﺘﯽ ﻣﻮﺍﺟﻪ ﻣﯽ ﺷﻮﻳﺪ ﮐﻪ ﮐﻤﯽ ﺑﺎ ﺁﻧﭽﻪ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺷﺘﻴﺪ ﺗﻔﺎﻭﺕ ﺩﺍﺭﺩ .ﺩﺭ ﺣﻤﻼﺗﯽ ﮐﻪ ﺑﻄﻮﺭ ﮐﺎﻣﻞ ﺳﺎﺯﻣﺎﻥ
ﺩﻫﯽ ﺷﺪﻩ ﺍﻧﺪ ،ﻣﻤﮑﻦ ﺍﺳﺖ ﮐﻪ ﺣﺘﯽ ﺷﻤﺎ ﻣﺘﻮﺟﻪ ﻧﺸﻮﻳﺪ ﮐﻪ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺏ ﺑﺎﻧﮑﯽ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻳﮏ ﺳﺎﻳﺖ ﺟﻌﻠﯽ ﻭﺍﺭﺩ ﮐﺮﺩﻩ
ﺍﻳﺪ ،ﺗﺎ ﺍﻳﻨﮑﻪ ﺍﺯ ﻃﺮﻑ ﺑﺎﻧﮏ ﺑﺎ ﺷﻤﺎ ﺗﻤﺎﺱ ﺑﮕﻴﺮﻧﺪ ﻭ ﺍﺯ ﺷﻤﺎ ﺩﺭ ﺧﺼﻮﺹ ﮐﺸﺘﯽ ﺗﺎﺯﻩ ﺧﺮﻳﺪﺍﺭﯼ ﻧﻤﻮﺩﻩ ﺩﺭ ﺳﻮﺍﺣﻞ ﻳﻮﻧﺎﻥ ﺳﻮﺍﻝ
ﮐﻨﻨﺪ .ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ،ﻫﻨﻮﺯ ﺍﻗﺪﺍﻣﺎﺕ ﺩﻓﺎﻋﯽ ﺩﻳﮕﺮﯼ ﻧﻴﺰ ﺑﺮﺍﯼ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﺣﻤﻠﻪ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ:
ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﺔ ﺧﻮﺩ ﺭﺍ ﺍﻳﻤﻦ ﺳﺎﺯﻳﺪ :ﭼﻨﻴﻦ ﺣﻤﻼﺗﯽ ﺩﺭ ﺍﻏﻠﺐ ﻣﻮﺍﺭﺩ ﺍﺯ ﺩﺍﺧﻞ ﺷﺒﮑﻪ ﺻﻮﺭﺕ ﻣﯽ ﮔﻴﺮﺩ .ﺍﮔﺮ
ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﺷﺒﮑﻪ ﺷﻤﺎ ﺍﻳﻤﻦ ﺑﺎﺷﻨﺪ ،ﺁﻧﮕﺎﻩ ﺍﺣﺘﻤﺎﻝ ﮐﻤﺘﺮﯼ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺗﺎ ﺍﺯ ﺍﻳﻦ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎ ﺟﻬﺖ ﺍﻧﺠﺎﻡ ﺣﻤﻠﻪ ﺑﻪ ﺷﻤﺎ
ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ.
ﺑﻪ ﺍﻳﻤﻨﯽ DNSﺍﻃﻤﻴﻨﺎﻥ ﻧﮑﻨﻴﺪ :ﺳﻴﺴﺘﻢ ﻫﺎﯼ ﻣﺮﻭﺭﮔﺮ ﺍﻳﻨﺘﺮﻧﺖ ﮐﻪ ﺍﺯ ﺣﺴﺎﺳﻴﺖ ﻭ ﺍﻳﻤﻨﯽ ﺑﺎﻻﻳﯽ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ،ﺍﺯ DNSﺩﺭ
ﻋﻤﻠﮑﺮﺩ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﯽ ﮐﻨﻨﺪ .ﺷﻤﺎ ﻣﻌﻤﻮﻻﹰ ﺍﺯ ﭼﻨﻴﻦ ﻣﺮﻭﺭﮔﺮﻫﺎﻳﯽ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﯽ ﮐﻨﻴﺪ ﻭﻟﯽ ﺍﮔﺮ ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭﯼ ﺍﺳﺘﻔﺎﺩﻩ
ﻣﯽ ﻧﻤﺎﻳﻴﺪ ﮐﻪ ﺩﺭ ﻋﻤﻠﮑﺮﺩ ﺧﻮﺩ ﺍﺯ ﻧﺎﻡ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺩﺭ ﺷﺒﮑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﺪ ،ﻧﺎﻡ ﺍﻳﻦ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺭﺍ ﺑﺼﻮﺭﺕ ﺩﺳﺘﯽ ﺩﺭ ﻓﺎﻳﻞ
ﻣﻴﺰﺑﺎﻧﺎﻥ ﺫﺧﻴﺮﻩ ﮐﻨﻴﺪ.
ﺍﺯ IDSﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻴﺪ :ﺩﺭ ﺻﻮﺭﺕ ﻧﺼﺐ ﻭ ﺍﺳﺘﻔﺎﺩﺓ ﺻﺤﻴﺢ ﺍﺯ ﺳﻴﺴﺘﻢ ﺗﺸﺨﻴﺺ ﻧﻔﻮﺫ ) ،(IDSﻣﯽ ﺗﻮﺍﻥ ﺑﺎ ﺍﮐﺜﺮ ﺣﻤﻼﺕ
""ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ""ARPﻭ ""ﻓﺮﻳﺐ ""DNSﻣﻘﺎﺑﻠﻪ ﻧﻤﻮﺩ.
- ﺍﺯ DNSSECﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻴﺪ DNSSEC :ﻧﺴﺨﺔ ﺟﺪﻳﺪ DNSﻣﯽ ﺑﺎﺷﺪ ﮐﻪ ﺍﺯ ﺍﻃﻼﻋﺎﺕ DNSﮐﻪ ﺩﺍﺭﺍﯼ ﺍﻣﻀﺎﯼ ﺩﻳﺠﻴﺘﺎﻟﯽ ﻣﯽ
ﺑﺎﺷﻨﺪ ﺟﻬﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﻭﺍﻗﻌﯽ ﺑﻮﺩﻥ ﺩﺳﺘﻪ ﻫﺎﯼ ﭘﺎﺳﺨﯽ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﺪ .ﺍﻳﻦ ﺳﻴ ﺴﺘﻢ ﻫﻨﻮﺯ ﺑﻄﻮﺭ ﮔﺴﺘﺮﺩﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ
ﻗﺮﺍﺭ ﻧﮕﺮﻓﺘﻪ ﺍﺳﺖ ﻭﻟﯽ ﺑﻪ ﻋﻨﻮﺍﻥ "" DNSﺁﻳﻨﺪﻩ"" ﻣﻮﺭﺩ ﻗﺒﻮﻝ ﻫﻤﮕﺎﻥ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ .ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﺗﺎ ﺣﺪﯼ ﻣﻮﺭﺩ ﺍﻃﻤﻴﻨﺎﻥ
ﻣﯽ ﺑﺎﺷﺪ ﮐﻪ DODﺁﻣﺮﻳﮑﺎ ﺩﺳﺘﻮﺭ ﺩﺍﺩﻩ ﺍﺳﺖ ﮐﻪ ﺗﻤﺎﻣﯽ ﻭﺏ ﺳﺎﻳﺖ ﻫﺎﻳﻲ ﮐﻪ ﺩﺍﺭﺍﯼ ﭘﺴﻮﻧﺪ MILﻭ GOVﺩﺭ ﺁﺩﺭﺱ ﺧﻮﺩ
ﻫﺴﺘﻨﺪ ﻣﯽ ﺑﺎﻳﺴﺖ ﺣﺪﺍﮐﺜﺮ ﺗﺎ ﻳﮏ ﺳﺎﻝ ﺩﻳﮕﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ DNSSECﺭﺍ ﺁﻏﺎﺯ ﻧﻤﻮﺩﻩ ﺑﺎﺷﻨﺪ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺍﺻﻄﻼﺡ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ،ﻫﺮ ﺍﺯ ﭼﻨﺪ ﮔﺎﻫﯽ ﺑﻪ ﮔﻮﺵ ﻣﺎ ﻣﯽ ﺭﺳﺪ .ﺍﻳﻦ ﺭﻭﺵ ،ﺍﺯ ﺭﻭﺵ ﻫﺎﯼ ﻣﺨﺘﻠﻔﯽ ﺷﮑﻞ ﮔﺮﻓﺘﻪ ﺍﺳﺖ .ﺑﻄﻮﺭ
ﮐﻠﯽ ﻣﯽ ﺗﻮﺍﻥ ﮔﻔﺖ ﮐﻪ ﻫﺮ ﻧﻮﻉ ﺣﻤﻠﻪ ﺍﯼ ﮐﻪ ﺍﺯ ﺟﻠﺴﻪ ﻭ ﺍﺭﺗﺒﺎﻁ ﺟﺎﺭﯼ ﺑﻴﻦ ﺩﻭ ﮐﺎﻣﭙﻴﻮﺗﺮ )ﻗﺮﺑﺎﻧﯽ( ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﺪ ،ﻧﻮﻋﯽ
""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﻣﺤﺴﻮﺏ ﻣﯽ ﺷﻮﺩ .ﻣﻨﻈﻮﺭ ﺍﺯ ""ﺟﻠﺴﻪ"" ،ﺍﺭﺗﺒﺎﻃﯽ ﺍﺳﺖ ﮐﻪ ﺩﺭ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺭﺩ ﻭ ﺑﺪﻝ ﻣﯽ ﮔﺮﺩﺩ.
ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ،ﻳﮏ ﺟﻠﺴﻪ ،ﺍﺭﺗﺒﺎﻃﯽ ﺍﺳﺖ ﮐﻪ ﺟﻬﺖ ﺷﮑﻞ ﮔﻴﺮﯼ ﺁﻥ ،ﺩﻭ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﺷﺪﻩ ،ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﺷﺪﻩ ﻭ
ﻣﯽ ﺑﺎﻳﺴﺖ ﻣﺮﺍﺣﻞ ﻣﺸﺨﺼﯽ ﺑﺮﺍﯼ ﻗﻄﻊ ﺍﺭﺗﺒﺎﻁ ﺍﻧﺠﺎﻡ ﭘﺬﻳﺮﺩ .ﺍﮔﺮ ﺍﺯ ﻟﺤﺎﻅ ﺗﺌﻮﺭﯼ ﺑﻪ ﻭﺍﮊﺓ ""ﺟﻠﺴﻪ"" ﻧﮕﺎﻩ ﮐﻨﻴﻢ ،ﺍﻳﻦ ﻭﺍﮊﻩ ﮐﻤﯽ
ﻧﺎﻣﻔﻬﻮﻡ ﺑﻪ ﻧﻈﺮ ﻣﯽ ﺭﺳﺪ ،ﭘﺲ ﺷﺎﻳﺪ ﺑﻬﺘﺮ ﺑﺎﺷﺪ ﺍﻳﻦ ﻭﺍﮊﻩ ﺭﺍ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﻋﻤﻠﯽ ﻣﻮﺭﺩ ﺑﺮﺭﺳﯽ ﻗﺮﺍﺭ ﺩﻫﻴﻢ.
ﺩﺭ ﺍﻳﻦ ﻣﻘﺎﻟﻪ ،ﺑﻪ ﺑﺮﺭﺳﯽ ﺭﻭﺵ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﺗﻮﺳﻂ ﺩﺯﺩﯼ cookieﻫﺎ ﻣﯽ ﭘﺮﺩﺍﺯﻳﻢ .ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ ،ﺟﻠﺴﺎﺕ HTTPﻣﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﯽ ﮔﻴﺮﻧﺪ .ﻭﺏ ﺳﺎﻳﺖ ﻫﺎﻳﯽ ﮐﻪ ﺑﺮﺍﯼ ﻭﺭﻭﺩ ﺑﻪ ﺁﻧﻬﺎ ﺑﻪ usernameﻭ passwordﻧﻴﺎﺯ ﺍﺳﺖ ،ﻣﺜﺎﻝ ﻫﺎﯼ ﺧﻮﺑﯽ ﺍﺯ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺟﻠﺴﻪ ﺍﯼ ﻫﺴﺘﻨﺪ .ﺑﺮﺍﯼ ﺑﺮﻗﺮﺍﺭﯼ ﭼﻨﻴﻦ ﺟﻠﺴﻪ ﺍﯼ ،ﺍﺑﺘﺪﺍ ﻻﺯﻡ ﺍﺳﺖ ﺷﻤﺎ ﺗﻮﺳﻂ ﺁﻥ ﻭﺏ ﺳﺎﻳﺖ ﻣﻌﺘﺒﺮ ﺷﻨﺎﺧﺘﻪ ﺷﻮﻳﺪ
)ﺍﺯ ﻃﺮﻳﻖ usernameﻭ ،(passwordﺩﺭ ﻫﻨﮕﺎﻡ ﺑﺮﻗﺮﺍﺭﯼ ﺟﻠﺴﻪ ،ﺁﻥ ﻭﺏ ﺳﺎﻳﺖ ﺍﺯ ﻃﺮﻳﻖ cookieﻫﺎ ،ﺍﺗﺼﺎﻝ ﺩﺍﺋﻢ ﺷﻤﺎ ﺑﻪ ﻭﺏ
ﺳﺎﻳﺖ ﺭﺍ ﭼﮏ ﻣﯽ ﮐﻨﺪ ﺗﺎ ﻣﺠﻮﺯ ﺩﺳﺘﺮﺳﯽ ﺑﻪ ﻣﻨﺎﺑﻊ ﻣﻮﺟﻮﺩ ﺩﺭ ﺁﻥ ﺳﺎﻳﺖ ﺭﺍ ﺑﺮﺍﯼ ﺷﻤﺎ ﺻﺎﺩﺭ ﮐﻨﺪ .ﺩﺭﻫﻨﮕﺎﻡ ﭘﺎﻳﺎﻥ ﺟﻠﺴﻪ
)ﺧﺮﻭﺝ ﺍﺯ ﻭﺏ ﺳﺎﻳﺖ( username ،ﻭ passwordﺷﻤﺎ ﭘﺎﮎ ﺷﺪﻩ ﻭ ﺟﻠﺴﻪ ﺑﻪ ﭘﺎﻳﺎﻥ ﻣﯽ ﺭﺳﺪ .ﺍﻳﻦ ﺗﻨﻬﺎ ﻳﮏ ﻣﺜﺎﻝ ﺍﺯ ﺍﺭﺗﺒﺎﻃﺎﺕ
ﺟﻠﺴﻪ ﺍﯼ ﻣﯽ ﺑﺎﺷﺪ .ﺩﺭ ﻫﻨﮕﺎﻡ ﻓﻌﺎﻟﻴﺖ ﻣﺎ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ،ﺟﻠﺴﺎﺕ ﺑﺴﻴﺎﺭﯼ ﺷﮑﻞ ﻣﯽ ﮔﻴﺮﻧﺪ ﺑﺪﻭﻥ ﺍﻳﻨﮑﻪ ﻣﺎ ﺍﺯ ﺁﻧﻬﺎ ﺍﻃﻼﻋﯽ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ ﻭ ﺍﮐﺜﺮ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮ ﭘﺎﻳﺔ ﺷﮑﻞ ﮔﻴﺮﯼ ﺍﻳﻦ ﺟﻠﺴﺎﺕ ﺍﻧﺠﺎﻡ ﻣﯽ ﭘﺬﻳﺮﺩ.
- ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﺩﺭ ﺣﻤﻠﻪ ﺍﺯ ﻧﻮﻉ ""ﻓﺮﻳﺐ "" DNSﻣﺸﺎﻫﺪﻩ ﻧﻤﻮﺩﻳﺪ ،ﺍﻃﻼﻋﺎﺕ ﺭﺩ ﻭ ﺑﺪﻝ ﺷﺪﻩ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺍﻣﻨﻴﺖ ﮐﺎﻣﻞ ﻧﻤﯽ
ﺑﺎﺷﻨﺪ ،ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﮑﻞ ﮔﺮﻓﺘﻪ ﺩﺭ ﺟﻠﺴﺎﺕ ﻧﻴﺰ ﺍﺯ ﺍﻳﻦ ﻗﺎﻋﺪﻩ ﻣﺴﺘﺜﻨﯽ ﻧﻴﺴﺘﻨﺪ .ﻗﺎﻋﺪﺓ ﮐﻠﯽ ﺣﻤﻼﺕ ﺍﺯ ﻧﻮﻉ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﺍﻳﻦ
ﺍﺳﺖ ﮐﻪ ﺍﮔﺮ ﺷﻤﺎ ﺑﺘﻮﺍﻧﻴﺪ ﻗﺴﻤﺘﯽ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺭﺩﻭﺑﺪﻝ ﺷﺪﻩ ﺩﺭ ﻳﮏ ﺟﻠﺴﻪ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﮐﻨﻴﺪ ،ﺁﻧﮕﺎﻩ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﮐﻪ ﺗﻮﺳﻂ
ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ،ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﯼ ﻳﮑﯽ ﺍﺯ ﻃﺮﻓﻴﻦ ﺍﻳﻦ ﺟﻠﺴﻪ ﻣﻌﺮﻓﯽ ﮐﻨﻴﺪ ﻭ ﺩﺭ ﻧﺘﻴﺠﻪ ﺑﻪ ﺳﺎﻳﺮ ﺍﻃﻼﻋﺎﺕ ﺁﻥ ﺟﻠﺴﻪ ﻧﻴﺰ ﺩﺳﺘﺮﺳﯽ
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﭘﻴﺪﺍ ﮐﻨﻴﺪ .ﺩﺭ ﻣﻮﺭﺩ ﻣﺜﺎﻝ ﻗﺒﻠﯽ ،ﻣﯽ ﺗﻮﺍﻥ ﮔﻔﺖ ﮐﻪ ﺍﮔﺮ ﻣﺎ ﻗﺎﺩﺭ ﺑﻪ ﺩﺭﻳﺎﻓﺖ cookieﻫﺎﯼ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺍﻳﺠﺎﺩ ﺟﻠﺴﻪ ﺑﻴﻦ
ﻣﺮﻭﺭﮔﺮ ﻭ ﻭﺏ ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﮔﺮﺩﻳﻢ ،ﺁﻧﮕﺎﻩ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﻢ ﺑﻮﺩ ﺍﻳﻦ cookieﻫﺎ ﺭﺍ ﺑﻪ ﺳﺮﻭﺭ ﺍﺭﺍﺋﻪ ﺩﻫﻴﻢ ﻭ ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﯼ
ﺷﺨﺺ ﺩﻳﮕﺮﯼ ﺟﺎ ﺑﺰﻧﻴﻢ .ﺑﺎ ﺍﻳﻨﮑﻪ ﻣﻤﮑﻦ ﺍﺳﺖ ﻳﮏ ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﺑﺎﻭﺭ ﻧﮑﻨﺪ ﮐﻪ ﭼﻨﻴﻦ ﺭﻭﺵ ﺁﺳﺎﻧﯽ ﺑﺮﺍﯼ ﺣﻤﻠﻪ ﻭﺟﻮﺩ
ﺩﺍﺭﺩ ،ﺍﻣﺎ ﭼﻨﻴﻦ ﺣﻤﻠﻪ ﺍﯼ ﻭﺍﻗﻌﺎﹰ ﺑﻪ ﻫﻤﻴﻦ ﺁﺳﺎﻧﯽ ﺻﻮﺭﺕ ﻣﯽ ﮔﻴﺮﺩ.
ﺍﮐﻨﻮﻥ ﮐﻪ ﺍﺯ ﺗﺌﻮﺭﯼ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ ﺍﻃﻼﻉ ﭘﻴﺪﺍ ﻧﻤﻮﺩﻳﻢ ،ﺑﻪ ﺍﺭﺍﺋﺔ ﻣﺜﺎﻝ ﻫﺎﯼ ﻋﻤﻠﯽ ﻣﯽ ﭘﺮﺩﺍﺯﻳﻢ.
ﺩﺭ ﺍﻳﻦ ﻣﺜﺎﻝ ﻋﻤﻠﯽ ،ﺑﻪ ﺑﺮﺭﺳﯽ ﺣﻤﻠﺔ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﺍﺯ ﻃﺮﻳﻖ ﺭﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﯽ ﮐﻪ ﺩﺭ ﺣﺎﻝ ﺩﺳﺘﺮﺳﯽ ﺑﻪ ﺁﺩﺭﺱ
Gmailﺧﻮﺩ ﺍﺳﺖ ،ﻣﯽ ﭘﺮﺩﺍﺯﻳﻢ .ﻣﺎ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﻢ ﺑﻮﺩ ﮐﻪ ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﯼ ﺁﻥ ﺷﺨﺺ ﺟﺎ ﺑﺰﻧﻴﻢ ﻭ ﺍﺯ
ﮐﺎﻣﭙﻴﻮﺗﺮ ﺧﻮﺩﻣﺎﻥ ﺑﻪ ﺁﺩﺭﺱ Gmailﺍﻭ ﺩﺳﺘﺮﺳﯽ ﭘﻴﺪﺍ ﮐﻨﻴﻢ.
ﻣﺎ ﺍﺯ ﺩﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭ Hamsterﻭ Ferretﺟﻬﺖ ﺍﺟﺮﺍﯼ ﺍیﻦ ﺣﻤﻠﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ ..ﻫﺮ ﺩﻭﯼ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻫﺎ ﺍﺯ ﻧﻮﻉ
command-lineﻣﯽ ﺑﺎﺷﻨﺪ ﺗﺎ ﻓﻮﻟﺪﺭ Hamsterﺩﺭ ﺟﺎﻳﯽ ﺩﺭ ﮐﺎﻣﭙﻴﻮﺗﺮ ﮐﻪ ﺑﺮﺍﺣﺘﯽ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﯽ ﺑﺎﺷﺪ ﺫﺧﻴﺮﻩ ﺷﻮﺩ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﻫﻤﭽﻨﻴﻦ ،ﺷﻤﺎ ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺑﺮﺍﯼ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﺣﻤﻠﻪ ،ﺑﺮﻧﺎﻣﺔ Backtrack4ﺭﺍ ﺩﺍﻧﻠﻮﺩ ﻭ ﺍﺟﺮﺍ ﻧﻤﺎﻳﻴﺪ .ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ) ،(BT4ﺍﺯ
ﻣﺤﺼﻮﻻﺕ Linuxﺑﻮﺩﻩ ﻭ ﺻﺮﻓﺎﹰ ﺟﻬﺖ ﺗﺴﺖ ﻭ ﺁﺯﻣﺎﻳﺶ ﻫﮏ ﮐﺮﺩﻥ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎ ﺗﻮﻟﻴﺪ ﺷﺪﻩ ﺍﺳﺖ .ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﺣﺎﻭﯼ ﺑﺴﻴﺎﺭﯼ ﺍﺯ
ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﯼ ﺍﺯ ﭘﻴﺶ ﻧﺼﺐ ﺷﺪﻩ ﺑﺮ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺍﺯ ﻗﺒﻴﻞ Hamsterﻭ Ferretﻣﯽ ﺑﺎﺷﺪ .ﭘﺲ ﺍﺯ ﻧﺼﺐ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ،ﺷﻤﺎ ﻣﯽ
ﺗﻮﺍﻧﻴﺪ ﻓﺎﻳﻞ Hamsterﺭﺍ ﺩﺭ ﻓﻮﻟﺪﺭ /pentest/sniffers/hamsterﺑﻴﺎﺑﻴﺪ.
ﺍﻭﻟﻴﻦ ﻗﺪﻡ ﺩﺭ ﺍﺟﺮﺍﯼ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺍﺯ ﺣﻤﻼﺕ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ،ﺍﻳﻦ ﺍﺳﺖ ﮐﻪ ﻫﻨﮕﺎﻣﻴﮑﻪ ﺷﺨﺺ ﻗﺮﺑﺎﻧﯽ ﺗﺼﻤﻴﻢ ﺩﺍﺭﺩ ﻭﺍﺭﺩ
ﺳﺎﻳﺖ Facebookﺷﻮﺩ ،ﺍﻃﻼﻋﺎﺕ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺗﻮﺳﻂ ﺍﻭ ﺭﺍ ﺑﺮﺑﺎﻳﻴﻢ .ﺍﻣﮑﺎﻥ ﺩﺯﺩﯼ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺗﻮﺳﻂ ﻫﺮ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺗﺠﺴﺴﯽ
ﺍﺯ ﻗﺒﻴﻞ TCPDumpﻳﺎ Wiresharkﺍﻣﮑﺎﻥ ﭘﺬﻳ ﺮ ﺍﺳﺖ ،ﺍﻣﺎ ﺑﺮﺍﯼ ﺭﺑﻮﺩﻥ ﺩﺳﺘﻪ ﻫﺎﯼ ﺍﻃﻼﻋﺎﺗﯽ ﻣﻨﺎﺳﺐ ،ﻣﯽ ﺑﺎﻳﺴﺖ ﺍﺯ ﺭﻭﺵ
ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ARPﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻴﻢ .
ﺯﻣﺎﻧﻴﮑﻪ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﯽ ﮐﻪ ﻣﯽ ﺧﻮﺍﻫﺪ ﻭﺍﺭﺩ Gmailﺧﻮﺩ ﺑﺸﻮﺩ ﺭﺍ ﺭﺑﻮﺩﻳﺪ ،ﻣﯽ ﺑﺎﻳﺴﺖ ﺁﻥ ﻓﺎﻳﻞ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﺭ ﺩﺍﻳﺮﮐﺘﻮﺭﯼ
Hamsterﺫﺧﻴﺮﻩ ﻧﻤﺎﻳﻴﺪ .ﻣﺎ ﻓﺎﻳﻞ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺍﻳﻦ ﻣﺜﺎﻝ ﺭﺍ victim_gmail.pcapﻧﺎﻡ ﻣﯽ ﮔﺬﺍﺭﻳﻢ .ﻫﻨﮕﺎﻣﻴﮑﻪ ﺍﻳﻦ ﻓﺎﻳﻞ
ﺩﺭ ﻣﺤﻞ ﻣﺨﺼﻮﺹ ﺧﻮﺩ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭ Ferretﺟﻬﺖ ﭘﺮﺩﺍﺯﺵ ﺍﻳﻦ ﻓﺎﻳﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ .ﺍﻳﻦ ﮐﺎﺭ ﺗﻮﺳﻂ
ﻭﺍﺭﺩ ﺷﺪﻥ ﺑﻪ ﻓﺎﻳﻞ Hamsterﻭ ﺍﺟﺮﺍﯼ ﺩﺳﺘﻮﺭ ferret-r victim_gmail.pcapﺍﻧﺠﺎﻡ ﻣﯽ ﮔﻴﺮﺩ .ﺑﺮﻧﺎﻣﺔ ferretﻓﺎﻳﻞ ﻣﻮﺭﺩ
ﻧﻈﺮ ﺭﺍ ﭘﺮﺩﺍﺯﺵ ﻧﻤﻮﺩﻩ ﻭ ﻳﮏ ﻓﺎﻳﻞ hamster.txtﺗﻮﻟﻴﺪ ﻣﯽ ﮐﻨﺪ .ﻓﺎﻳﻞ ﺗﻮﻟﻴﺪ ﺷﺪﻩ ﻣﯽ ﺗﻮﺍﻧﺪ ﺗﻮﺳﻂ ﺑﺮﻧﺎﻣﺔ Hamsterﻫﻨﮕﺎﻡ
ﺍﺟﺮﺍﯼ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺯﻣﺎﻧﻴﮑﻪ ﺍﻃﻼﻋﺎﺕ HTTPﺭﺍ ﺭﺑﻮﺩﻩ ﻭ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻴﻢ ،ﻣﯽ ﺗﻮﺍﻧﻴﻢ ﺣﻤﻠﻪ ﺭﺍ ﺁﻏﺎﺯ ﮐﻨﻴﻢ .ﻧﺮﻡ ﺍﻓﺰﺍﺭ ،Hamsterﺧﻮﺩ ﻫﻤﺎﻧﻨﺪ ﻳﮏ
ﭘﺮﺍﮐﺴﯽ ﻋﻤﻞ ﻣﯽ ﮐﻨﺪ ﻭ ﺑﺎﻋﺚ ﺍﻳﺠﺎﺩ ﺗﺮﻣﻴﻨﺎﻟﯽ ﺟﻬﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ cookieﻫﺎ ﻣﯽ ﮔﺮﺩﺩ .ﺑﺮﺍﯼ ﺍﺟﺮﺍﯼ ﭘﺮﺍﮐﺴﯽ ،Hamsterﻣﯽ
ﺗﻮﺍﻧﻴﺪ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺭﺍ ﺑﺪﻭﻥ ﺍﻣﮑﺎﻧﺎﺕ ﻭ ﺁﭘﺸﻦ ﻫﺎﯼ command-lineﺍﺟﺮﺍ ﻧﻤﺎﻳﻴﺪ.
ﻭﻗﺘﯽ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺍﺟﺮﺍ ﮐﺮﺩﻳﺪ ،ﻻﺯﻡ ﺍﺳﺖ ﺗﻨﻈﻴﻤﺎﺕ ﭘﺮﺍﮐﺴﯽ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺭﺍ ﻣﻄﺎﺑﻖ ﺧﺮﻭﺟﯽ ﻫﺎﯼ ﺗﻮﻟﻴﺪﯼ ﺗﻮﺳﻂ ﺑﺮﻧﺎﻣﺔ
Hasterﺗﻐﻴﻴﺮ ﺩﻫیﺪ .ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ،ﺷﻤﺎ ﻣﯽ ﺑﺎﻳﺴﺖ ﺗﻨﻈﻴﻤﺎﺕ ﭘﺮﺍﮐﺴﯽ ﺧﻮﺩ ﺭﺍ ﻃﻮﺭﯼ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ ﮐﻪ ﻗﺎﺩﺭ ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ
ﻣﺴﻴﺮ ﺑﺮﮔﺸﺘﯽ ﺁﺩﺭﺱ 127.0.0.1ﺩﺭ ﭘﻮﺭﺕ 1234ﺑﺎﺷﻴﺪ .ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺑﺮﺍﯼ ﺗﻐﻴﻴﺮ ﺍﻳﻦ ﺗﻨﻈﻴﻤﺎﺕ ﺩﺭ ،Internet Explorerﻭﺍﺭﺩ
Toolsﺷﺪﻩ ،ﺳﭙﺲ ﻭﺍﺭﺩ Internet Optionsﺷﻮﻳﺪ ،ﺁﻧﮕﺎﻩ ﻭﺍﺭﺩ Connectionsﺷﻮﻳﺪ ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ﻭﺍﺭﺩ LAN Settingﺷﻮﻳﺪ
ﻭ ﻗﺴﻤﺖ Use a proxy serverﺭﺍ ﺩﺭ LAN boxﺧﻮﺩ ﺗﻴﮏ ﺑﺰﻧﻴﺪ.
ﭘﺲ ﺍﺯ ﺗﻐﻴﻴﺮ ﺗﻨﻈﻴﻤﺎﺕ ﭘﺮﺍﮐﺴﯽ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﺑﺎ ﺭﻓﺘﻦ ﺑﻪ ﺁﺩﺭﺱ ،http://hamsterﺑﻪ ﻣﻴﺰ ﻓﺮﻣﺎﻥ Hamsterﺩﺳﺘﺮﺳﯽ
ﭘﻴﺪﺍ ﮐﻨﻴﺪ .ﻧﺮﻡ ﺍﻓﺰﺍﺭ ،Hamsterﺍﺯ ﻓﺎﻳﻞ ﺗﻮﻟﻴﺪ ﺷﺪﻩ ﺗﻮﺳﻂ ﺑﺮﻧﺎﻣﺔ Ferretﺟﻬﺖ ﺍﻳﺠﺎﺩ ﻟﻴﺴﺘﯽ ﺍﺯ ﺁﺩﺭﺱ ﻫﺎﯼ IPﻣﺮﺑﻮﻁ ﺑﻪ
ﺟﻠﺴﺔ ﺩﺯﺩﻳﺪﻩ ﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﺪ ،ﺳﭙﺲ ﺍﻳﻦ ﺁﺩﺭﺱ ﻫﺎﯼ IPﺭﺍ ﺩﺭ ﻗﺴﻤﺖ ﺳﻤﺖ ﺭﺍﺳﺖ ﻣﺮﻭﺭﮔﺮ ﻧﺸﺎﻥ ﻣﯽ ﺩﻫﺪ .ﻓﺎﻳﻠﯽ
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﮐﻪ ﻣﺎ ﺳﺎﺧﺘﻪ ﺍﻳﻢ ﺗﻨﻬﺎ ﺷﺎﻣﻞ ﻳﮏ ﺁﺩﺭﺱ IPﺍﺯ ﻗﺮﺑﺎﻧﯽ ﻣﯽ ﺑﺎﺷﺪ ،ﺑﻨﺎﺑﺮﺍﻳﻦ ،ﺑﺎ ﮐﻠﻴﮏ ﺑﺮ ﺭﻭﯼ ﺁﻥ ،ﺟﻠﺴﻪ ﻫﺎﯼ ﻗﺎﺑﻞ ﺩﺯﺩﯼ ﺩﺭ
ﻗﺴﻤﺖ ﺳﻤﺖ ﭼﭗ ﻣﺮﻭﺭﮔﺮ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭ ﻣﯽ ﺁﻳﻨﺪ.
ﺩﺭ ﻗﺴﻤﺖ ﺳﻤﺖ ﭼﭗ ﻣﺮﻭﺭﮔﺮ ،ﻣﺸﺎﻫﺪﻩ ﻣﯽ ﺷﻮﺩ ﮐﻪ ﺁﺩﺭﺱ facebook.comﻧﻴﺰ ﺩﺭ ﻟﻴﺴﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺑﺎ ﮐﻠﻴﮏ ﺑﺮ ﺭﻭﯼ
ﺁﻥ ،ﻭﺍﺭﺩ ﺻﻔﺤﺔ ﺟﺪﻳﺪﯼ ﻣﯽ ﺷﻮﻳﺪ ﮐﻪ ﺷﻤﺎ ﺭﺍ ﺑﻪ ﺻﻔﺤﺎﺕ facebookﻗﺮﺑﺎﻧﻴﺎﻥ ﻫﺪﺍﻳﺖ ﻣﯽ ﮐﻨﺪ.
ﺍﺯ ﺁﻧﺠﺎﻳﻴ ﮑﻪ ﺭﻭﺵ ﻫﺎﯼ ﻣﺨﺘﻠﻔﯽ ﺑﺮﺍﯼ ﺍﻧﺠﺎﻡ ﺣﻤﻼﺗﯽ ﺍﺯ ﻧﻮﻉ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﺑﻨﺎﺑﺮﺍﻳﻦ ﺭﻭﺵ ﻫﺎﯼ ﻣﺨﺘﻠﻔﯽ ﻧﻴﺰ
ﺟﻬﺖ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﺣﻤﻼﺕ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﺷﻨﺎﺳﺎﻳﯽ ﻭ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺣﻤﻼﺗﯽ ﺍﺯ ﻧﻮﻉ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﺩﺷﻮﺍﺭ ﺗﺮ ﺍﺯ ﺷﻨﺎﺳﺎﻳﯽ
ﻭ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺳﺎﻳﺮ ﺣﻤﻼﺗﯽ ﮐﻪ ﺗﺎﮐﻨﻮﻥ ﺑﺮﺭﺳﯽ ﻧﻤﻮﺩﻩ ﺍﻳﻢ ﻣﯽ ﺑﺎﺷﺪ .ﻋﻠﺖ ﺍﻳﻦ ﺍﻣﺮ ﺁﻥ ﺍﺳﺖ ﮐﻪ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻼﺕ ،ﺍﺯ ﺑﻴﺸﺘﺮﻳﻦ
ﺧﺎﺻﻴﺖ ﻭﺍﮐﻨﺸﯽ ﺩﺭ ﺑﺮﺍﺑﺮ ﺷﻨﺎﺳﺎﻳﯽ ﻭ ﻣﻘﺎﺑﻠﻪ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ .ﺍﮔﺮ ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ،ﻋﻤﻞ ﺷﮏ ﺑﺮﺍﻧﮕﻴﺰﯼ ﺭﺍ ﺩﺭ ﻫﻨﮕﺎﻡ ﺣﻤﻠﻪ
ﺍﻧﺠﺎﻡ ﻧﺪﻫﺪ ،ﺷﻤﺎ ﻫﻴﭽﮕﺎﻩ ﺍﺯ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﺣﻤﻠﻪ ﺍﻃﻼﻉ ﭘﻴﺪﺍ ﻧﺨﻮﺍﻫﻴﺪ ﮐﺮﺩ .ﺩﺭ ﺯﻳﺮ ،ﺭﺍﻩ ﻫﺎﻳﯽ ﺟﻬﺖ ﻣﻘﺎﺑﻠﺔ ﺑﻬﺘﺮ ﺑﺎ ﺍﻳﻦ ﺣﻤﻼﺕ
ﺫﮐﺮ ﺷﺪﻩ ﺍﺳﺖ:
ﻋﻤﻠﻴﺎﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ ﺭﺍ ﺩﺭ ﻣﻨﺰﻝ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ :ﺍﺣﺘﻤﺎﻝ ﺍﻳﻨﮑﻪ ﺷﺨﺼﯽ ﺩﺭ ﺷﺒﮑﺔ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺑﻪ ﺗﺠﺴﺲ ﺩﺭ ﺍﻃﻼﻋﺎﺕ
ﻣﺒﺎﺩﻟﻪ ﺷﺪﺓ ﺷﻤﺎ ﺑﭙﺮﺩﺍﺯﺩ ﮐﻤﺘﺮ ﺍﺯ ﺁﻥ ﺍﺳﺖ ﮐﻪ ﮐﺴﯽ ﺩﺭ ﻣﺤﻞ ﮐﺎﺭ ﺷﻤﺎ ﺑﻪ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻋﻤﻞ ﻣﺒﺎﺩﺭﺕ ﮐﻨﺪ .ﻋﻠﺖ ﺍﻳﻦ ﺍﻣﺮ ﺁﻥ
ﻧﻴﺴﺖ ﮐﻪ ﮐﺎﻣﭙﻴ ﻮﺗﺮ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺍﻣﻦ ﺗﺮ ﺍﺳﺖ ﺯﻳﺮﺍ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺍﺯ ﺍﻣﻨﻴﺖ ﮐﻤﺘﺮﯼ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ،ﺑﻠﮑﻪ ﻋﻠﺖ ﺁﻧﺴﺖ
ﮐﻪ ﺍﮔﺮ ﺷﻤﺎ ﻳﮏ ﻳﺎ ﺩﻭ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺩﺭ ﻣﻨﺰﻝ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ،ﺗﻨﻬﺎ ﺧﻄﺮﯼ ﮐﻪ ﺷﻤﺎ ﺭﺍ ﺗﻬﺪﻳﺪ ﻣﯽ ﮐﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﮐﻪ ﭘﺴﺮ ۱۴ﺳﺎﻟﺔ
ﺷﻤﺎ ﮐﻠﻴﭗ ﻫﺎﯼ ﺁﻣﻮﺯﺵ ﻫﮏ ﮐﺮﺩﻥ ﺭﺍ ﺩﺭ YouTubeﺩﻳﺪﻩ ﺑﺎﺷﺪ .ﻭﻟﯽ ﺩﺭ ﺷﺒﮑﺔ ﮐﺎﺭﯼ ،ﺷﻤﺎ ﺍﺯ ﺍﺗﻔﺎﻗﺎﺕ ﺭﺥ ﺩﺍﺩ ﺩﺭ ﺍﺗﺎﻕ ﻫﺎﯼ
ﺩﻳﮕﺮ ﺷﺮﮐﺖ ﻳﺎ ﺩﺭ ﺷﻌﺒﻪ ﻫﺎﯼ ﺩﻳﮕﺮ ﺷﺮﮐﺖ ﺩﺭ ۲۰۰ﻣﺎﻳﻠﯽ ﺧﻮﺩ ﺧﺒﺮ ﻧﺪﺍﺭﻳﺪ ،ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﺍﻳﻨﮑﻪ ﺣﻤﻠﻪ ﺍﯼ ﺑﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ
ﺷﻤﺎ ﺻﻮﺭﺕ ﮔﻴﺮﺩ ،ﭼﻨﺪ ﺑﺮﺍﺑﺮ ﻣﯽ ﺷﻮﺩ .ﻳﮑﯽ ﺍﺯ ﺍﺻﻠﯽ ﺗﺮﻳﻦ ﺍﻫﺪﺍﻑ ﺣﻤﻼﺗﯽ ﺍﺯ ﻧﻮﻉ ""ﻓﺮﻳﺐ ﺟﻠﺴﻪ"" ،ﻋﻤﻠﻴﺎﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ ﻣﯽ
ﺑﺎﺷﺪ .ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ،ﺭﺍﻩ ﻫﺎﯼ ﻣﻘﺎﺑﻠﺔ ﺫﮐﺮ ﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻣﻘﺎﻟﻪ ،ﺩﺭ ﻣﻮﺭﺩ ﺗﻤﺎﻣﯽ ﺍﻫﺪﺍﻑ ﺍﻳﻦ ﺣﻤﻼﺕ ﮐﺎﺭﺑﺮﺩ ﺩﺍﺭﺩ.
ﻫﺸﻴﺎﺭ ﺑﺎﺷﻴﺪ :ﺣﻤﻠﻪ ﮐﻨﻨﺪﮔﺎﻥ ﺑﺎﻫﻮﺵ ،ﺍﺛﺮﯼ ﺍﺯ ﺧﻮﺩ ﺩﺭ ﺣﺴﺎﺏ ﻫﺎﯼ ﺑﺎﻧﮑﯽ ﺷﻤﺎ ﺑﺎﻗﯽ ﻧﻤﯽ ﮔﺬﺍﺭﻧﺪ ،ﺑﺎ ﺍﻳ ﻦ ﻭﺟﻮﺩ ،ﺣﺘﯽ ﻫﮑﺮ
ﻫﺎﯼ ﺣﺮﻓﻪ ﺍﯼ ﻧﻴ ﺰ ﮔﺎﻫﯽ ﺩﭼﺎﺭ ﺍﺷﺘﺒﺎﻩ ﻣﯽ ﺷﻮﻧﺪ .ﺍﮔﺮ ﻫﻨﮕﺎﻡ ﮐﺎﺭ ﺩﺭ ﺳﺎﻳﺖ ﻫﺎﻳﯽ ﮐﻪ ﺑﺮ ﻣﺒﻨﺎﯼ ﺗﺸﮑﻴﻞ ﺟﻠﺴﺎﺕ ﻋﻤﻞ
ﻣﯽ ﮐﻨﻨﺪ ﺁﮔﺎﻩ ﻭ ﻫﺸﻴﺎﺭ ﺑﺎﺷﻴﺪ ،ﻣﻤﮑﻦ ﺍﺳﺖ ﺍﺯ ﻭﺟﻮﺩ ﻫﮑﺮﻫﺎ ﻣﻄﻠﻊ ﺷﻮﻳﺪ .ﺑﻪ ﻣﻮﺍﺭﺩﯼ ﮐﻪ ﻋﺠﻴﺐ ﺑﻪ ﻧﻈﺮ ﻣﯽ ﺭﺳﻨﺪ ﺩﻗﺖ
ﮐﻨﻴﺪ ،ﻫﻤﭽﻨﻴﻦ ،ﺑﻪ ﺳﺎﻋﺖ ﺁﺧﺮﻳﻦ ﻭﺭﻭﺩ ﺧﻮﺩ ﺑﻪ ﻭﺏ ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﺗﻮﺟﻪ ﮐﻨﻴﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻣﻮﺿﻮﻉ ﻏﻴﺮ ﻋﺎﺩﯼ ﻭﺟﻮﺩ
ﻧﺪﺍﺭﺩ.
ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﺔ ﺧﻮﺩ ﺭﺍ ﺍﻳﻤﻦ ﺳﺎﺯﻳﺪ :ﻣﺠﺪﺩﺍﹰ ﺗﮑﺮﺍﺭ ﻣﯽ ﮐﻨﻢ ﮐﻪ ﺩﺭ ﺍﻏﻠﺐ ﻣﻮﺍﺭﺩ ،ﭼﻨﻴﻦ ﺣﻤﻼﺗﯽ ﺍﺯ ﺩﺍﺧﻞ
ﺷﺒﮑﻪ ﺻﻮﺭﺕ ﻣﯽ ﮔﻴﺮﺩ .ﺍﮔﺮ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﺷﺒﮑﻪ ﺷﻤﺎ ﺍﻳ ﻤﻦ ﺑﺎﺷﻨﺪ ،ﺁﻧﮕﺎﻩ ﺍﺣﺘﻤﺎﻝ ﮐﻤﺘﺮﯼ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺗﺎ ﺍﺯ ﺍﻳﻦ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎ
ﺟﻬﺖ ﺍﻧﺠﺎﻡ ﺣﻤﻠﻪ ﺑﻪ ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺭﺑﻮﺩﻥ :SSL
ﺍﻳﻦ ﺭﻭﺵ ،ﻳﮑﯽ ﺍﺯ ﻗﻮﯼ ﺗﺮﻳﻦ ﺣﻤﻼﺕ ﺷﺨﺺ ﻣﻴﺎﻧﯽ ﻣﺤﺴﻮﺏ ﻣﯽ ﺷﻮﺩ ﺯﻳﺮﺍ ﺗﻮﺳﻂ ﺍﻳﻦ ﺭﻭﺵ ،ﺍﻣﮑﺎﻥ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ
ﺳﺮﻭﻳﺲ ﻫﺎ ﻭ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﯽ ﮐﻪ ﺑﻪ ﮔﻤﺎﻥ ﻣﺮﺩﻡ ﺍﻣﻦ ﻫﺴﺘﻨﺪ ،ﻓﺮﺍﻫﻢ ﻣﯽ ﮔﺮﺩﺩ .ﺍﻳﻦ ﻣﻘﺎﻟﻪ ﺭﺍ ﺑﺎ ﺑﺮﺭﺳﯽ ﺗﺌﻮﺭﯼ ﻫﺎﯼ ﻣﺮﺑﻮﻁ
ﺑﻪ ﺍﺭﺗﺒﺎﻃﺎﺕ SSLﺁﻏﺎﺯ ﻣﯽ ﮐﻨﻢ .ﻫﻤﭽﻨﻴﻦ ،ﺷﺮﺡ ﺧﻮﺍﻫﻢ ﺩﺍﺩ ﮐﻪ ﭼﻪ ﻋﻠﻠﯽ ﺍﻳﺠﺎﺩ ﮐﻨﻨﺪﺓ ﺍﻣﻨﻴﺖ ﺩﺭ ﺍﻳﻦ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﯽ ﺑﺎﺷﻨﺪ ﻭ
ﭘﺲ ﺍﺯ ﺁﻥ ،ﻧﺸﺎﻥ ﺧﻮﺍﻫﻢ ﺩﺍﺩ ﮐﻪ ﭼﮕﻮﻧﻪ ﻣﯽ ﺗﻮﺍﻥ ﺍﺯ ﺍﻳﻦ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺩﺭ ﺟﻬﺖ ﺭﺳﻴﺪﻥ ﺑﻪ ﺍﻫﺪﺍﻑ ﺷﻮﻡ ﺧﻮﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻴﻢ.
ﻣﻄﺎﺑﻖ ﻫﻤﻴﺸﻪ ،ﺑﺨﺶ ﭘﺎﻳﺎﻧﯽ ﺍﻳﻦ ﻣﻘﺎﻟﻪ ﺑﻪ ﺭﻭﺵ ﻫﺎﯼ ﺷﻨﺎﺳﺎﻳﯽ ﻭ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺍﺧﺘﺼﺎﺹ ﻳﺎﻓﺘﻪ ﺍﺳﺖ.
SSLﻭ :HTTPS
ﺩﺭ ﻣﻔﻬﻮﻡ ﻣﺪﺭﻥ ،ﭘﺮﻭﺗﮑﻞ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺭﻣﺰ ﮔﺬﺍﺭﯼ ﺷﺪﻩ ) (SSLﻳﺎ ﭘﺮﻭﺗﮑﻞ ﺍﻣﻦ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩﻩ ) ،(TLSﭘﺮﻭﺗﮑﻞ ﻫﺎﻳﯽ ﺍﺳﺖ ﮐﻪ
ﺟﻬﺖ ﺍﻳﺠﺎﺩ ﺍﻣﻨﻴﺖ ﺩﺭﺷﺒﮑﻪ ﻃﺮﺍﺣﯽ ﺷﺪﻩ ﺍﻧﺪ ﻭ ﺗﻮﺳﻂ ﺭﻣﺰﮔﺬﺍﺭﯼ ﻋﻤﻞ ﻣﯽ ﮐﻨﻨﺪ .ﺩﺭ ﺍﻏﻠﺐ ﻣﻮﺍﺭﺩ،ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺑﻄﻮﺭ ﻣﺸﺘﺮﮎ
ﺑﺎ ﭘﺮﻭﺗﮑﻞ ﻫﺎﯼ ﺩﻳﮕﺮ )ﺍﺯﻗﺒﻴﻞ IMAPS ،SMTPﻭ (HTTPSﻋﻤﻞ ﻣﯽ ﮐﻨﺪ ﺗﺎ ﻗﺎﺩﺭ ﺑﺎﺷﺪ ﺍﻣﻨﻴﺖ ﺭﺍ ﺩﺭ ﺳﺮﻭﻳﺴﯽ ﮐﻪ ﺍﺭﺍﺋﻪ ﻣﻴﺪﻫﺪ
ﺗﺄﻣﻴﻦ ﻧﻤﺎﻳﺪ .ﻫﺪﻑ ﻧﻬﺎﻳﯽ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ،ﺍﻳﺠﺎﺩ ﮐﺎﻧﺎﻟﻬﺎﯼ ﺍﻣﻦ ﺩﺭ ﺷﺒﮑﻪ ﻫﺎﯼ ﻧﺎ ﺍﻣﻦ ﻣﯽ ﺑﺎﺷﺪ.
ﺑﺎ ﺍﻳﻨﮑﻪ ﺷﻤﺎ ﻫﺮ ﺭﻭﺯ ﺍﺯ HTTPSﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﺪ ،ﺍﻣﺎ ﺷﺎﻳﺪ ﺍﺯ ﻭﺟﻮﺩ ﭼﻨﻴﻦ ﺣﻤﻼﺗﯽ ﻣﻄﻠﻊ ﻧﮕﺮﺩﻳﺪ .ﺍﮐﺜﺮ ﺳﺮﻭﻳﺲ ﻫﺎﯼ
ﺍﻳﻤﻴﻞ ﻭ ﺑﺮﻧﺎﻣﻪ ﻫﺎﯼ ﺁﻧﻼﻳﻦ ﺑﺎﻧﮑﯽ ﺍﺯ HTTPSﺟﻬﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺭﻣﺰﺩﺍﺭ ﺑﻮﺩﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻴﻦ ﻣﺮﻭﺭﮔﺮ ﺷﻤﺎ ﻭ ﺧﺪﻣﺎﺗﯽ ﮐﻪ ﺍﻳﻦ
ﺳﺮﻭﻳﺲ ﻫﺎ ﺍﺭﺍﺋﻪ ﻣﯽ ﺩﻫﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻨﺪ .ﺍﮔﺮ HTTPSﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻨﺪ ،ﻫﺮﮐﺎﺭﺑﺮﯼ ﺩﺭ ﺷﺒﮑﻪ ﻣﯽ ﺗﻮﺍﻧﺴﺖ ﺑﻮﺳﻴﻠﺔ ﻳﮏ
ﺑﺮﻧﺎﻣﺔ ﺗﺠﺴﺲ username ،ﻭ passwordﻭ ﺍﻃﻼﻋﺎﺕ ﻣﺨﻔﯽ ﺩﻳﮕﺮ ﺷﻤﺎ ﺭﺍ ﺑﺮﺑﺎﻳﺪ.
ﭘﺮﻭﺳﺔ ﺍﻣﻨﻴﺘﯽ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺗﻮﺳﻂ ، HTTPSﺑﺮ ﺍﺳﺎﺱ ﺗﻮﺯﻳﻊ ﻣﺠﻮﺯﻫﺎﻳﯽ ﺑﻴﻦ ﺳﺮﻭﺭ ،ﮐﺎﺭﺑﺮ ﻭ ﻳﮏ ﺷﺨﺺ ﺛﺎﻟﺚ ﻣﻮﺭﺩ
ﺍﻃﻤﻴﻨﺎﻥ ﻋﻤﻞ ﻣﯽ ﮐﻨﺪ .ﺑﻪ ﻋﻨﻮﺍﻥ ﻣﺜﺎﻝ ،ﺍﮔﺮ ﮐﺎﺭﺑﺮﯼ ﻗﺼﺪ ﻭﺭﻭﺩ ﺑﻪ Gmailﺧﻮﺩ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﻣﯽ ﺑﺎﻳﺴﺖ ﻣﺮﺍﺣﻞ ﻣﺸﺨﺼﯽ
ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﺪ .ﺍﻳﻦ ﻣﺮﺍﺣﻞ ﺑﻄﻮﺭ ﺧﻼﺻﻪ ﺩﺭ ﺷﻜﻞ ۲۵ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺩﺭ ﭘﺮﻭﺳﺔ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺩﺭ ﺗﺼﻮﻳﺮ ﺑﺎﻻ ،ﺟﺰﺋﻴﺎﺕ ﻋﻤﻠﮑﺮﺩ ﺍﻳﻦ ﭘﺮﻭﺳﻪ ﺫﮐﺮ ﻧﺸﺪﻩ ﺍﺳﺖ .ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ،ﺍﻳﻦ ﭘﺮﻭﺳﻪ ﺷﺎﻣﻞ
ﻣﺮﺍﺣﻞ ﮐﻠﯽ ﺯﻳﺮ ﻣﯽ ﮔﺮﺩﺩ:
.۲ﺳﺮﻭﺭ ﺷﺒﮑﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ،HTTP code 302ﺑﺎﻋﺚ ﻫﺪﺍﻳﺖ ﻭ ﺍﻧﺘﻘﺎﻝ HTTPﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺗﻮﺳﻂ ﮐﺎﺭﺑﺮ ﺑﻪ HTTPS
ﻣﻲ ﮔﺮﺩﺩ.
.۴ﺳﺮﻭﺭ ﻣﺠﻮﺯﯼ ﺑﻪ ﮐﺎﺭﺑﺮ ﺍﺭﺍﺋﻪ ﻣﯽ ﮐﻨﺪ ﮐﻪ ﺣﺎﻭﯼ ﺍﻣﻀﺎﯼ ﺩﻳﺠﻴﺘﺎﻟﯽ ﮐﺎﺭﺑﺮ ﻣﯽ ﺑﺎﺷﺪ .ﮐﺎﺭﺑﺮﺩ ﺍﻳﻦ ﻣﺠﻮﺯ ،ﺍﺛﺒﺎﺕ ﺷﻨﺎﺳﺔ
.۵ﮐﺎﺭﺑﺮ ﺍﻳﻦ ﻣﺠﻮﺯ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻧﻤﻮﺩﻩ ﻭ ﺑﺎ ﺩﻳﮕﺮ ﻣﺠﻮﺯ ﻫﺎﯼ ﺻﺎﺩﺭ ﺷﺪﻩ ﻣﻘﺎﻳﺴﻪ ﻣﯽ ﮐﻨﺪ.
ﺍﮔﺮ ﻣﺮﺍﺣﻞ ﺑﺮﺭﺳﯽ ﺍﻋﺘﺒﺎﺭ ﺍﻳﻦ ﻣﺠﻮﺯ ﺑﺎ ﺷﮑﺴﺖ ﺭﻭﺑﺮﻭ ﺷﻮﺩ ،ﻣﯽ ﺗﻮﺍﻥ ﮔﻔﺖ ﮐﻪ ﻭﺏ ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﻗﺎﺩﺭ ﺑﻪ ﺍﺛﺒﺎﺕ ﺷﻨﺎﺳﺔ
- ﺧﻮﺩ ﻧﺒﻮﺩﻩ ﺍﺳﺖ .ﺩﺭ ﺍﻳﻦ ﺣﺎﻟﺖ ،ﭘﻴﻐﺎﻡ ﻋﺪﻡ ﺍﺛﺒﺎﺕ ﻣﺠﻮﺯ ﺑﺮﺍﯼ ﮐﺎﺭﺑﺮ ﺻﺎﺩﺭ ﻣﯽ ﺷﻮﺩ .ﮐﺎﺭﺑﺮ ﭘﺲ ﺍﺯ ﺩﺭﻳﺎﻓﺖ ﺍﻳﻦ ﭘﻴﻐﺎﻡ ،ﻣﯽ
ﺗﻮﺍﻧﺪ ﺑﺎ ﻣﺴﺌﻮﻟﻴﺖ ﺧﻮﺩ ﻓﻌﺎﻟﻴﺘﺶ ﺭﺍ ﺍﺩﺍﻣﻪ ﺩﻫﺪ ،ﺯﻳﺮﺍ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﮐﻪ ﮐﺎﺭﺑﺮ ﺩﺭ ﺣﺎﻝ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺳﺎﻳﺖ ﻣﻮﺭﺩ
ﻧﻈﺮ ﻧﺒﺎﺷﺪ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﺷﻜﺴﺖ :HTTPS
ﺍﻳﻦ ﻓﺮﺍیﻨﺪ ﺗﺎ ﭼﻨﺪ ﺳﺎﻝ ﭘﻴﺶ ﺑﺴﻴﺎﺭﺍﻣﻦ ﻭ ﻣﻄﻤﺌﻦ ﺷﻨﺎﺧﺘﻪ ﻣﯽ ﺷﺪ ﺗﺎ ﺍﻳﻨﮑﻪ ﺣﻤﻠﻪ ﺍﯼ ﺍﻧﺠﺎﻡ ﮔﺮﺩﻳﺪ ﮐﻪ ﺍﻣﮑﺎﻥ ﺭﺑﻮﺩﻥ ﻓﺮﺍﻳﻨﺪ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍ ﻓﺮﺍﻫﻢ ﻧﻤﻮﺩ .ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﺷﺎﻣﻞ ﺷﮑﺴﺘﻦ SSLﻧﻤﯽ ﮔﺮﺩﺩ ﺑﻠﮑﻪ ﺑﺎﻋﺚ ﺷﮑﺴﺘﻦ ﭘﻞ ﺍﺭﺗﺒﺎﻃﯽ ﻣﻴﺎﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ
ﺭﻣﺰﺩﺍﺭ ﻭ ﻏﻴﺮ ﺭﻣﺰﯼ ﻣﯽ ﺷﻮﺩ.
ﺁﻗﺎﯼ ،Moxie Marlinspikeﮐﻪ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﺍﻣﻨﻴﺘﯽ ﺷﻬﺮﺕ ﺩﺍﺭﺩ ،ﺍﻳﻦ ﻓﺮﺿﻴﻪ ﺭﺍ ﺑﻴﺎﻥ ﮐﺮﺩﻩ ﺍﺳﺖ ﮐﻪ ﻳﮏ
ﺍﺭﺗﺒﺎﻁ ،SSLﻫﻴﭽﮕﺎﻩ ﺑﺼﻮﺭﺕ ﻣﺴﺘﻘﻴﻢ ﺑﺮﻗﺮﺍﺭ ﻧﻤﯽ ﺷﻮﺩ .ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ،ﺩﺭ ﺍﻏﺐ ﻣﻮﺍﺭﺩ ،ﻳﮏ ﺍﺭﺗﺒﺎﻁ ،SSLﺍﺯ ﻃﺮﻳﻖ HTTP
ﺑﺮﻗﺮﺍﺭ ﻣﯽ ﺷﻮﺩ .ﻋﻠﺖ ﺍﻳﻦ ﺍﻣﺮ ﺁﻥ ﺍﺳﺖ ﮐﻪ ﮐﺎﺭﺑﺮﺍﻥ ﺑﻮﺳﻴﻠﺔ HTTP code 302ﺑﻪ HTTPSﻫﺪﺍﻳﺖ ﻭ ﻣﻨﺘﻘﻞ ﻣﯽ ﺷﻮﻧﺪ ﻳﺎ ﺍﻳﻨﮑﻪ
ﮐﺎﺭﺑﺮﺍﻥ ﺑﺮ ﺭﻭﯼ ﻟﻴﻨﮑﯽ )ﻣﺎﻧﻨﺪ (loginﮐﻠﻴﮏ ﮐﺮﺩﻩ ﺍﻧﺪ ﮐﻪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﺳﺎﻳﺖ ﻫﺎﯼ HTTPﻣﻨﺘﻘﻞ ﻣﯽ ﻧﻤﺎﻳﺪ .ﺍﻳﻦ ﺍﻳﺪﻩ ﺑﺮ ﺍﻳﻦ
ﺍﺳﺎﺱ ﺷﮑﻞ ﮔﺮﻓﺘﻪ ﺍﺳﺖ ﮐﻪ ﺍﮔﺮ ﺷﻤﺎ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺣﺎﻝ ﺍﻧﺘﻘﺎﻝ ﺍﺯ ﻳﮏ ﺍﺭﺗﺒﺎﻁ ﻧﺎ ﺍﻣﻦ ﺑﻪ ﺍﺭﺗﺒﺎﻃﯽ ﺍﻣﻦ ﺣﻤﻠﻪ ﮐﻨﻴﺪ )ﺩﺭ ﺍﻳﻦ
ﻣﺜﺎﻝ ﺍﺯ HTTPﺑﻪ ،(HTTPSﺩﺭ ﺣﻘﻴﻘﺖ ﺷﻤﺎ ﺩﺭ ﺑﻪ ﭘﻞ ﺍﺭﺗﺒﺎﻃﯽ ﺣﻤﻠﻪ ﻧﻤﻮﺩﻩ ﺍﻳﺪ ﻭ ﻗﺎﺩﺭ ﺧﻮﺍﻫیﺪ ﺑﻮﺩ ﻳﮏ ﺣﻤﻠﺔ ﺷﺨﺺ
ﻣﻴﺎﻧﯽ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﺍﺭﺗﺒﺎﻁ SSLﺍﻋﻤﺎﻝ ﮐﻨﻴﺪ ،ﺣﺘﯽ ﺷﻤﺎ ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺍﻳﻦ ﺣﻤﻠﻪ ﺭﺍ ﻗﺒﻞ ﺍﺯ ﺷﮑﻞ ﮔﻴﺮﯼ ﺍﻳﻦ ﺍﺭﺗﺒﺎﻁ SSLﻧﻴﺰ ﺍﺟﺮﺍ
ﮐﻨﻴﺪ .ﺁﻗﺎﯼ Moxie Marlinspikeﺟﻬﺖ ﺍﻣﮑﺎﻥ ﺍﺟﺮﺍﯼ ﻣﺆﺛﺮ ﺍﻳﻦ ﺭﻭﺵ ،ﺍﻗﺪﺍﻡ ﺑﻪ ﺗﻮﻟﻴﺪ ﻧﺮﻡ ﺍﻓﺰﺍﺭ SSLstripﻧﻤﻮﺩﻩ ﺍﺳﺖ .ﺩﺭ
ﺍﻳﻦ ﺑﺨﺶ ﻣﺎ ﺍﺯ ﻭﺟﻮﺩ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺑﻬﺮﻩ ﻣﻲ ﺑﺮﻳﻢ.
ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﺑﺴﻴﺎﺭ ﺁﺳﺎﻥ ﺑﻮﺩﻩ ﻭ ﻳﺎﺩﺁﻭﺭ ﺑﺮﺧﯽ ﺍﺯ ﺣﻤﻼﺕ ﺑﺮﺭﺳﯽ ﺷﺪﻩ ﺩﺭ ﻗﺴﻤﺖ ﻫﺎﯼ ﻗﺒﻠﯽ ﺍﻳﻦ ﻣﻘﺎﻟﻪ ﻣﯽ ﺑﺎﺷﺪ .ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﺩﺭ
ﺷﻜﻞ ۲۶ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ.
ﻓﺮﺍﻳﻨﺪ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺩﺭ ﺷﻜﻞ ﺑﺎﻻ ،ﺑﻪ ﺗﺮﺗﻴﺐ ﺯﻳﺮ ﻋﻤﻞ ﻣﯽ ﮐﻨﺪ:
.۳ﮐﺎﻣﭙﻴﻮﺗﺮ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ،ﻣﺠﻮﺯ ﻫﺎﻳﯽ ﺭﺍ ﺑﻪ ﺳﺮﻭﺭ ﺷﺒﮑﻪ ﺍﺭﺍﺋﻪ ﻣﯽ ﮐﻨﺪ ﻭ ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﯼ ﮐﺎﺭﺑﺮ ﻣﻌﺮﻓﯽ ﻣﯽ ﮐﻨﺪ.
.۴ﺍﻃﻼﻋﺎﺕ ﺍﺯ ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﺩﺭﻳﺎﻓﺖ ﺷﺪﻩ ﻭ ﺑﻪ ﮐﺎﺭﺑﺮ )ﻗﺮﺑﺎﻧﯽ( ﺍﺭﺍﺋﻪ ﻣﯽ ﮔﺮﺩﺩ.
ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﺑﺴﻴﺎﺭ ﺧﻮﺏ ﻋﻤﻞ ﻣﯽ ﮐﻨﺪ ،ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺳﺮﻭﺭ ﻧﻴﺰ ،ﺍﻃﻼﻋﺎﺕ SSLﻣﻮﺭﺩ ﻧﻈﺮ ﺩﺭ ﺣﺎﻝ ﺩﺭﻳﺎﻓﺖ ﺍﺳﺖ ﻭ ﺳﺮﻭﺭ ﺗﻔﺎﻭﺗﯽ ﺭﺍ
ﺗﺸﺨﻴﺺ ﻧﻤﯽ ﺩﻫﺪ .ﻳﮏ ﮐﺎﺭﺑﺮ ﺑﺎ ﺗﺠﺮﺑﻪ ﻳﺎ ﻫﺸﻴﺎﺭ ﻣﻤﮑﻦ ﺍﺳﺖ ﺑﻪ HTTPﻧﺒﻮﺩﻥ flagﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﺮﻭﺭﮔﺮ ﭘﯽ ﺑﺮﺩﻩ ﻭ ﻣﺘﻮﺟﻪ
ﺷﻮﺩ ﮐﻪ ﻣﻮﺿﻮﻋﯽ ﻏﻴﺮ ﻋﺎﺩﯼ ﺍﺳﺖ.
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ :SSLStrip
ﻧﺮﻡ ﺍﻓﺰﺍﺭﯼ ﮐﻪ ﺍﻣﮑﺎﻥ ﻋﻤﻠﮑﺮﺩ ﻫﺎﯼ ﺫﮐﺮ ﺷﺪﻩ ﺭﺍ ﻣﻬﻴﺎ ﻣﯽ ﺳﺎﺯﺩ SSLStrip ،ﻧﺎﻡ ﺩﺍﺭﺩ .ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺗﻨﻬﺎ ﺗﺤﺖ Linuxﺍﺟﺮﺍ ﻣﯽ
ﺷﻮﺩ ،ﺍﮔﺮ ﻣﺎﻳﻞ ﺑﻪ ﻣﻮﺍﺟﻪ ﺷﺪﻥ ﺑﺎ ﻣﺮﺍﺣﻞ ﺩﺷﻮﺍﺭ ﻧﺼﺐ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻧﻴﺴﺘﻴﺪ ،ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺑﺮﻧﺎﻣﺔ Backtrack 4ﺭﺍ ﺩﺍﻧﻠﻮﺩ ﻭ ﺍﺟﺮﺍ
ﮐﻨﻴﺪ ﺯﻳﺮﺍ ﻧﺮﻡ ﺍﻓﺰﺍﺭ SSLStripﺍﺯ ﻗﺒﻞ ﺩﺭ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﻧﺼﺐ ﺷﺪﻩ ﺍﺳﺖ.
ﻫﻨﮕﺎﻣﻴﮑﻪ ﺑﻪ SSLStripﺩﺳﺘﺮﺳﯽ ﭘﻴﺪﺍ ﮐﺮﺩﻳﺪ ،ﻻﺯﻡ ﺍﺳﺖ ﺍﻗﺪﺍﻣﺎﺕ ﭘﻴﺶ ﻧﻴﺎﺯﯼ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ .ﺍﺑﺘﺪﺍ ﻣﯽ ﺑﺎﻳﺴﺖ ﺳﻴﺴﺘﻢ ﻋﺎﻣﻞ
Linuxﺧﻮﺩ ﺭﺍ ﺟﻬﺖ ﺍﺭﺳﺎﻝ ﺁﺩﺭﺱ ﻫﺎ IPﭘﻴﮑﺮﺑﻨﺪﯼ ﻧﻤﺎﻳﻴﺪ .ﺑﺮﺍﯼ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﮐﺎﺭ ﺑﺎﻳﺪ ﺁﺩﺭﺱ ﺯﻳﺮ ﺭﺍ ﺩﺭ ﺑﺮﻧﺎﻣﺔ ﻭﺍﺳﻂ )(shell
ﻭﺍﺭﺩ ﻧﻤﺎﻳﻴﺪ
ﺯﻣﺎﻧﻴﮑﻪ ﺍﻣﮑﺎﻥ ﺍﺭﺳﺎﻝ IPﻫﺎ ﺭﺍ ﻓﻌﺎﻝ ﻧﻤﻮﺩﻳﺪ ،ﻣﯽ ﺑﺎﻳﺴﺖ ﺗﻤﺎﻣﯽ ﺍﻃﻼﻋﺎﺕ HTTPﺭﺑﻮﺩﻩ ﺷﺪﻩ ﺭﺍ ﺑﻪ ﭘﻮﺭﺗﯽ ﮐﻪ SSLStripﺩﺭ ﺁﻥ
ﻓﻌﺎﻝ ﺍﺳﺖ ﻣﻨﺘﻘﻞ ﮐﻨﻴﺪ .ﺍﻳﻦ ﻋﻤﻞ ﺗﻮﺳﻂ ﺍﺻﻼﺡ ﭘﻴﮑﺮﺑﻨﺪﯼ ﻓﺎﻳﺮﻭﺍﻝ iptabelﻫﺎ ﺍﻧﺠﺎﻡ ﻣﯽ ﮔﻴﺮﺩ .ﺑﺮﺍﯼ ﺍﺻﻼﺡ ﺍﻳﻦ ﭘﻴﮑﺮﺑﻨﺪﯼ،
ﻣﯽ ﺑﺎﻳﺴﺖ ﺩﺳﺘﻮﺭ ﺯﻳﺮ ﺭﺍ ﻭﺍﺭﺩ ﻧﻤﺎﻳﻴﺪ:
ﺷﻤﺎ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻋﻤﻞ <listen port> ،ﺭﺍ ﺑﺎ ﻳﮏ ﭘﻮﺭﺕ ﺗﺼﺎﺩﻓﯽ ﺑﻪ ﺍﻧﺘﺨﺎﺏ ﺧﻮﺩﺗﺎﻥ ﺗﻌﻮﻳﺾ ﺧﻮﺍﻫﻴﺪ ﻧﻤﻮﺩ .ﭘﺲ ﺍﺯ
ﭘﻴﮑﺮﺑﻨﺪﯼ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ،ﻣﺎ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﻢ ﺑﻮﺩ ﮐﻪ sslstripﺭﺍ ﺍﺟﺮﺍﻧﻤﻮﺩﻩ ﻭ ﺁﻧﺮﺍ ﺑﺮﺍﯼ ﺗﺠﺴﺲ ﺩﺭ ﭘﻮﺭﺕ ﻣﺸﺨﺺ ﺷﺪﻩ ﺗﻮﺳﻂ
ﺩﺳﺘﻮﺭ > sslstrip -l <listenPortﭘﻴﮑﺮ ﺑﻨﺪﯼ ﻧﻤﺎﻳﻴﻢ.
ﺁﺧﺮﻳﻦ ﻣﺮﺣﻠﻪ ﺩﺭ ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ،ﭘﻴﮑﺮﺑﻨﺪﯼ "" ""ARP Spoofingﺟﻬﺖ ﺭﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺗﻮﺳﻂ ﻗﺮﺑﺎﻧﯽ ﻣﯽ ﺑﺎﺷﺪ .ﻣﺎ
ﻗﺒﻼﹰ ﺩﺭ ﻭﻳﻨﺪﻭﺯ ﻭ ﺗﻮﺳﻂ ﻧﺮﻡ ﺍﻓﺰﺍﺭ Cain and Abelﺍﻳﻦ ﮐﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﺍﺩﻩ ﺍﻳﻢ ،ﺍﻣﺎ ﺩﺭ ﺍﻳﻨﺠﺎ ﺍﺯ ﺍﺑﺰﺍﺭ arpspoofﺑﺮﺍﯼ ﺍﻳﻦ ﻣﻨﻈﻮﺭ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ .ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺩﺭ ﺩﺍﺧﻞ ﺑﺮﻧﺎﻣﺔ Backtrack4ﺗﻌﺒﻴﻪ ﺷﺪﻩ ﺍﺳﺖ .ﺟﻬﺖ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﮐﺎﺭ ﺑﺎﻳﺪ ﺩﺳﺘﻮﺭ ﺯﻳﺮ ﺭﺍ ﻭﺍﺭﺩ
ﻧﻤﺎﻳﻴﻢ:
ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺩﺳﺘﻮﺭ ،ﺷﻤﺎ > <interfaceﺭﺍ ﺑﺮﺍﯼ ﺗﺮﻣﻴﻨﺎﻝ ﺷﺒﮑﻪ ﺍﯼ ﮐﻪ ﺷﻤﺎ ﺍﻳﻦ ﺍﻗﺪﺍﻣﺎﺕ ﺭﺍ ﺩﺭ ﺁﻥ ﺍﻧﺠﺎﻡ ﻣﯽ ﺩﻫﻴﺪ
) eth1 ،eth0ﻭ ﻏﻴﺮﻩ( ﺗﻌﻮﻳﺾ ﺧﻮﺍﻫﻴﺪ ﻧﻤﻮﺩ .ﻫﻤﭽﻨﻴﻦ <targetIP> ،ﺭﺍ ﺑﺮﺍﯼ ﺁﺩﺭﺱ IPﺷﺨﺺ ﻗﺮﺑﺎﻧﯽ ﺗﻐﻴﻴﺮ ﻣﯽ ﺩﻫﻴﺪ ﻭ
> <gatewayIPﺭﺍ ﺑﺮﺍﯼ ﺁﺩﺭﺱ IPﺩﺭﻭﺍﺯﺓ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺷﺨﺺ ﻗﺮﺑﺎﻧﯽ ﻋﻮﺽ ﺧﻮﺍﻫﻴﺪ ﮐﺮﺩ.
ﭘﺲ ﺍﺯ ﺗﮑﻤﻴﻞ ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ،ﺷﻤﺎ ﻣﯽ ﺑﺎﻳﺴﺖ ﺑﻄﻮﺭ ﻓﻌﺎﻻﻧﻪ ﺑﻪ ﺭﺑﻮﺩﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﺮﻗﺮﺍﺭﺷﺪﺓ SSLﺑﭙﺮﺩﺍﺯﻳﺪ .ﺍﮐﻨﻮﻥ ﺷﻤﺎ ﻣﯽ ﺗﻮﺍﻧﻴﺪ
ﺍﺯ ﻳﮏ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺗﺠﺴﺴﯽ ﺑﺮﺍﯼ ﺩﺯﺩﯼ passwordﻫﺎ ،ﺍﻃﻼﻋﺎﺕ ﺷﻨﺎﺳﺎﻳﯽ ﺷﺨﺼﯽ ،ﺷﻤﺎﺭﺓ ﮐﺎﺭﺕ ﻫﺎﯼ ﺍﻋﺘﺒﺎﺭﯼ ﻭ ﻏﻴﺮﻩ
ﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻴﺪ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﻗﺒﻼﹰ ﻫﻢ ﺑﻪ ﺁﻥ ﺍﺷﺎﺭﻩ ﺷﺪ ،ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺍﺯ ﺣﻤﻼﺕ ""ﺭﺑﻮﺩﻥ ،""SSLﺑﻪ ﻫﻴﭻ ﻋﻨﻮﺍﻥ ﺗﻮﺳﻂ ﺳﺮﻭﺭ ﻗﺎﺑﻞ ﺷﻨﺎﺳﺎﻳﯽ
ﻧﻤﯽ ﺑﺎﺷﺪ ﺯﻳﺮﺍ ﺍﻳﻦ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ،ﺑﻪ ﻋﻨﻮﺍﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻋﺎﺩﯼ ﻭ ﻧﺮﻣﺎﻝ ﮐﺎﺭﺑﺮ ﺗﻠﻘﯽ ﻣﯽ ﺷﻮﺩ .ﻳﮏ ﺳﺮﻭﺭ ،ﻧﻤﯽ ﺗﻮﺍﻧﺪ ﺗﺸﺨﻴﺺ
ﺩﻫﺪ ﮐﻪ ﺍﺯ ﻃﺮﻳﻖ ﻳﮏ ﭘﺮﺍﮐﺴﯽ ﺑﺎ ﮐﺎﺭﺑﺮ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﺍﺳﺖ .ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ،ﭼﻨﺪ ﺭﻭﺵ ﺑﺮﺍﯼ ﮐﻤﮏ ﺑﻪ ﮐﺎﺭﺑﺮﺍﻥ ﺟﻬﺖ ﺷﻨﺎﺳﺎﻳﯽ ﻭ
ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﺣﻤﻼﺕ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
ﺍﺯ ﺍﻣﻦ ﺑﻮﺩﻥ ﺍﺗﺼﺎﻻﺗﯽ ﮐﻪ ﺍﺯ HTTPSﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻨﺪ ،ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻧﻤﺎﻳﻴﺪ :ﻭﻗﺘﯽ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺭﺍ ﺑﻪ ﺍﺟﺮﺍ
ﺩﺭ ﻣﯽ ﺁﻳﺪ ،ﺟﻨﺒﻪ ﻫﺎﯼ ﺍﻣﻨﻴﺘﯽ ﺍﺭﺗﺒﺎﻁ ﺍﺯ ﺑﻴﻦ ﻣﯽ ﺭﻭﺩ ﻭ ﺍﻳﻦ ﺗﻐﻴﻴﺮ ،ﺩﺭ ﻣﺮﻭﺭﮔﺮ ﮐﺎﺭﺑﺮ ﻗﺎﺑﻞ ﻣﺸﺎﻫﺪﻩ ﺍﺳﺖ .ﺑﻪ ﻋﻨﻮﺍﻥ ﻣﺜﺎﻝ،
ﻫﻨﮕﺎﻣﻴﮑﻪ ﺷﻤﺎ ﻭﺍﺭﺩ ﻋﻤﻠﻴﺎﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ ﺧﻮﺩ ﻣﯽ ﺷﻮﻳﺪ ﻭ ﻣﯽ ﺑﻴﻨﻴﺪ ﮐﻪ ﺗﻨﻬﺎ ﻳﮏ ﺍﺗﺼﺎﻝ ﻋﺎﺩﯼ HTTPﺑﺮﻗﺮﺍﺭ ﺍﺳﺖ ،ﺁﻧﮕﺎﻩ
ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺟﺮﻳﺎﻥ ﺩﺍﺷﺘﻦ ﭼﻨﻴﻦ ﺣﻤﻼﺗﯽ ﺷﮏ ﮐﻨﻴﺪ .ﻣﺴﺘﻘﻞ ﺍﺯ ﺍﻳﻨﮑﻪ ﺷﻤﺎ ﺍﺯ ﭼﻪ ﻣﺮﻭﺭﮔﺮﯼ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﺪ ،ﺑﺎﻳﺪ ﻗﺎﺩﺭ
ﺑﺎﺷﻴﺪ ﺍﺗﺼﺎﻻﺕ ﺍﻣﻦ ﺭﺍ ﺍﺯ ﺍﺗﺼﺎﻻﺕ ﻧﺎ ﺍﻣﻦ ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ.
ﻋﻤﻠﻴﺎﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ ﺭﺍ ﺩﺭ ﻣﻨﺰﻝ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ :ﺍﺣﺘﻤﺎﻝ ﺍﻳﻨﮑﻪ ﺷﺨﺼﯽ ﺩﺭ ﺷﺒﮑﺔ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺑﻪ ﺗﺠﺴﺲ ﺩﺭ ﺍﻃﻼﻋﺎﺕ
ﻣﺒﺎﺩﻟﻪ ﺷﺪﺓ ﺷﻤﺎ ﺑﭙﺮﺩﺍﺯﺩ ﮐﻤﺘﺮ ﺍﺯ ﺁﻥ ﺍﺳﺖ ﮐﻪ ﮐﺴﯽ ﺩﺭ ﻣﺤﻞ ﮐﺎﺭ ﺷﻤﺎ ﺑﻪ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻋﻤﻞ ﻣﺒﺎﺩﺭﺕ ﮐﻨﺪ .ﻋﻠﺖ ﺍﻳﻦ ﺍﻣﺮ ﺁﻥ
ﻧﻴﺴﺖ ﮐﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺍﻣﻦ ﺗﺮ ﺍﺳﺖ ﺯﻳﺮﺍ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺍﺯ ﺍﻣﻨﻴﺖ ﮐﻤﺘﺮﯼ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ،ﺑﻠﮑﻪ ﻋﻠﺖ ﺁﻧﺴﺖ
ﮐﻪ ﺍﮔﺮ ﺷﻤﺎ ﻳﮏ ﻳﺎ ﺩﻭ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺩﺭ ﻣﻨﺰﻝ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ،ﺗﻨﻬﺎ ﺧﻄﺮﯼ ﮐﻪ ﺷﻤﺎ ﺭﺍ ﺗﻬﺪﻳﺪ ﻣﯽ ﮐﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﮐﻪ ﭘﺴﺮ ۱۴ﺳﺎﻟﺔ
ﺷﻤﺎ ﮐﻠﻴﭗ ﻫﺎﯼ ﺁﻣﻮﺯﺵ ﻫﮏ ﮐﺮﺩﻥ ﺭﺍ ﺩﺭ YouTubeﺩیﺪﻩ ﺑﺎﺷﺪ .ﻭﻟﯽ ﺩﺭ ﺷﺒﮑﺔ ﮐﺎﺭﯼ ،ﺷﻤﺎ ﺍﺯ ﺍﺗﻔﺎﻗﺎﺕ ﺭﺥ ﺩﺍﺩ ﺩﺭ ﺍﺗﺎﻕ ﻫﺎﯼ
ﺩﻳﮕﺮ ﺷﺮﮐﺖ ﻳﺎ ﺩﺭ ﺷﻌﺒﻪ ﻫﺎﯼ ﺩﻳﮕﺮ ﺷﺮﮐﺖ ﺩﺭ ۲۰۰ﻣﺎﻳﻠﯽ ﺧﻮﺩ ﺧﺒﺮ ﻧﺪﺍﺭﻳﺪ ،ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﺍﻳﻨﮑﻪ ﺣﻤﻠﻪ ﺍﯼ ﺑﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ
ﺷﻤﺎ ﺻﻮﺭﺕ ﮔﻴﺮﺩ ،ﭼﻨﺪ ﺑﺮﺍﺑﺮ ﻣﯽ ﺷﻮﺩ .ﻳﮑﯽ ﺍﺯ ﺍﺻﻠﯽ ﺗﺮﻳﻦ ﺍﻫﺪﺍﻑ ﺣﻤﻼﺗﯽ ﺍﺯ ﻧﻮﻉ ""ﺭﺑﻮﺩﻥ ،""SSLﻋﻤﻠﻴﺎﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ
ﺍﺳﺖ .ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ،ﺭﺍﻩ ﻫﺎﯼ ﻣﻘﺎﺑﻠﺔ ﺫﮐﺮ ﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻣﻘﺎﻟﻪ ،ﺩﺭ ﻣﻮﺭﺩ ﺗﻤﺎﻣﯽ ﺍﻫﺪﺍﻑ ﺍﻳﻦ ﺣﻤﻼﺕ ﮐﺎﺭﺑﺮﺩ ﺩﺍﺭﺩ.
ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﺔ ﺧﻮﺩ ﺭﺍ ﺍﻳﻤﻦ ﺳﺎﺯﻳﺪ :ﺑﺎﺯ ﻫﻢ ﺗﮑﺮﺍﺭ ﻣﯽ ﮐﻨﻢ ﮐﻪ ﺩﺭ ﺍﻏﻠﺐ ﻣﻮﺍﺭﺩ ،ﭼﻨﻴﻦ ﺣﻤﻼﺗﯽ ﺍﺯ ﺩﺍﺧﻞ
ﺷﺒﮑﻪ ﺻﻮﺭﺕ ﻣﯽ ﮔﻴﺮﺩ .ﺍﮔﺮ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﺷﺒﮑﻪ ﺷﻤﺎ ﺍﻳﻤﻦ ﺑﺎﺷﻨﺪ ،ﺁﻧﮕﺎﻩ ﺍﺣﺘﻤﺎﻝ ﮐﻤﺘﺮﯼ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺗﺎ ﺍﺯ ﺍﻳﻦ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎ
ﺟﻬﺖ ﺍﺟﺮﺍﯼ ﺍﻳﻦ ﺣﻤﻼﺕ ﻋﻠﻴﻪ ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ.
ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ
:ﻣﻨﺎﺑﻊ ﻭ ﻣﺂﺧﺬ