Man in The Middle

‫آﺷﻨﺎﯾﯽ ﺑﺎ ﺣﻤﻼت ﻣﺮدي در ﻣﯿﺎن‬
Introduction to Man-in-the-middle Attacks
‫ﭘﻮﻳﺎ ﺩﺍﻧﺸﻤﻨﺪ‬
Email: whh_iran (AT) yahoo (DOT) com | Blog: Pouya.securitylab.ir

‫ﺁﺷﻨﺎﻳﯽ ﺑﺎ ﺣﻤﻼﺕ ﻣﺮﺩﯼ ﺩﺭ ﻣﻴﺎﻥ‬
‫ﻓﻬﺮﺳﺖ‪:‬‬
‫ﻣﻘﺪﻣﻪ ﻱ ﺑﺮ ‪۳ ................................................................................................................................................................................................... MITM‬‬
‫ﻣﺴﻤﻮﻡ ﺳﺎﺯﻱ ﺣﺎﻓﻈﻪ ﻛﺶ ‪۵ ............................................................................................................................................................................. ARP‬‬
‫ﺭﻭﺵ ﻫﺎﯼ ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪۱۱ ............................................................................................................................ ARP‬‬
‫ﻓﺮﻳﺐ ‪۱۳ ......................................................................................................................................................... ....................................................... DNS‬‬
‫ﺭﻭﺵ ﻫﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﻓﺮﻳﺐ ‪۲۰ ............................................................................................................................................................................ DNS‬‬
‫ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ )‪۲۱................................................................................................................................................................. (Session Hijacking‬‬
‫ﺭﻭﺵ ﻫﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ ‪۲۷. ..........................................................................................................................................................................‬‬
‫ﺭﺑﻮﺩﻥ ‪۲۸.................................................................................................................................................................................................................. SSL‬‬
‫ﺭﻭﺵ ﻫﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺭﺑﻮﺩﻥ ‪۳۵ .................................................................................................................................................................... ......... SSL‬‬

‫ﻣﻘﺪﻣﻪ ﺑﺮ ‪:MITM‬‬
‫ﺗﻮﺳﻂ ﺣﻤﻼﺕ ‪ Man-in-the-middle‬ﻛﻪ ﺑﻪ ﺍﺧﺘﺼﺎﺭ ‪ MITM‬ﻭ ﺑﻪ ﻓﺎﺭﺳﻲ ﺣﻤﻠﻪ ﻣﺮﺩﻱ ﺩﺭ ﻣﻴﺎﻥ ﺧﻮﺍﻧﺪﻩ ﻣﻲ ﺷﻮﺩ ﺍﻣﻜﺎﻥ‬
‫ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻭ ﺗﺠﺴﺲ ﺑﺮ ﺍﻃﻼﻋﺎﺕ ﺭﺩ ﻭ ﺑﺪﻝ ﺷﺪﻩ ﺑﻴﻦ ﺩﻭ ﺳﻴﺴﺘﻢ ﻣﻴﺴﺮ ﻣﻲ ﮔﺮﺩﺩ‪ .‬ﺑﺮﺍﻱ ﻧﻤﻮﻧﻪ ﻫﻨﮕﺎﻡ ﻣﺒﺎﺩﻟﻪ ﺍﻃﻼﻋﺎﺕ ﺍﺯ‬
‫ﻧﻮﻉ ‪ ،HTTP‬ﻫﺪﻑ ﺣﻤﻠﻪ‪ ،‬ﺍﺭﺗﺒﺎﻁ ‪ TCP‬ﻣﻴﺎﻥ ﻛﺎﺭﺑﺮ ﻭ ﺳﺮﻭﺭ ﺍﺳﺖ‪ .‬ﺷﺨﺺ ﻣﻬﺎﺟﻢ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﻣﺨﺘﻠﻒ‪ ،‬ﺍﺭﺗﺒﺎﻁ ‪TCP‬‬
‫ﺍﺻﻠﻲ ﺭﺍ ﺑﻪ ﺩﻭ ﺍﺭﺗﺒﺎﻁ ﺟﺪﻳﺪ ﺗﻘﺴﻴﻢ ﻣﻲ ﻛﻨﺪ‪.‬‬
‫ﻫﻤﺎﻥ ﻃﻮﺭ ﻛﻪ ﺩﺭ ﺗﺼﻮﻳﺮ ‪ ۱‬ﻣﺸﺨﺺ ﺍﺳﺖ‪ ،‬ﺍﻳﻦ ﺩﻭ ﺍﺭﺗﺒﺎﻁ ﺷﺎﻣﻞ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﻭ ﮐﺎﺭﺑﺮ ﻭ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ ﺣﻤﻠﻪ‬
‫ﮐﻨﻨﺪﻩ ﻭ ﺳﺮﻭﺭ ﻣﻲ ﺑﺎﺷﺪ‪ .‬ﻫﻨﮕﺎﻣﻴﮑﻪ ﺍﺭﺗﺒﺎﻁ ‪ TCP‬ﺭﺩﻳﺎﺑﯽ ﺷﺪ‪ ،‬ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﺑﻪ ﻋﻨﻮﺍﻥ ﻳﮏ ﻓﻴﻠﺘﺮ ﮐﻪ ﻗﺎﺩﺭ ﺑﻪ ﺧﻮﺍﻧﺪﻥ‪،‬‬
‫ﺗﻐﻴﻴﺮ ﻭ ﺍﺿﺎﻓﻪ ﮐﺮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺍﺳﺖ ﻋﻤﻞ ﻣﻲ ﻛﻨﺪ‪.‬‬
‫ﺷﻜﻞ ‪ .۱‬ﻧﻤﻮﻧﻪ ﺗﺼﻮﻳﺮﻱ ﺣﻤﻠﻪ ﺷﺨﺺ ﻣﻴﺎﻧﻲ‬
‫ﺍﺯ ﺁﻧﺠﺎﻳﯽ ﮐﻪ ﺑﺮﻧﺎﻣﻪ ﻫﺎﯼ ‪ http‬ﻭ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩﻩ ﺑﺮ ﭘﺎﻳﻪ ‪ ASCII‬ﻃﺮﺍﺣﯽ ﺷﺪﻩ ﺍﻧﺪ‪ ،‬ﺣﻤﻼﺕ ‪ MITM‬ﻣﯽ ﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﻣﺆﺛﺮ ﺑﺎﺷﺪ‪.‬‬
‫ﺗﻮﺳﻂ ﺍﻳﻦ ﺣﻤﻼﺕ‪ ،‬ﺍﻣﮑﺎﻥ ﻣﺸﺎﻫﺪﻩ ﻳﺎ ﺟﻤﻊ ﺁﻭﺭﯼ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ‪ http‬ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻃﻼﻋﺎﺕ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺑﺮﺍﺣﺘﻲ ﻣﻴﺴﺮ‬
‫ﻣﻲ ﺷﻮﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ‪ ،‬ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﺩﺭ ﺷﮑﻞ ‪ ۲‬ﻣﺸﺨﺺ ﺍﺳﺖ‪ ،‬ﻭﻗﺘﯽ ﺑﺘﻮﺍﻥ ﻳﮏ ﮐﻮﮐﯽ ‪ session‬ﺭﺍ ﮐﻪ ﺩﺭ ﺣﺎﻝ ﺧﻮﺍﻧﺪﻥ‬
‫ﺍﻃﻼﻋﺎﺕ ‪ http‬ﻣﯽ ﺑﺎﺷﺪ ﮐﻨﺘﺮﻝ ﮐﺮﺩ‪ ،‬ﭘﺲ ﺍﻳﻦ ﺍﻣﮑﺎﻥ ﻧﻴ ﺰ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﮐﻪ ﻣﺜﻼﹰ ﻋﺪﺩ ﻣﺮﺑﻮﻁ ﺑﻪ ﻣﻘﺪﺍﺭ ﭘﻮﻝ ﺭﺍ ﺩﺭ‬
‫ﺑﺮﻧﺎﻣﺔ ﺗﺮﺍﮐﻨﺶ ﺗﻐﻴﻴﺮ ﺩﺍﺩ‪.‬‬
‫ﺷﮑﻞ ‪ .۲‬ﻧﻤﻮﻧﻪ ﺗﺼﻮﻳﺮﯼ ﻳﮏ ﺑﺴﺘﺔ ‪ http‬ﮐﻪ ﺗﻮﺳﻂ ‪ Paros Proxy‬ﺭﺩﻳﺎﺑﻲ ﺷﺪﻩ ﺍﺳﺖ‬
‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺵ ﻫﺎﯼ ﻣﺸﺎﺑﻪ‪ ،‬ﻣﯽ ﺗﻮﺍﻥ ﺍﻗﺪﺍﻡ ﺑﻪ ﺣﻤﻠﺔ ‪ MITM‬ﺑﻪ ﺍﺭﺗﺒﺎﻃﺎﺕ ‪ https‬ﻧﻤﻮﺩ‪ .‬ﺗﻨﻬﺎ ﺗﻔﺎﻭﺕ ﺍﻳﻦ ﺣﻤﻠﻪ‪ ،‬ﺩﺭ ﻧﺤﻮﻩ‬
‫ﺑﺮﻗﺮﺍﺭﯼ ﺩﻭ ‪ SSL session‬ﻣﺴﺘﻘﻞ ﺩﺭ ﺩﻭﺳﺮ ﺍﺭﺗﺒﺎﻁ ‪ TCP‬ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﺣﺎﻟﺖ‪ ،‬ﻣﺮﻭﺭﮔﺮ ﺍﻳﻨﺘﺮﻧﺖ ﻳﮏ ﺍﺭﺗﺒﺎﻁ ‪ SSL‬ﺑﺎ ﻓﺮﺩ‬
‫ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﺍﻳ ﺠﺎﺩ ﻧﻤﻮﺩﻩ ﻭ ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﻧﻴﺰ ﻳﮏ ﺍﺭﺗﺒﺎﻁ ‪ SSL‬ﺩﻳﮕﺮ ﺑﺎ ﺳﺮﻭﺭ ﺑﺮﻗﺮﺍﺭ ﻣﯽ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﺩﺭ ﺍﻳﻦ ﻫﻨﮕﺎﻡ‪ ،‬ﻣﻌﻤﻮﻻﹰ ﻣﺮﻭﺭﮔﺮ ﺍﻳﻨﺘﺮﻧﺖ ﻳﮏ ﭘﻴﻐﺎﻡ ﻫﺸﺪﺍﺭ ﺩﻫﻨﺪﻩ ﺑﺮﺍﯼ ﮐﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ ﻣﯽ ﮐﻨﺪ ﻭﻟﯽ ﮐﺎﺭﺑﺮ ﺑﻪ ﻋﻠﺖ ﻋﺪﻡ ﺁﮔﺎﻫﯽ‬
‫ﺍﺯ ﻭﺟﻮﺩ ﺗﻬﺪﻳﺪ‪ ،‬ﺍﻳﻦ ﭘﻴﻐﺎﻡ ﺭﺍ ﻧﺎﺩﻳﺪﻩ ﻣﯽ ﮔﻴﺮﺩ‪ .‬ﺩﺭ ﺑﺮﺧﯽ ﻣﻮﺍﺭﺩ ﺍﻣﮑﺎﻥ ﺩﺍﺭﺩ ﭘﻴﻐﺎﻡ ﻫﺸﺪﺍﺭ ﺑﺮﺍﯼ ﮐﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ ﻧﮕﺮﺩﺩ‪ .‬ﺑﻪ ﻋﻨﻮﺍﻥ‬
‫ﻣﺜﺎﻝ‪ ،‬ﻫﻨﮕﺎﻣﻲ ﮐﻪ ﺗﺄﻳﻴ ﺪﻩ ﺳﺮﻭﺭ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ ﻳﺎ ﺩﺭ ﺷﺮﺍﻳﻄﯽ ﮐﻪ ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﻳﮏ ‪CA‬‬
‫ﻣﻌﺘﻤﺪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ ﮐﻪ ‪ CN‬ﺁﻥ ﻫﻤﺎﻥ ‪ CN‬ﻭﺏ ﺳﺎﻳﺖ ﺍﺻﻠﯽ ﺑﺎﺷﺪ‪.‬‬
‫ﺣﻤﻼﺕ ‪ MITM‬ﻓﻘﻂ ﺑﻪ ﻣﻨﻈﻮﺭ ﺣﻤﻠﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﻫﺎ ﺩﺭ ﺷﺒﮑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﯽ ﺷﻮﻧﺪ‪ ،‬ﻣﻌﻤﻮﻻﹰ ﺍﺯ ﺍﻳﻦ ﺣﻤﻼﺕ ﻫﻨﮕﺎﻡ ﺍﺟﺮﺍﯼ ﻳﮏ‬
‫ﺑﺮﻧﺎﻣﺔ ﺷﺒﮑﻪ ﻳﺎ ﺩﺭ ﺟﻬﺖ ﮐﻤﮏ ﺑﻪ ﺁﺳﻴﺐ ﭘﺬﻳﺮ ﻧﻤﻮﺩﻥ ﺷﺒﮑﻪ ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮔﺮﺩﺩ‪.‬‬
‫ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪: ARP‬‬
‫ﺍﻳﻦ ﺭﻭﺵ )ﮐﻪ ﮔﺎﻫﯽ ﺑﺎ ﻧﺎﻡ ﺭﺩﻳﺎﺑﯽ ﺳﻤﯽ ‪ ARP‬ﺷﻨﺎﺧﺘﻪ ﻣﯽ ﺷﻮﺩ( ﺑﻪ ﻋﻨﻮﺍﻥ ﻳﮑﯽ ﺍﺯ ﻗﺪﻳﻤﯽ ﺗﺮﻳﻦ ﺭﻭﺵ ﻫﺎﯼ ﺣﻤﻼﺕ ﻣﺪﺭﻥ‬
‫‪ MITM‬ﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ ﺑﻪ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﺍﺟﺎﺯﻩ ﺩﺍﺩﻩ ﻣﯽ ﺷﻮﺩ ﺗﺎ ﺩﺭ ﻫﻤﺎﻥ ﺯﻳﺮ ﺷﺒﮑﻪ ﺍﯼ ﮐﻪ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺩﺭ ﺁﻥ‬
‫ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﺑﻪ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻭ ﺗﺠﺴ‪‬ﺲ ﺑﺮ ﺗﻤﺎﻣﯽ ﺍﻃﻼﻋﺎﺕ ﺭﺩﻭﺑﺪﻝ ﺷﺪﻩ ﺑﻴﻦ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺑﭙﺮﺩﺍﺯﺩ ‪ ،‬ﺍﻳﻦ ﺣﻤﻠﻪ ﻳﮑﯽ ﺍﺯ ﺁﺳﺎﻧﺘﺮﻳﻦ ﻭ‬
‫ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﻣﺆﺛﺮﺗﺮﻳﻦ ﺭﻭﺵ ﻫﺎﯼ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺣﻤﻠﻪ ﮐﻨﻨﺪﮔﺎﻥ ﺍﺳﺖ‪.‬‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻌﻤﻮﻝ ‪: ARP‬‬
‫ﻋﻠیﺮﻏﻢ ﺍﻳﻨﮑﻪ ﻧﻴﺎﺯﯼ ﺑﻪ ﺍﺑﺪﺍﻉ ﺳﻴﺴﺘﻢ ‪ ARP‬ﺍﺣﺴﺎﺱ ﻧﻤﯽ ﺷﺪ‪ ،‬ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﺟﻬﺖ ﺗﺴﻬﻴﻞ ﺩﺭ ﻓﺮﺍﻳﻨﺪ ﺗﺮﺟﻤﻪ ﺁﺩﺭﺱ ﻫﺎﯼ‬
‫ﻣﻮﺟﻮﺩ ﺩﺭ ﻣﻴﺎﻥ ﻻﻳﻪ ﻫﺎﯼ ﺩﻭﻡ ﻭ ﺳﻮﻡ ﻣﺪﻝ ‪ OSI‬ﻃﺮﺍﺣﯽ ﺷﺪ‪ .‬ﻻﻳﺔ ﺩﻭﻡ ﻳﺎ ﻫﻤﺎﻥ ﻻﻳﻪ ﺍﺗﺼﺎﻝ ﺩﺍﺩﻩ ‪ ،‬ﺍﺯ ﺁﺩﺭﺱ ﻫﺎﯼ ‪MAC‬‬
‫ﺟﻬﺖ ﺍﻣﮑﺎﻥ ﺑﺮﻗﺮﺍﺭﯼ ﺍﺭﺗﺒﺎﻁ ﻣﺴﺘﻘﻴﻢ ﺑﻴﻦ ﺩﺳﺘﮕﺎﻩ ﻫﺎﯼ ﺳﺨﺖ ﺍﻓﺰﺍﺭﯼ ﺩﺭ ﻣﻘﻴﺎﺱ ﮐﻮﭼﮏ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﺪ‪ .‬ﻻﻳﺔ ﺳﻮﻡ ﻳﺎ‬
‫ﻻﻳﻪ ﺷﺒﮑﻪ ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﻗﻊ ﺍﺯ ﺁﺩﺭﺱ ﻫﺎﯼ ‪ IP‬ﺟﻬﺖ ﺍﻳﺠﺎﺩ ﺷﺒﮑﻪ ﻫﺎﯼ ﻣﻘﻴﺎﺱ ﺯﺩﻧﯽ ﺑﺎ ﻗﺎﺑﻠﻴﺖ ﺍﺭﺗﺒﺎﻁ ﺟﻬﺎﻧﯽ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻣﯽ ﻧﻤﺎﻳﺪ‪ .‬ﻻﻳﺔ ﺍﺗﺼﺎﻝ ﺩﺍﺩﻩ ﺑﺎ ﺩﺳﺘﮕﺎﻩ ﻫﺎﻳﯽ ﮐﻪ ﻣﺴﺘﻘﻴﻤﺎﹰ ﺑﻪ ﻳﮑﺪﻳﮕﺮ ﻣﺘﺼﻞ ﻫﺴﺘﻨﺪ ﺳﺮﻭﮐﺎﺭ ﺩﺍﺭﺩ‪ .‬ﺩﺭ ﺣﺎﻟﻴﮑﻪ‪ ،‬ﻻﻳﺔ ﺷﺒﮑﻪ ﺑﺎ‬
‫ﺩﺳﺘﮕﺎﻩ ﻫﺎﻳﯽ ﺳﺮﻭ ﮐﺎﺭ ﺩﺍﺭﺩ ﮐﻪ ﺑﻄﻮﺭ ﻣﺴﺘﻘﻴﻢ ﻭ ﻏﻴﺮ ﻣﺴﺘﻘﻴﻢ ﺑﻪ ﻳﮑﺪﻳﮕﺮ ﻣﺘﺼﻞ ﺷﺪﻩ ﺍﻧﺪ‪ .‬ﻫﺮ ﻻﻳﻪ ﻓﺮﻡ ﺁﺩﺭﺳﯽ ﻣﺨﺼﻮﺹ ﺑﻪ‬
‫ﺧﻮﺩ ﺭﺍ ﺩﺍﺷﺘﻪ ﻭ ﺑﺮﺍﯼ ﺑﺮﻗﺮﺍﺭﯼ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﺒﮑﻪ ﻻﺯﻡ ﺍﺳﺖ ﺗﻤﺎﻣﯽ ﺍﻳﻦ ﻻﻳﻪ ﻫﺎ ﺑﻪ ﻫﻤﺮﺍﻩ ﻳﮑﺪﻳﮕﺮ ﻋﻤﻞ ﮐﻨﻨﺪ‪ .‬ﺍﻳﻦ ﺣﻘﻴﻘﺖ‪،‬‬
‫ﭘﺎﺳﺦ ﻣﺤﮑﻤﯽ ﺑﺮﺍﯼ ﺍﻳﻦ ﺳﻮﺍﻝ ﺍﺳﺖ ﮐﻪ ﭼﺮﺍ ‪ ARP‬ﻫﻤﻴﺸﻪ ﺑﻪ ﻫﻤﺮﺍﻩ ‪ RFC 826‬ﮐﻪ ﻳﮏ ﺳﻴﺴﺘﻢ ﺭﺯﻭﻟﻮﺷﻦ ﺑﺎ ﺁﺩﺭﺱ ﺩﺍﺧﻠﯽ‬
‫ﺍﺳﺖ‪ ،‬ﺳﺎﺧﺘﻪ ﻣﯽ ﺷﻮﺩ‪.‬‬
‫ﺷﻜﻞ ‪ .۳‬ﻓﺮﺁﻳﻨﺪ ﺍﺭﺗﺒﺎﻁ ‪ARP‬‬
‫ﻋﻤﻠﮑﺮﺩ ﺯﻳﺮﮐﺎﻧﺔ ‪ ARP‬ﺣﻮﻝ ﺩﻭ ﺩﺳﺘﻪ ﮐﻠﯽ ﻣﺘﻤﺮﮐﺰ ﺷﺪﻩ ﺍﺳﺖ ‪ :‬ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ ‪ ARP‬ﻭ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ‪ .ARP‬ﺍﻫﺪﺍﻑ ﺍﻳﻦ‬
‫ﺩﺳﺘﻪ ﻫﺎ‪ ،‬ﭘﻴﺪﺍ ﮐﺮﺩﻥ ﻣﮑﺎﻥ ﺁﺩﺭﺱ ﻫﺎﯼ ‪ MAC‬ﻣﯽ ﺑﺎﺷﺪ ﮐﻪ ﺍﻳﻦ ﺁﺩﺭﺱ ﻫﺎ‪ ،‬ﺑﺎ ﺁﺩﺭﺱ ‪ IP‬ﺩﺍﺩﻩ ﺷﺪﻩ ﺗﺮﮐﻴﺐ ﺷﺪﻩ ﺍﻧﺪ ‪ .‬ﻳﺎﻓﺘﻦ‬
‫ﻣﮑﺎﻥ ﺁﺩﺭﺱ ﻫﺎﯼ ‪ MAC‬ﺑﺎﻳﺪ ﻃﻮﺭﯼ ﺻﻮﺭﺕ ﭘﺬﻳﺮﺩ ﮐﻪ ﺩﺭ ﻣﺴﻴﺮ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩﻩ ﻫﺎ ﺩﺭ ﺷﺒﮑﻪ ﺧﻠﻠﯽ ﻭﺍﺭﺩ ﻧﺸﻮﺩ‪ .‬ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ‬
‫ﺑﻪ ﺗﻤﺎﻣﯽ ﺩﺳﺘﮕﺎﻩ ﻫﺎﯼ ﺷﺒﮑﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩ ﻭ ﺣﺎﻭﯼ ﺍﻳﻦ ﭘﻴﺎﻡ ﺍﺳﺖ ‪ "" :‬ﺁﻫﺎﯼ‪ ،‬ﺁﺩﺭﺱ ‪ IP‬ﻣﻦ ‪ XX:XX:XX:XX‬ﻭ ﺁﺩﺭﺱ‬
‫‪ MAC‬ﻣﻦ ‪ XX:XX:XX:XX:XX:XX‬ﺍﺳﺖ‪ .‬ﻣﻦ ﺑﺎﻳﺪ ﻣﻄﻠﺒﯽ ﺭﺍ ﺑﺮﺍﯼ ﺷﺨﺼﯽ ﮐﻪ ﺩﺍﺭﺍﯼ ‪ XX.XX.XX.XX IP‬ﻣﯽ ﺑﺎﺷﺪ ﺍﺭﺳﺎﻝ ﮐﻨﻢ‬
‫ﻭﻟﯽ ﺁﺩﺭﺱ ﺳﺨﺖ ﺍﻓﺰﺍﺭﯼ ﺁﻥ ﺷﺨﺺ ﺭﺍ ﻧﻤﯽ ﺩﺍﻧﻢ‪ .‬ﺁﻳﺎ ﺍﻣﮑﺎﻥ ﺩﺍﺭﺩ ﮐﺴﯽ ﮐﻪ ﺍﻳﻦ ﺁﺩﺭﺱ ‪ IP‬ﺭﺍ ﺩﺍﺭﺩ‪ ،‬ﺑﺎ ﺍﻋﻼﻡ ﺁﺩﺭﺱ ‪MAC‬‬
‫ﺧﻮﺩ‪ ،‬ﺑﻪ ﻣﻦ ﭘﺎﺳﺦ ﺩﻫﺪ؟"" ‪ .‬ﭘﺎﺳﺦ ﺍﺯ ﻃﺮﻳﻖ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ‪ ARP‬ﺍﻋﻼﻡ ﺷﺪﻩ ﻭ ﺣﺎﻭﯼ ﺍﻳﻦ ﻣﺘﻦ ﺍﺳﺖ ‪ "" :‬ﺁﻫﺎﯼ ﺳﻴﺴﺘﻢ ﺍﻧﺘﻘﺎﻝ‪،‬‬
‫ﻣﻦ ﻫﻤﺎﻥ ﺷﺨﺼﯽ ﻫﺴﺘﻢ ﮐﻪ ﺗﻮ ﺑﻪ ﺩﻧﺒﺎﻝ ﺁﻥ ﻣﯽ ﮔﺮﺩﯼ ﻭ ﺁﺩﺭﺱ ‪ IP‬ﻣﻦ ﺍﻳﻦ ﺍﺳﺖ ‪ XX.XX.XX.XX :‬ﻭ ﺁﺩﺭﺱ ‪ MAC‬ﻣﻦ ﻫﻢ‪:‬‬
‫‪ .""XX:XX:XX:XX:XX:XX‬ﺑﻪ ﻣﺤﺾ ﺍﻳﻨﮑﻪ ﺍﻳﻦ ﺭﻭﻧﺪ ﺗﮑﻤﻴﻞ ﺷﺪ‪ ،‬ﺩﺳﺘﮕﺎﻩ ﺍﻧﺘﻘﺎﻝ ﺟﺪﻭﻝ ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ARD‬ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺭﻭﺯ ﮐﺮﺩﻩ‬
‫ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ‪ ،‬ﻫﺮ ﺩﻭ ﺩﺳﺘﮕﺎﻩ ﻗﺎﺩﺭ ﺑﻪ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﻳﮑﺪﻳﮕﺮ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ‪.‬‬
‫ﺭﻭﺵ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪:ARP‬‬
‫ﺭﻭﺵ ﺣﻤﻠﻪ ﺍﺯ ﻃﺮﻳﻖ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ،ARP‬ﺍﺯ ﻃﺒﻴﻌﺖ ﻧﺎ ﺍﻣﻦ ﺳﻴ ﺴﺘﻢ ‪ ARP‬ﺑﻬﺮﻩ ﻣﯽ ﺟﻮﻳﺪ‪ .‬ﺑﺮ ﺧﻼﻑ ﺳﻴﺴﺘﻢ‬
‫ﻫﺎﻳﯽ ﻧﻈﻴﺮ ‪ DNS‬ﮐﻪ ﺑﻪ ﻧﺤﻮﯼ ﻃﺮﺍﺣﯽ ﻣﯽ ﺷﻮﻧﺪ ﮐﻪ ﺗﻨﻬﺎ ﺩﺍﺭﺍﯼ ﻗﺎﺑﻠﻴﺖ ﺑﻪ ﺭﻭﺯ ﺷﻮﻧﺪﮔﯽ ﺩﻳﻨﺎﻣﻴﮑﯽ ﺍﻣﻦ ﻫﺴﺘﻨﺪ‪ ،‬ﺩﺳﺘﮕﺎﻩ‬
‫ﻫﺎﻳﯽ ﮐﻪ ﺍﺯ ‪ ARP‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻨﺪ‪ ،‬ﻣﯽ ﺗﻮﺍﻧﻨﺪ ﺩﺭ ﻫﺮ ﺯﻣﺎﻧﯽ ﺑﻪ ﺭﻭﺯ ﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﯽ ﺍﺳﺖ ﮐﻪ ﻫﺮ ﺩﺳﺘﮕﺎﻫﯽ ﺩﺭ ﺷﺒﮑﻪ‬
‫ﻣﯽ ﺗﻮﺍﻧﺪ ﻳﮏ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ‪ ARP‬ﺑﻪ ﻣﻴﺰﺑﺎﻥ ﻓﺮﺳﺘﺎﺩﻩ ﻭ ﺁﻥ ﺭﺍ ﻣﺠﺒﻮﺭ ﻧﻤﺎﻳﺪ ﺗﺎ ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ARP‬ﺧﻮﺩ ﺭﺍ ﻣﻄﺎﺑﻖ ﺑﺎ ﻣﻘﺎﺩﻳﺮ‬
‫ﺟﺪﻳﺪ ﺑﻪ ﺭﻭﺯ ﻧﻤﺎﻳﺪ‪ .‬ﺍﺭﺳﺎﻝ ﻳﮏ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ‪ ARP‬ﺑﺪﻭﻥ ﺍﻳﻨﮑﻪ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ‪ ،‬ﻓﺮﺳﺘﺎﺩﻩ ﺑﻼﻋﻮﺽ ‪ARP‬‬
‫ﻧﺎﻣﻴﺪﻩ ﻣﯽ ﺷﻮﺩ‪ .‬ﻫﻨﮕﺎﻣﻴﮑﻪ ﻧﻴﺖ ﺳﻮﺋﯽ ﺗﻮﺳﻂ ﺣﻤﻠﻪ ﮐﻨﻨﺪﮔﺎﻥ ﺩﺭ ﺣﺎﻝ ﭘﻴﮕﻴﺮﯼ ﺑﺎﺷﺪ‪ ،‬ﺍﺭﺳﺎﻝ ﭼﻨﺪ ﻓﺮﺳﺘﺎﺩﻩ ﺑﻼﻋﻮﺽ ‪ARP‬‬
‫ﺑﺎﻋﺚ ﻣﯽ ﮔﺮﺩﺩ ﺗﺎ ﻗﺮﺑﺎﻧﯽ ﮔﻤﺎﻥ ﮐﻨﺪ ﮐﻪ ﺑﺎ ﻳﮏ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻣﻴﺰﺑﺎﻥ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﺍﺳﺖ‪ ،‬ﺩﺭ ﺻﻮﺭﺗﻴﮑﻪ‪ ،‬ﺩﺭ ﻭﺍﻗﻊ ﺁﻥ ﻗﺮﺑﺎﻧﯽ ﺩﺭ ﺣﺎﻝ‬
‫ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﻳﮏ ﺣﻤﻠﻪ ﮐﻨﻨﺪﺓ ﺩﺭ ﺣﺎﻝ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻣﯽ ﺑﺎﺷﺪ‪.‬‬
‫ﺷﻜﻞ ‪ .۴‬ﺍﻟﮕﻮﻱ ﺗﺮﺍﻓﻴﻜﻲ ﻋﺎﺩﻱ ﺷﺒﻜﻪ ﻭ ﺳﭙﺲ ﻣﺴﻤﻮﻡ ﺳﺎﺯﻱ ﻛﺶ ‪ARP‬‬

‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪:Cain & Able‬‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ Cain & Able‬ﻗﺎﺑﻠﻴﺖ ﻫﺎﻱ ﻓﺮﺍﺗﺮ ﺍﺯ ﺁﻧﭽﻪ ﻣﺎ ﺩﺭ ﺍﻳﻨﺠﺎ ﻧﻴﺎﺯ ﺩﺍﺭﻳﻢ ﺭﺍ ﺩﺍﺭﺍﺳﺖ‪ ،‬ﻫﻨﮕﺎﻣﻴﮑﻪ ﺑﺮﺍﯼ ﺍﻭﻟﻴﻦ ﺑﺎﺭ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺭﺍ‬
‫ﺍﺟﺮﺍ ﻣﯽ ﮐﻨﻴﺪ‪ ،‬ﻣﺘﻮﺟﻪ ﻳﮏ ﺳﺮﯼ ﺩﮔﻤﻪ ﻫﺎ ﺩﺭ ﻗﺴﻤﺖ ﺑﺎﻻﻳﯽ ﭘﻨﺠﺮﻩ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻣﯽ ﺷﻮﻳﺪ‪ .‬ﻣﺎ ﺍﺯ ﻣﺤﻴﻂ ‪) Sniffer‬ﺟﺎﺳﻮﺱ(‬
‫ﺟﻬﺖ ﺭﺳﻴﺪﻥ ﺑﻪ ﻫﺪﻑ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ‪ .‬ﻫﻨﮕﺎﻣﻴ ﮑﻪ ﺑﺮ ﺭﻭﯼ ﺩﮔﻤﻪ ‪ Sniffer‬ﮐﻠﻴﮏ ﮐﻨﻴﺪ‪ ،‬ﻳﮏ ﺟﺪﻭﻝ ﺧﺎﻟﯽ ﻣﺸﺎﻫﺪﻩ‬
‫ﺧﻮﺍﻫﻴﺪ ﮐﺮﺩ‪ .‬ﺟﻬﺖ ﭘﺎﺭﺍﻣﺘﺮ ﺩﻫﯽ ﺑﻪ ﺍﻳﻦ ﺟﺪﻭﻝ‪ ،‬ﻣﯽ ﺑﺎﻳﺴﺖ ‪ Sniffer‬ﻃﺮﺍﺣﯽ ﺷﺪﻩ ﺩﺭ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺭﺍ ﻓﻌﺎﻝ ﺳﺎﺧﺘﻪ ﻭ ﺷﺒﮑﻪ ﺧﻮﺩ‬
‫ﺭﺍ ﺟﻬﺖ ﺍﺳﺘﻔﺎﺩﺓ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺍﺳﮑﻦ ﮐﻨﻴﺪ‪.‬‬
‫ﺷﻜﻞ ‪ .۵‬ﻣﺤﻴﻂ ‪ Sniffer‬ﻧﺮﻡ ﺍﻓﺰﺍﺭ‬
‫ﺑﺮ ﺭﻭﯼ ﺁﻳﮑﻮﻥ ﺩﻭﻡ ﺩﺭ ﺟﻌﺒﻪ ﺍﺑﺰﺍﺭ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﮐﻠﻴﮏ ﮐﻨﻴﺪ‪ .‬ﺍﻳﻦ ﺁﻳﮑﻮﻥ ﺷﺒﻴﻪ ﻳﮏ ﮐﺎﺭﺕ ﺷﺒﮑﻪ ﺍﺳﺖ‪ .‬ﻫﻨﮕﺎﻣﻴﮑﻪ ﺑﺮﺍﯼ ﺍﻭﻟﻴﻦ ﺑﺎﺭ‬
‫ﺑﺮ ﺭﻭﯼ ﺍﻳﻦ ﺁﻳﮑﻮﻥ ﮐﻠﻴﮏ ﻣﯽ ﮐﻨﻴﺪ‪ ،‬ﺍﺯ ﺷﻤﺎ ﺧﻮﺍﺳﺘﻪ ﻣﯽ ﺷﻮﺩ ﮐﻪ ﺗﺮﻣﻴﻨﺎﻟﯽ ﺭﺍ ﮐﻪ ﻗﺼﺪ ﺩﺍﺭﻳﺪ ﺗﺠﺴﺲ ﺩﺍﺭﻳﺪ ﻣﺸﺨﺺ ﻧﻤﺎﻳﻴﺪ‬
‫‪.‬ﺷﻤﺎ ﺑﺎﻳﺪ ﺗﺮﻣﻴﻨﺎﻟﯽ ﺭﺍ ﻣﺸﺨﺺ ﮐﻨﻴﺪ ﮐﻪ ﺑﻪ ﻫﻤﺎﻥ ﺷﺒﮑﻪ ﺍﯼ ﻣﺘﺼﻞ ﺍﺳﺖ ﮐﻪ ﻗﺼﺪ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺁﻥ ﺭﺍ ﺩﺍﺭﻳﺪ‪ .‬ﭘﺲ ﺍﺯ‬
‫ﻣﺸﺨﺺ ﻧﻤﻮﺩﻥ ﺗﺮﻣﻴﻨﺎﻝ ﺍﺗﺼﺎﻟﯽ ﺑﻪ ﺷﺒﮑﻪ‪ ،‬ﺑﺮ ﺭﻭﯼ ‪ OK‬ﮐﻠﻴﮏ ﮐﻨﻴﺪ ﺗﺎ ﺍﺑﺰﺍﺭ ﺗﺠﺴ‪‬ﺴﯽ ﺑﺮﻧﺎﻣﻪ ﻓﻌﺎﻝ ﮔﺮﺩﺩ‪ .‬ﺩﺭ ﺍﻳﻦ ﺯﻣﺎﻥ ﻣﯽ‬
‫ﺑﺎﻳﺴﺖ ﺁﻳﮑﻮﻥ ﺟﻌﺒﻪ ﺍﺑﺰﺍﺭ ﮐﻪ ﺷﺒﻴﻪ ﻳﮏ ﮐﺎﺭﺕ ﺷﺒﮑﻪ ﺍﺳﺖ ﻓﺸﺮﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﺻﻮﺭﺗﻴﮑﻪ ﺍﻳﻦ ﺁﻳﮑﻮﻥ ﺩﺭ ﻭﺿﻌﻴﺖ ﻓﺸﺮﺩﻩ‬
‫ﺷﺪﻩ ﻧﺒﺎﺷﺪ‪ ،‬ﺑﺎ ﮐﻠﻴﮏ ﺑﺮ ﺭﻭﯼ ﺁﻥ‪ ،‬ﺑﺼﻮﺭﺕ ﺩﺳﺘﯽ ﺍﻳﻦ ﺁﻳ ﮑﻮﻥ ﺭﺍ ﺩﺭ ﻭﺿﻌﻴﺖ ﻓﺸﺮﺩﻩ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪ .‬ﺟﻬﺖ ﺳﺎﺧﺘﻦ ﻟﻴﺴﺘﯽ ﺍﺯ‬
‫ﻣﻴﺰﺑﺎﻧﺎﻥ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﺔ ﺷﻤﺎ‪ ،‬ﺑﺮ ﺭﻭﯼ ﺁﻳﮑﻮﻥ ﺷﺒﻴﻪ ﻋﻼﻣﺖ ﺑﻌﻼﻭﻩ )‪ (+‬ﺩﺭ ﺟﻌﺒﻪ ﺍﺑﺰﺍﺭ ﺍﺻﻠﯽ ﮐﻠﻴﮏ ﮐﺮﺩﻩ ‪،‬ﺳﭙﺲ ﺑﺮ ﺭﻭﯼ ‪OK‬‬
‫ﮐﻠﻴﮏ ﮐﻨﻴﺪ‪.‬‬
‫ﺷﻜﻞ ‪ .۶‬ﺟﺴﺘﺠﻮﻱ ﺷﺒﻜﻪ ﺑﺮﺍﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻣﻴﺰﺑﺎﻧﺎﻥ‬
‫ﺁﻥ ﺟﺪﻭﻝ ﮐﻪ ﺯﻣﺎﻧﯽ ﺧﺎﻟﯽ ﺍﺯ ﭘﺎﺭﺍﻣﺘﺮ ﺑﻮﺩ‪ ،‬ﺍﮐﻨﻮﻥ ﻣﯽ ﺑﺎﻳﺴﺖ ﺑﺎ ﺍﻃﻼﻋﺎﺗﯽ ﺷﺎﻣﻞ ﻟﻴﺴﺖ ﺗﻤﺎﻣﯽ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺩﺭ ﺷﺒﮑﻪ ﺑﻪ ﻫﻤﺮﺍﻩ‬
‫ﺁﺩﺭﺱ ﻫﺎﯼ ‪ MAC‬ﻭ ‪ IP‬ﺁﻧﺎﻥ ﻭ ﻣﺸﺨﺼﺎﺕ ﺍﺭﺍﺋﻪ ﮐﻨﻨﺪﻩ ﺧﺪﻣﺎﺕ ﺷﺒﮑﺔ ﻣﻴﺰﺑﺎﻧﺎﻥ‪ ،‬ﭘﺮ ﺷﺪﻩ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﻫﻤﺎﻥ ﺟﺪﻭﻟﯽ ﺍﺳﺖ ﮐﻪ‬
‫ﺷﻤﺎ ﺭﺍ ﺑﺮﺍﺳﺎﺱ ﺍﻃﻼﻋﺎﺕ ﺁﻥ‪ ،‬ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ARP‬ﺍﻧﺠﺎﻡ ﻣﯽ ﺩﻫﻴﺪ‪ .‬ﺩﺭ ﭘﺎﻳﻴﻦ ﭘﻨﺠﺮﺓ ﻧﺮﻡ ﺍﻓﺰﺍﺭ‪ ،‬ﺷﻤﺎ ﺷﺎﻫﺪ ﺳﺮﯼ‬
‫ﺩﮔﻤﻪ ﻫﺎﻳﯽ ﻣﯽ ﺑﺎﺷﻴﺪ ﮐﻪ ﺩﺭ ﺻﻮﺭﺕ ﮐﻠﻴﮏ ﺭﻭﯼ ﺁﻧﻬﺎ ‪ ،‬ﺷﻤﺎ ﺗﺤﺖ ﻋﻨﻮﺍﻥ ‪) Sniffer‬ﺟﺎﺳﻮﺱ( ﺑﻪ ﭘﻨﺠﺮﻩ ﻫﺎﯼ ﺩﻳﮕﺮﯼ ﻫﺪﺍﻳﺖ‬
‫ﻣﯽ ﺷﻮﻳﺪ‪ .‬ﺣﺎﻝ ﮐﻪ ﺷﻤﺎ ﻟﻴﺴﺘﯽ ﺍﺯ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺗﻬﻴﻪ ﻧﻤﻮﺩﻩ ﺍﻳﺪ‪ ،‬ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺩﺭ ﻣﺤﻴﻂ ‪ APR‬ﻣﺸﻐﻮﻝ ﺑﻪ ﻓﻌﺎﻟﻴﺖ ﺷﻮﻳﺪ‪.‬‬
‫ﺩﺭ ﻫﻨﮕﺎﻡ ﻓﻌﺎﻟﻴﺖ ﺩﺭ ﭘﻨﺠﺮﺓ ‪ ، APR‬ﺩﻭ ﺟﺪﻭﻝ ﺧﺎﻟﯽ ﺑﻪ ﺷﻤﺎ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﻣﯽ ﺷﻮﺩ ‪ :‬ﺟﺪﻭﻝ ﺑﺎﻻﻳﯽ ﻭ ﺟﺪﻭﻝ ﭘﺎﻳﻨﯽ‪ .‬ﺑﺎ ﻧﺼﺐ ﺍﻳﻦ‬
‫ﺟﺪﺍﻭﻝ‪ ،‬ﺟﺪﻭﻝ ﺑﺎﻻﻳﯽ ﻟﻴﺴﺖ ﺩﺳﺘﮕﺎﻩ ﻫﺎﻳﯽ ﮐﻪ ﺩﺭ ﺭﻭﻧﺪ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﻧﻘﺶ ﺩﺍﺭﻧﺪ ﺭﺍ ﻧﺸﺎﻥ ﻣﯽ ﺩﻫﺪ‪ ،‬ﺟﺪﻭﻝ ﭘﺎﻳﻴﻨﯽ ﺗﻤﺎﻣﯽ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻴﻦ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻫﺎﯼ ﻣﺴﻤﻮﻡ ﺷﺪﻩ ﺗﻮﺳﻂ ﺷﻤﺎ ﺭﺍ ﻧﺸﺎﻥ ﻣﯽ ﺩﻫﺪ‪ .‬ﺟﻬﺖ ﺍﺩﺍﻣﺔ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ‪ ،‬ﺑﺮ ﺭﻭﯼ ﺁﻳﮑﻮﻥ ﺷﺒﻴﻪ‬
‫ﻋﻼﻣﺖ ﺑﻌﻼﻭﻩ )‪ (+‬ﺩﺭ ﻗﺴﻤﺖ ﺟﻌﺒﻪ ﺍﺑﺰﺍﺭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﮐﻠﻴﮏ ﮐﻨﻴﺪ‪ .‬ﭘﻨﺠﺮﺓ ﺑﺎﺯ ﺷﺪﻩ‪ ،‬ﺩﺍﺭﺍﯼ ﺩﻭ ﺳﺘﻮﻥ ﮐﻨﺎﺭ ﻫﻢ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﻟﻴﺴﺖ‬
‫ﻣﻴﺰﺑﺎﻧﺎﻥ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﻪ ﺩﺭ ﺳﺘﻮﻥ ﭼﭙﯽ ﻗﺎﺑﻞ ﺭﺅﻳﺖ ﺍﺳﺖ‪ .‬ﺑﺮ ﺭﻭﯼ ﺁﺩﺭﺱ ‪ IP‬ﻳﮑﯽ ﺍﺯ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺧﻮﺩ ﮐﻠﻴﮏ ﮐﻨﻴﺪ‪ .‬ﺍﻳﻦ ﻋﻤﻞ‬
‫ﺑﺎﻋﺚ ﻣﯽ ﺷﻮﺩ ﮐﻪ ﻟﻴﺴﺖ ﺗﻤﺎﻣﯽ ﻣﻴﺰﺑﺎﻧﺎﻥ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﻪ ﺩﺭ ﺳﺘﻮﻥ ﺳﻤﺖ ﺭﺍﺳﺘﯽ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭﺁﻣﺪﻩ ﻭ ﺁﺩﺭﺱ‪ IP‬ﺍﻧﺘﺨﺎﺏ‬
‫ﺷﺪﻩ‪ ،‬ﺣﺬﻑ ﮔﺮﺩﺩ‪ .‬ﺑﺮ ﺭﻭﯼ ﺁﺩﺭﺱ ‪ IP‬ﺩﻳﮕﺮ ﻗﺮﺑﺎﻧﯽ ﺩﺭ ﺳﺘﻮﻥ ﺳﻤﺖ ﺭﺍﺳﺘﯽ ﮐﻠﻴﮏ ﮐﺮﺩﻩ ﺳﭙﺲ ﺑﺮ ﺭﻭﯼ ‪ OK‬ﮐﻠﻴﮏ ﮐﻨﻴﺪ‪.‬‬
‫ﺷﻜﻞ ‪ .۷‬ﺍﻧﺘﺨﺎﺏ ﻗﺮﺑﺎﻧﻲ ﻫﺎ ﺟﻬﺖ ﺷﺮﻭﻉ ﻋﻤﻠﻴﺎﺕ ﻣﺴﻤﻮﻡ ﺳﺎﺯﻱ‬
‫ﺍﮐﻨﻮﻥ ﻣﯽ ﺑﺎﻳﺴﺖ ﺁﺩﺭﺱ ﻫﺎﯼ ‪ IP‬ﻫﺮ ﺩﻭ ﮐﺎﻣﭙﻴﻮﺗﺮ ﮐﻪ ﺩﺭ ﺟﺪﻭﻝ ﺑﺎﻻﻳﯽ ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﺍﻧﺪ ﻗﺎﺑﻞ ﺭﺅﻳﺖ ﺑﺎﺷﺪ‪ .‬ﺟﻬﺖ ﺗﮑﻤﻴﻞ‬
‫ﻓﺮﺍﻳﻨﺪ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ‪ ،‬ﺑﺮ ﺭﻭﯼ ﻧﻤﺎﺩﯼ ﮐﻪ ﺑﻪ ﺷﮑﻞ ﺍﺷﻌﺔ ﺯﺭﺩ ﻭ ﻣﺸﮑﯽ ﺩﺭ ﺟﻌﺒﺔ ﺍﺑﺰﺍﺭ ﻭﺟﻮﺩ ﺩﺍﺭﺩﮐﻠﻴﮏ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﻳﻦ ﻋﻤﻞ‬
‫ﺑﺎﻋﺚ ﻓﻌﺎﻝ ﺳﺎﺯﯼ ﺍﻣﮑﺎﻧﺎﺕ ﻭﻳﮋﺓ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﻣﯽ ﮔﺮﺩﺩ ﻭ ﺳﻴﺴﺘﻢ ﺁﻧﺎﻟﻴﺰ ﮐﻨﻨﺪﺓ ﺷﻤﺎ ﺭﺍ ﻗﺎﺩﺭ ﻣﯽ ﺳﺎﺯﺩ ﮐﻪ ﺑﻪ ﻋﻨﻮﺍﻥ‬
‫ﺷﺨﺺ ﻣﻴﺎﻧﯽ ﺩﺭ ﺗﻤﺎﻣﯽ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺩﻭ ﻗﺮﺑﺎﻧﯽ ﻋﻤﻞ ﮐﻨﺪ‪ .‬ﺩﺭ ﺻﻮﺭﺗﻴﮑﻪ ﮐﻨﺠﮑﺎﻭ ﺑﻪ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﺟﺮﻳﺎﻧﺎﺕ ﭘﺸﺖ ﭘﺮﺩﻩ ﺑﺎﺷﻴﺪ‪،‬‬
‫ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ Wireshark‬ﺭﺍ ﻧﺼﺐ ﮐﺮﺩﻩ ﻭ ﻫﻨﮕﺎﻡ ﻓﻌﺎﻝ ﮐﺮﺩﻥ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺭﺩ ﻭ ﺑﺪﻝ ﺷﺪﻩ ﺍﺯ ﺗﺮﻣﻴﻨﺎﻝ ﺭﺍ‬
‫ﻣﺸﺎﻫﺪﻩ ﮐﻨﻴﺪ‪ .‬ﺩﺭ ﺻﻮﺭﺕ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ‪ ،‬ﺷﻤﺎ ﻧﻈﺎﺭﻩ ﮔﺮ ﺣﺠﻢ ﺑﺎﻻﻳﯽ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ‪ ARP‬ﮐﻪ ﺑﺎ ﺳﺮﻋﺖ ﺑﺎﻻﻳﯽ ﺑﻴﻦ ﺩﻭ‬
‫ﻗﺮﺑﺎﻧﯽ ﺭﺩﻭﺑﺪﻝ ﻣﯽ ﺷﻮﻧﺪ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﻭ ﺑﻼﻓﺎﺻﻠﻪ ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺍﺭﺗﺒﺎﻁ ﺑﻴﻦ ﺁﻧﻬﺎ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﮐﻨﻴﺪ‪.‬‬
‫ﺷﻜﻞ ‪ .۸‬ﺗﺰﺭﻳﻖ ﺗﺮﺍﻓﻴﻚ ‪ARP‬‬
‫ﭘﺲ ﺍﺯ ﺍﺗﻤﺎﻡ ﮐﺎﺭﮐﺎﻓﻴﺴﺖ ﺩﻭﺑﺎﺭﻩ ﺑﺮ ﺭﻭﯼ ﻧﻤﺎﺩﯼ ﮐﻪ ﺑﻪ ﺷﮑﻞ ﺍﺷﻌﺔ ﺯﺭﺩ ﻭ ﻣﺸﮑﯽ ﺍﺳﺖ ﮐﻠﻴﮏ ﮐﻨﻴﺪ ﺗﺎ ﺑﻪ ﻋﻤﻠﻴﺎﺕ ﻣﺴﻤﻮﻡ‬
‫ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ARP‬ﺧﺎﺗﻤﻪ ﺩﻫﻴﺪ‪.‬‬
‫ﺭﻭﺵ ﻫﺎﯼ ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪:ARP‬‬
‫ﺑﺎ ﻣﺸﺎﻫﺪﺓ ﺭﻭﺵ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺍﺯ ﺩﻳﺪ ﻣﻘﺎﺑﻠﻪ ﮐﻨﻨﺪﮔﺎﻥ ﺑﺎ ﺍﻳﻦ ﺭﻭﺵ ﺩﺭ ﻣﻴﺎﺑﺒﻢ ﮐﻪ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺩﺭ ﺷﺮﺍﻳﻂ ﻧﺎ ﻣﺴﺎﻋﺪﯼ ﻧﺴﺒﺖ ﺑﻪ‬
‫ﺣﻤﻠﻪ ﮐﻨﻨﺪﮔﺎﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ‪ .‬ﻓﺮﺍﻳﻨﺪ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ‪ ARP‬ﺩﺭ ﺧﻔﺎ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﻭ ﺍﻣﮑﺎﻥ ﮐﻨﺘﺮﻝ ﻣﺴﺘﻘﻴﻢ ﺁﻥ ﺗﻮﺳﻂ ﻣﺎ ﻣﺤﺪﻭﺩ ﻣﯽ‬
‫ﺑﺎﺷﺪ‪ .‬ﺭﻭﺷﯽ ﮐﻠﯽ ﺑﺮﺍﯼ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﺣﻤﻼﺕ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﺍﻣﺎ ﺩﺭ ﺻﻮﺭﺕ ﻧﮕﺮﺍﻧﯽ ﺍﺯ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻭﺍﻗﻊ ﺷﺪﻥ‪ ،‬ﻣﯽ ﺗﻮﺍﻥ ﺗﻮﺳﻂ‬
‫ﺑﺮﺧﯽ ﺍﺯ ﺍﻗﺪﺍﻣﺎﺕ ﭘﻴﺸﮕﻴﺮﯼ ﮐﻨﻨﺪﻩ ﻭ ﻭﺍﮐﻨﺸﯽ ﺑﺎ ﺍﻳﻦ ﺣﻤﻼﺕ ﻣﻘﺎﺑﻠﻪ ﮐﺮﺩ‪.‬‬
‫ﻣﺤﺎﻓﻈﺖ ﺍﺯ ‪) LAN‬ﺷﺒﮑﻪ ﻣﺤﻠﯽ(‪:‬‬
‫ﺩﺭ ﻳﮏ ﺷﺒﮑﻪ ﻣﺤﻠﯽ‪ ،‬ﺗﻨﻬﺎ ﺗﺎ ﺯﻣﺎﻧﯽ ﻣﯽ ﺗﻮﺍﻥ ﺍﺯ ﺭﻭﺵ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺟﻬﺖ ﺣﻤﻠﻪ ﺍﺳﺘﻔﺎﺩﻩ ﮐﺮﺩ ﮐﻪ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺑﻴﻦ ﺩﻭ‬
‫ﻗﺮﺑﺎﻧﯽ ﺑﺮﻗﺮﺍﺭ ﺑﺎﺷﺪ‪ .‬ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﻣﻮﺿﻮﻉ‪ ،‬ﺩﺭ ﻳﮏ ﺷﺒﮑﺔ ﻣﺤﻠﯽ‪ ،‬ﺩﺭ ﺻﻮﺭﺕ ﻭﻗﻮﻉ ﻳﮑﯽ ﺍﺯ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﺎﻳﺪ ﻧﮕﺮﺍﻥ ﺍﻣﻨﻴﺖ‬
‫ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺷﻮﻳﺪ‪ :‬ﺍﮔﺮ ﻳﮏ ﺩﺳﺘﮕﺎﻩ ﺩﺭ ﺷﺒﮑﻪ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﻳﮏ ﮐﺎﺭﺑﺮ ﻣﻌﺘﻤﺪ ﻗﺼﺪ ﺣﻤﻠﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻳﺎ‬
‫ﺷﺨﺼﯽ ﻗﺼﺪ ﻧﺼﺐ ﻳﮏ ﺳﻴﺴﺘﻢ ﻏﻴﺮﻣﻄﻤﺌﻦ ﺩﺭ ﺷﺒﮑﻪ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺍﮔﺮﭼﻪ ﻣﺎ ﺍﻏﻠﺐ ﺑﺮ ﺣﻔﻆ ﺍﻣﻨﻴﺖ ﻓﻀﺎﯼ ﺷﺒﮑﻪ ﺗﻤﺮﮐﺰ‬
‫ﺩﺍﺭﻳﻢ‪ ،‬ﻭﻟﯽ ﺑﺎ ﻣﻘﺎﺑﻠﻪ ﺑﺮﺍﺑﺮ ﺗﻬﺪﻳﺪﺍﺕ ﺩﺍﺧﻠﯽ ﻭ ﺑﺎ ﺩﺍﺷﺘﻦ ﻭﺿﻌﻴﺖ ﺍﻣﻨﻴﺘﯽ ﻣﻨﺎﺳﺐ‪ ،‬ﻣﯽ ﺗﻮﺍﻧﻴﻢ ﺑﻪ ﺍﺯ ﺑﻴﻦ ﺑﺮﺩﻥ ﻧﮕﺮﺍﻧﯽ ﻫﺎ ﺩﺭﺑﺎﺭﻩ‬
‫ﺣﻤﻼﺕ ﺫﮐﺮ ﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻣﻘﺎﻻﺕ ﮐﻤﮏ ﮐﻨﻴﻢ‪.‬‬
‫ﮐﺪﮔﺬﺍﺭﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪:APR‬‬
‫ﻳﮑﯽ ﺍﺯ ﺭﺍﻩ ﻫﺎﯼ ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﻃﺒﻴﻌﺖ ﻧﺎﺍﻣﻦ ﻭ ﭘﻮﻳﺎﯼ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻭ ﭘﺎﺳﺨﯽ‪ ،ARP‬ﮐﺎﻫﺶ ﺧﺎﺻﻴﺖ ﺩﻳﻨﺎﻣﻴﮑﯽ‬
‫ﻋﻤﻠﮑﺮﺩ ﺍﻳﻦ ﺩﺳﺘﻪ ﻫﺎ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﺭﻭﺵ ﺭﺍ ﻣﯽ ﺗﻮﺍﻥ ﺑﻪ ﻋﻨﻮﺍﻥ ﻳﮏ ﺭﺍ ﺣﻞ ﻣﻔﻴﺪ ﺩﺭ ﻧﻈﺮ ﮔﺮﻓﺖ ﺯﻳﺮﺍ ﻣﻴﺰﺑﺎﻧﺎﻧﯽ ﮐﻪ ﺍﺯ ﺳﻴﺴﺘﻢ‬
‫ﻋﺎﻣﻞ ﻭﻳﻨﺪﻭﺯ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻨﺪ‪ ،‬ﺍﺟﺎﺯﻩ ﻭﺭﻭﺩ ﺩﺍﺩﻩ ﻫﺎﯼ ﺍﺿﺎﻓﯽ ﺍﺳﺘﺎﺗﻴﮏ ﺭﺍ ﺑﻪ ﺣﺎﻓﻈﺔ ﮐﺶ ﺧﻮﺩ ﻣﯽ ﺩﻫﻨﺪ‪ .‬ﺷﻤﺎ ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺑﺎ‬
‫ﮔﺸﻮﺩﻥ ﻳﮏ ﺻﻔﺤﺔ ﺩﺳﺘﻮﺭ ﻭ ﺗﺎﻳﭗ ﻓﺮﻣﺎﻥ ‪ ، arp-a‬ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ARP‬ﻭﻳﻨﺪﻭﺯ ﻳﮏ ﻣﻴﺰﺑﺎﻥ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﮐﻨﻴﺪ‪.‬‬
‫ﺷﻜﻞ ‪ .۹‬ﻣﺸﺎﻫﺪﻩ ﺣﺎﻓﻈﻪ ﻛﺶ ‪ARP‬‬

‫ﺷﻤﺎ ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺗﻮﺳﻂ ﺩﺳﺘﻮﺭ ﺯﻳﺮ‪ ،‬ﻭﺭﻭﺩﯼ ﻫﺎﯼ ﺟﺪﻳﺪ ﺭﺍ ﺑﻪ ﻟﻴ ﺴﺖ ﺧﻮﺩ ﺍﺿﺎﻓﻪ ﻧﻤﺎﻳﻴﺪ ‪:‬‬
‫>‪arp –s <IP ADDRESS> <MAC ADDRESS‬‬
‫ﺩﺭ ﺻﻮﺭﺗﻴﮑﻪ ﺳﺎﺧﺘﺎﺭ ﺷﺒﮑﻪ ﺷﻤﺎ ﺧﻴﻠﯽ ﺑﻪ ﻧﺪﺭﺕ ﺗﻐﻴﻴﺮ ﻣﻲ ﮐﻨﺪ‪ ،‬ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﮐﻪ ﻟﻴﺴﺘﯽ ﺍﺯ ﻭﺭﻭﺩﯼ ﻫﺎﯼ ﺍﺳﺘﺎﺗﻴﮏ ‪ARP‬‬
‫ﺗﻬﻴﻪ ﮐﺮﺩﻩ ﻭ ﺍﻳﻦ ﻭﺭﻭﺩﯼ ﻫﺎ ﺭﺍ ﺗﻮﺳﻂ ﻣﺘﻮﻥ ﮐﺎﻣﭙﻴﻮﺗﺮﯼ ﺍﺗﻮﻣﺎﺗﻴﮏ ﺑﻪ ﻣﻴﺰﺑﺎﻥ ﺍﺭﺳﺎﻝ ﮐﻨﻴﺪ‪ .‬ﺍﻳﻦ ﺍﻗﺪﺍﻡ ﺳﺒﺐ ﻣﯽ ﮔﺮﺩﺩ ﺗﺎ ﺍﺯ ﺍﻳﻦ‬
‫ﻣﻮﺿﻮﻉ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﮔﺮﺩﺩ ﮐﻪ ﮐﺎﻣﭙﻴ ﻮﺗﺮ ﻫﺎﯼ ﺷﺒﮑﻪ ﺑﺠﺎﯼ ﺍﻋﺘﻤﺎﺩ ﺑﻪ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻭ ﭘﺎﺳﺨﯽ ‪ ،ARP‬ﻫﻤﻴﺸﻪ‬
‫ﺑﺮﺍﺳﺎﺱ ﺣﺎﻓﻈﺔ ﮐﺶ ﻣﺤﻠﯽ ‪ ARP‬ﺧﻮﺩ ﻋﻤﻞ ﻣﯽ ﮐﻨﻨﺪ‪.‬‬
‫ﺛﺒﺖ ﺍﻃﻼﻋﺎﺕ ﺗﺒﺎﺩﻝ ﺷﺪﺓ ‪ ARP‬ﺗﻮﺳﻂ ﻳﮏ ﺑﺮﻧﺎﻣﻪ ﺛﺎﻟﺚ‪:‬‬
‫ﺁﺧﺮﻳﻦ ﺭﻭﺵ ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ،ARP‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﮏ ﺭﺍﻩ ﺣﻞ ﻭﺍﮐﻨﺸﯽ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﺭﺍﻩ ﺣﻞ‪،‬‬
‫ﺷﺎﻣﻞ ﺛﺒﺖ ﺍﻃﻼﻋﺎﺕ ﺗﺒﺎﺩﻝ ﺷﺪﻩ ﺗﻮﺳﻂ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺩﺭ ﺷﺒﮑﻪ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺗﻮﺳﻂ ﭼﻨﺪ ﺳﻴﺴﺘﻢ ﻧﻔﻮﺫ ﻳﺎﺏ‬
‫ﻣﺨﺘﻠﻒ )ﻣﺎﻧﻨﺪ ‪ (Snort‬ﻳﺎ ﺗﻮﺳﻂ ﺍﺑﺰﺍﺭﻫﺎﯼ ﻗﺎﺑﻞ ﺩﺍﻧﻠﻮﺩﯼ ﮐﻪ ﺻﺮﻓﺎﹰ ﺟﻬﺖ ﻧﻴﻞ ﺑﻪ ﺍﻳﻦ ﻫﺪﻑ ﻃﺮﺍﺣﯽ ﺷﺪﻩ ﺍﻧﺪ)ﻣﺎﻧﻨﺪ ‪(xARP‬‬
‫ﺍﻣﮑﺎﻥ ﭘﺬﻳﺮ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺭﺍﻩ ﺣﻞ ﻫﻨﮕﺎﻡ ﺗﻌﺎﻣﻞ ﺑﺎ ﻳﮏ ﻣﻴ ﺰﺑﺎﻥ ﺩﺭ ﺷﺒﮑﻪ ﺑﻪ ﺭﺍﺣﺘﯽ ﺍﻣﮑﺎﻥ ﭘﺬﻳﺮ ﻣﯽ ﺑﺎﺷﺪ ﻭﻟﯽ ﺩﺭ‬
‫ﺻﻮﺭﺕ ﻣﻮﺍﺟﻪ ﺑﻮﺩﻥ ﺑﺎ ﺗﻤﺎﻣﯽ ﺑﺨﺶ ﻫﺎﯼ ﺷﺒﮑﻪ‪ ،‬ﺑﮑﺎﺭﮔﻴﺮﯼ ﺍﻳﻦ ﺭﻭﺵ ﮐﻤﯽ ﺩﺷﻮﺍﺭ ﻣﯽ ﺑﺎﺷﺪ‪.‬‬
‫ﻓﺮﻳﺐ ‪:DNS‬‬
‫ﻓﺮﻳﺐ ﺩﺍﺩﻥ ‪ ،DNS‬ﻧﻮﻋﯽ ﺩﻳﮕﺮ ﺍﺯ ﺣﻤﻼﺕ ﺷﺨﺺ ﻣﻴﺎﻧﯽ )‪ (MITM‬ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺗﻮﺳﻂ ﺍﻳﻦ ﺭﻭﺵ‪ ،‬ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﻗﺎﺩﺭ‬
‫ﺍﺳﺖ ﺍﻃﻼﻋﺎﺕ ‪ DNS‬ﻧﺎﺩﺭﺳﺘﯽ ﺑﺮﺍﯼ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻣﻴﺰﺑﺎﻥ )ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ( ﺍﻳﺠﺎﺩ ﻧﻤﺎﻳﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ‪ ،‬ﺯﻣﺎﻧﻴﮑﻪ ﺷﺨﺺ ﻗﺮﺑﺎﻧﯽ ﺗﺼﻤﻴﻢ‬
‫ﺩﺍﺭﺩ ﻭﺍﺭﺩ ﺳﺎﻳﺘﯽ ﻣﺎﻧﻨﺪ ‪ www.bankofamerica.com‬ﺑﺎ ﺁﺩﺭﺱ ‪ XXX.XX.XX.XX : IP‬ﮔﺮﺩﺩ‪ ،‬ﺍﻳﻦ ﺷﺨﺺ ﺩﺭ ﻭﺍﻗﻊ ﺑﻪ ﺳﺎﻳﺖ‬
‫ﺟﻌﻠﯽ ﻭ ﺳﺎﺧﺘﮕﯽ ‪ www.bankofamerica.com‬ﺑﺎ ﺁﺩﺭﺱ ‪ YYY.YY.YY.YY : IP‬ﻓﺮﺳﺘﺎﺩﻩ ﻣﯽ ﺷﻮﺩ‪ .‬ﺍﻳﻦ ﺳﺎﻳﺖ ﺟﻌﻠﯽ ﺗﻮﺳﻂ‬
‫ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﺳﺎﺧﺘﻪ ﺷﺪﻩ ﻭ ﻫﺪﻑ ﺍﻳﻦ ﺷﺨﺺ‪ ،‬ﺩﺯﺩﯼ ﺍﻋﺘﺒﺎﺭﺍﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ ﻭ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺏ ﺷﺨﺺ ﻗﺮﺑﺎﻧﯽ ﺍﺳﺖ‪،‬‬
‫ﺍﺟﺮﺍﯼ ﭼﻨﻴﻦ ﺣﻤﻠﻪ ﺍﯼ ﺑﺮﺍﺣﺘﯽ ﺍﻣﮑﺎﻧﭙﺬﻳﺮ ﺍﺳﺖ‪.‬‬
‫ﺍﺭﺗﺒﺎﻁ ﻣﻌﻤﻮﻝ ‪:DNS‬‬
‫ﻃﺒﻖ ﺗﻌﺮﻳﻒ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺩﺭ ‪ ،RFC 1034/1035‬ﭘﺮﻭﺗﮑﻞ ""ﺳﻴﺴﺘﻢ ﻧﺎﻣﮕﺬﺍﺭﯼ ﻭﺏ ﺳﺎﻳﺖ"" ﻳﺎ ‪ ،DNS‬ﻣﻬﻤﺘﺮﻳﻦ ﭘﺮﻭﺗﮑﻞ ﻣﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺗﻮﺳﻂ ﺍﻳﻨﺘﺮﻧﺖ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺯﻳﺮﺍ ﻭﺟﻮﺩ ‪ DNS‬ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺎﻋﺚ ﻣﯽ ﮔﺮﺩﺩ ﮐﻪ ﺑﻪ ﻗﻮﻝ ﻣﻌﺮﻭﻑ‪’:‬ﺁﺟﺮ ﺭﻭﯼ ﺁﺟﺮ ﺑﻨﺪ ﺷﻮﺩ’‪.‬‬
‫ﺑﻄﻮﺭ ﺧﻼﺻﻪ ﻣﯽ ﺗﻮﺍﻥ ﮔﻔﺖ ﻫﺮﮔﺎﻩ ﺷﻤﺎ ﺁﺩﺭﺳﯽ ﻣﺎﻧﻨﺪ ‪ http://www.google.com‬ﺭﺍ ﺩﺭ ﺻﻔﺤﺔ ﻣﺮﻭﺭﮔﺮ ﺗﺎﻳﭗ ﻣﻲ ﮐﻨﻴﺪ ﺗﺎ‬
‫ﻭﺍﺭﺩ ﺁﻥ ﺳﺎﻳﺖ ﺷﻮﻳﺪ‪ ،‬ﻳﮏ ﺩﺭﺧﻮﺍﺳﺖ ‪ DNS‬ﺑﻪ ﺳﺮﻭﺭ ‪ DNS‬ﺍﺭﺳﺎﻝ ﻣﯽ ﺷﻮﺩ ﺗﺎ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺷﻤﺎ ﺁﺩﺭﺱ ‪ IP‬ﺁﻥ ﺳﺎﻳﺖ ﺭﺍ ﺑﺪﺳﺖ‬
‫ﺁﻭﺭﺩ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﻋﻠﺖ ﺍﺳﺖ ﮐﻪ ﺩﺳﺘﮕﺎﻩ ﻫﺎﯼ ﺍﻳﺠﺎﺩ ﮐﻨﻨﺪﺓ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﯽ‪ ،‬ﺁﺩﺭﺳﯽ ﻣﺎﻧﻨﺪ ‪ google.com‬ﺭﺍ ﺗﺸﺨﻴﺺ‬
‫ﻧﻤیﺪﻫﻨﺪ‪ .‬ﺍﻳﻦ ﺩﺳﺘﮕﺎﻩ ﻫﺎ‪ ،‬ﺗﻨﻬﺎ ﺑﺎ ﺁﺩﺭﺱ ‪ IP‬ﻭﺏ ﺳﺎﻳﺖ ﻫﺎ )ﻣﺎﻧﻨﺪ ‪ (74.125.95.103‬ﺁﺷﻨﺎ ﺑﻮﺩﻩ ﻭ ﺑﺮﺍﺳﺎﺱ ﺁﺩﺭﺱ ﻫﺎﯼ ‪IP‬‬
‫ﻗﺎﺩﺭ ﺑﻪ ﻓﻌﺎﻟﻴﺖ ﻫﺴﺘﻨﺪ‪.‬‬

‫ﻣﺮﺍﺣﻞ ﻋﻤﻠﮑﺮﺩ ﻳﮏ ﺳﺮﻭﺭ ‪ DNS‬ﺑﻪ ﺍﻳﻦ ﺗﺮﺗﻴﺐ ﻣﯽ ﺑﺎﺷﺪ‪ :‬ﺫﺧﻴﺮﺓ ﺍﻃﻼﻋﺎﺕ ﻭﺭﻭﺩﯼ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﺩﺭﺱ ﻫﺎﯼ ‪) IP‬ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﺮﺟﻊ( ﺩﺭ ﺳﻴﺴﺘﻢ ﻧﺎﻣﮕﺬﺍﺭﯼ ‪ ،DNS‬ﺗﺒﺎﺩﻝ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﮐﺎﻣﭙﻴﻮﺗﺮ ﮐﺎﺭﺑﺮﺍﻥ ﻭ ﺗﺒﺎﺩﻝ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺳﺮﻭﺭ ﻫﺎﯼ ‪ DNS‬ﺩﻳﮕﺮ‪.‬‬
‫ﺳﺎﺧﺘﺎﺭ ﻳﮏ ﺳﺮﻭﺭ ‪ DNS‬ﺩﺭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﯽ ﻳﺎ ﺑﻴﻦ ﺷﺮﮐﺖ ﻫﺎ ﻣﯽ ﺗﻮﺍﻧﺪ ﺗﺎﺣﺪﻭﺩﯼ ﭘﻴﭽﻴﺪﻩ ﺑﺎﺷﺪ‪.‬‬
‫ﺷﻜﻞ ‪ .۱۰‬ﺩﺭﺧﻮﺍﺳﺖ ﻭ ﭘﺎﺳﺦ ‪DNS‬‬

‫ﭘﺮﻭﺗﮑﻞ ‪ DNS‬ﺑﻪ ﺻﻮﺭﺕ ﺩﺭﺧﻮﺍﺳﺘﯽ‪ /‬ﭘﺎﺳﺨﯽ ﻋﻤﻞ ﻣﯽ ﮐﻨﺪ‪ .‬ﮐﺎﺭﺑﺮﯼ ﮐﻪ ﻗﺼﺪ ﺩﺍﺭﺩ ﻭﺍﺭﺩ ﻭﺏ ﺳﺎﻳﺘﯽ ﺑﺎ ‪ DNS‬ﻭ ‪ IP‬ﻣﺸﺨﺼﯽ‬
‫ﮔﺮﺩﺩ‪ ،‬ﺍﺑﺘﺪﺍ ﺩﺭﺧﻮﺍﺳﺘﯽ ﺭﺍ ﺑﻪ ﺳﺮﻭﺭ ‪ DNS‬ﺍﺭﺳﺎﻝ ﻣﯽ ﮐﻨﺪ‪ .‬ﺳﭙﺲ‪ ،‬ﺳﺮﻭﺭ ﺍﻃﻼﻋﺎﺕ ﺩﺭﺧﻮﺍﺳﺖ ﺷﺪﻩ ﺭﺍ ﺑﺮﺍﯼ ﺁﻥ ﮐﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ‬
‫ﻣﯽ ﻧﻤﺎﻳﺪ‪ .‬ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﻳﮏ ﮐﺎﺭﺑﺮ‪ ،‬ﺗﻨﻬﺎ ﻫﻤﻴﻦ ﺩﻭ ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻭ ﭘﺎﺳﺨﯽ ﺩﺭ ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﺷﻜﻞ ‪ .۱۱‬ﺑﺴﺘﻪ ﻫﺎﻱ ﺩﺭﺧﻮﺍﺳﺖ ﻭ ﭘﺎﺳﺦ ‪DNS‬‬
‫ﺑﺎ ﺩﺭ ﻧﻈﺮ ﮔﺮﻓﺘﻦ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻮﺟﻮﺩ ﺑﻴﻦ ﺳﺮﻭﺭ ﻫﺎﯼ ‪ ،DNS‬ﻓﺮﺍﻳﻨﺪ ﺍﺭﺳﺎﻝ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻭ ﭘﺎﺳﺨﯽ ﮐﻤﯽ ﭘﻴﭽﻴﺪﻩ ﺗﺮ‬
‫ﻣﯽ ﮔﺮﺩﺩ‪ .‬ﻋﻤﻠﮑﺮﺩ ﺳﻠﺴﻠﻪ ﻣﺮﺍﺗﺒﯽ ‪ DNS‬ﺩﺭﺍﻳﻨﺘﺮﻧﺖ ﺳﺒﺐ ﻣﯽ ﮔﺮﺩﺩ ﺗﺎ ﺳﺮﻭﺭ ﻫﺎﯼ ‪ DNS‬ﺑﺮﺍﯼ ﺍﺭﺳﺎﻝ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ﺑﻪ ﮐﺎﺭﺑﺮ‪،‬‬
‫ﻧﺎﭼﺎﺭ ﺑﻪ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﻳﮑﺪﻳﮕﺮﮔﺮﺩﻧﺪ‪ .‬ﺍﺯ ﺍﻳﻦ ﮔﺬﺷﺘﻪ‪ ،‬ﺷﺎﻳﺪ ﺑﺘﻮﺍﻥ ﺍﺯ ﻳﮏ ﺳﺮﻭﺭ ‪ DNS‬ﺩﺍﺧﻠﯽ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺷﺖ ﮐﻪ ﻧﺎﻡ ﺳﺮﻭﺭ ﻣﺤﻠﯽ‬
‫ﺍﻳﻨﺘﺮﺍﻧﺖ ﺑﺎ ‪ IP‬ﻣﺸﺨﺺ ﺭﺍ ﺑﺪﺍﻧﺪ‪ ،‬ﻭﻟﯽ ﻣﺴﻠﻤﺎﹰ ﻧﻤﯽ ﺗﻮﺍﻥ ﺍﺯ ﭼﻨﻴﻦ ﺳﺮﻭﺭﯼ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺷﺖ ﮐﻪ ﺁﺩﺭﺱ ﻫﺎﯼ ‪ IP‬ﻣﺮﺑﻮﻁ ﺑﻪ ﺳﺎﻳﺖ‬
‫ﻫﺎﻳﯽ ﻣﺎﻧﻨﺪ ‪ Google‬ﻳﺎ ‪ Dell‬ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﺪ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﺟﻬﺖ ﺍﺳﺖ ﮐﻪ ﺍﺭﺗﺒﺎﻁ ﺑﻴﻦ ﺳﺮﻭﺭ ﻫﺎﯼ ‪ DNS‬ﻧﻘﺶ ﻣﻬﻤﯽ ﺩﺭ ﺍﻳﻦ‬
‫ﻓﺮﺍﻳﻨﺪ ﺑﺎﺯﯼ ﻣﯽ ﮐﻨﻨﺪ‪ .‬ﺍﺭﺗﺒﺎﻁ ﺑﻴﻦ ﺳﺮﻭﺭ ﻫﺎﯼ ‪ ،DNS‬ﺍﺯ ﻃﺮﻳﻖ ﺍﺭﺳﺎﻝ ﻳﮏ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ﺍﺯ ﻳﮏ ﺳﺮﻭﺭ )ﺍﺯ ﻃﺮﻑ ﮐﺎﺭﺑﺮ( ﺑﻪ‬
‫ﺳﺮﻭﺭ ﺩﻳﮕﺮ ﺍﻧﺠﺎﻡ ﻣﯽ ﮔﺮﺩﺩ‪ .‬ﺩﺭ ﺣﻘﻴﻘﺖ‪ ،‬ﺩﺭ ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﻳﮏ ﺳﺮﻭﺭ ﻧﻘﺶ ﮐﺎﺭﺑﺮ ﺭﺍ ﺑﺎﺯﯼ ﻣﯽ ﮐﻨﺪ )ﻣﻄﺎﺑﻖ ﺷﻜﻞ ‪.(۱۲‬‬
‫ﺷﻜﻞ ‪ .۱۲‬ﺍﺭﺳﺎﻝ ﺩﺭﺧﻮﺍﺳﺖ ﻭ ﭘﺎﺳﺦ ﺍﺯ ﻣﺸﺘﺮﻱ ﺑﻪ ﺳﺮﻭﺭ ﻭ ﺍﺯ ﺳﺮﻭﺭﻱ ﺑﻪ ﺳﺮﻭﺭ ﺩﻳﮕﺮ‬
‫ﻓﺮﻳﺐ ﺩﺍﺩﻥ ‪:DNS‬‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﺑﻪ ﺭﻭﺵ ﻫﺎﯼ ﻣﺨﺘﻠﻔﯽ ﻣﯽ ﺗﻮﺍﻥ ﺻﺪﺍﯼ ﻳﮏ ﮔﺮﺑﻪ ﺭﺍ ﺗﻘﻠﻴﺪ ﮐﺮﺩ‪ ،‬ﻣﯽ ﺗﻮﺍﻥ ﺍﺯ ﺭﻭﺵ ﻫﺎﯼ ﻣﺘﻌﺪﺩﯼ ﻧﻴﺰ ﺟﻬﺖ‬
‫ﺍﺟﺮﺍﯼ ﺣﻤﻠﻪ ﺍﺯ ﻧﻮﻉ ""ﻓﺮﻳﺐ ‪ ""DNS‬ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ‪ .‬ﻣﺎ ﺍﺯ ﺭﻭﺵ ""ﻓﺮﻳﺐ ﺩﺍﺩﻥ ﺷﻨﺎﺳﺔ ‪ ""DNS‬ﺟﻬﺖ ﺣﻤﻠﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ‪.‬‬
‫ﻫﺮ ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ ‪ DNS‬ﮐﻪ ﺩﺭ ﺷﺒﮑﻪ ﺍﺭﺳﺎﻝ ﻣﯽ ﺷﻮﺩ‪ ،‬ﺩﺍﺭﺍﯼ ﺷﻤﺎﺭﺓ ﺷﻨﺎﺳﺔ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩﯼ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﺷﻨﺎﺳﻪ‪،‬‬
‫ﺟﻬﺖ ﺍﻣﮑﺎﻥ ﺷﻨﺎﺳﺎﻳﯽ ﻭ ﻣﺘﺼﻞ ﻧﻤﻮﺩﻥ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﺧﻮﺍﺳﺘﯽ ﻭ ﭘﺎﺳﺨﯽ ﺑﮑﺎﺭ ﻣﯽ ﺭﻭﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ‪ ،‬ﺍﮔﺮ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ‬
‫ﻗﺎﺩﺭ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﺩﺭﺧﻮﺍﺳﺖ ‪ DNS‬ﺍﺭﺳﺎﻝ ﺷﺪﻩ ﺍﺯ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ ﺑﺎﺷﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﮐﺎﻓﻴﺴﺖ ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﻳ ﮏ ﺩﺳﺘﺔ‬
‫ﭘﺎﺳﺨﯽ ﺟﻌﻠﯽ ﮐﻪ ﺷﺎﻣﻞ ﺍﻳﻦ ﺷﻨﺎﺳﻪ ﺑﺎﺷﺪ ﺑﺴﺎﺯﺩ ﻭ ﺑﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ ﺍﺭﺳﺎﻝ ﮐﻨﺪ‪.‬‬
‫ﺍﻳﻦ ﺣﻤﻠﻪ‪ ،‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﮏ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻭ ﺗﻮﺳﻂ ﺍﺟﺮﺍﯼ ﺩﻭ ﻣﺮﺣﻠﻪ ﺭﻭﺑﺮﻭ ﺍﻧﺠﺎﻡ ﻣﯽ ﮔﻴﺮﺩ‪ :‬ﺍﺑﺘﺪﺍ‪ ،‬ﻣﺎ ﺍﻗﺪﺍﻡ ﺑﻪ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ‬
‫ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ARP‬ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ ﻧﻤﻮﺩﻩ ﺗﺎ ﻗﺎﺩﺭ ﺷﻮﻳﻢ ﺍﻃﻼﻋﺎﺕ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺗﻮﺳﻂ ﺁﻥ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺭﺍ ﻣﻨﺤﺮﻑ ﺳﺎﺧﺘﻪ ﻭ ﺩﺭ‬
‫ﻧﺘﻴﺠﻪ ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ ‪ DNS‬ﺍﺭﺳﺎﻟﯽ ﺍﺯ ﺁﻥ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﮐﻨﻴﻢ‪ .‬ﺳﭙﺲ‪ ،‬ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ﺟﻌﻠﯽ ﺭﺍ ﺑﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ‬
‫ﺍﺭﺳﺎﻝ ﻣﯽ ﮐﻨﻴﻢ‪ .‬ﻫﺪﻑ ﺍﺯ ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﮐﻪ ﮐﺎﺑﺮﺍﻥ )ﻗﺮﺑﺎﻧﻴﺎﻥ( ﺑﺠﺎﯼ ﻭﺭﻭﺩ ﺑﻪ ﺳﺎﻳﺘﯽ ﮐﻪ ﻣﺪ ﻧﻈﺮﺷﺎﻥ ﺍﺳﺖ‪ ،‬ﺑﻪ ﻭﺏ‬
‫ﺳﺎﻳﺖ ﺟﻌﻠﯽ ﻣﺎ ﻭﺍﺭﺩ ﺷﻮﻧﺪ ﺗﺎ ﻣﺎ ﺑﻪ ﺍﻫﺪﺍﻑ ﺷﻮﻡ ﺧﻮﺩ ﺑﺮﺳﻴﻢ‪ .‬ﻧﻤﻮﻧﻪ ﺍﯼ ﺍﺯ ﺍﻳﻦ ﺣﻤﻠﻪ ﺩﺭ ﺷﻜﻞ ‪ ۱۳‬ﺁﻣﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺷﻜﻞ ‪ .۱۳‬ﺣﻤﻠﻪ ﺑﻪ ﺭﻭﺵ ﻓﺮﻳﺐ ‪ DNS‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻳﺐ ﺷﻨﺎﺳﻪ ‪DNS‬‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻫﺎﯼ ﻣﺨﺘﻠﻔﯽ ﺟﻬﺖ ﺍﺟﺮﺍﯼ ﺣﻤﻠﻪ ﺑﻪ ﺭﻭﺵ ""ﻓﺮﻳﺐ ‪ ""DNS‬ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪ .‬ﻣﺎ ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ Ettercap‬ﺑﻪ ﺍﻳﻦ ﻣﻨﻈﻮﺭ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ‪ .‬ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺩﺍﺭﺍﯼ ﻧﺴﺨﻪ ﻫﺎﯼ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﺩﺭ ‪ Windows‬ﻭ ‪ Linux‬ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺑﺎ ﺗﺤﻘﻴﻖ ﺩﺭﺑﺎﺭﺓ ﻧﺮﻡ ﺍﻓﺰﺍﺭ‬
‫‪ Ettercap‬ﺩﺭ ﺍﻳﻦ ﻭﺏ ﺳﺎﻳﺖ ﻣﺘﻮﺟﻪ ﻣﯽ ﺷﻮﻳﺪ ﮐﻪ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺩﺍﺭﺍﯼ ﻗﺎﺑﻠﻴﺖ ﻫﺎﻳﯽ ﻓﺮﺍﺗﺮ ﺍﺯ ﺍﻧﺠﺎﻡ""ﻓﺮﻳﺐ ‪""DNS‬ﺑﻮﺩﻩ ﻭ ﺩﺭ‬
‫ﺍﮐﺜﺮ ﺣﻤﻼﺕ ﺷﺨﺺ ﻣﻴﺎﻧﯽ )‪ (MITM‬ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﯽ ﮔﻴﺮﺩ‪.‬‬
‫ﺍﮔﺮ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ Ettercap‬ﺭﺍ ﺗﺤﺖ ﺳﻴ ﺴﺘﻢ ﻋﺎﻣﻞ ﻭﻳﻨﺪﻭﺯ ﻧﺼﺐ ﮐﻨﻴﺪ‪ ،‬ﻣﺘﻮﺟﻪ ﻣﯽ ﺷﻮﻳﺪ ﮐﻪ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺩﺍﺭﺍﯼ ﻳﮏ ‪GUI‬‬
‫ﺍﺳﺖ‪ ،‬ﮐﻪ ﺑﺨﻮﺑﯽ ﮐﺎﺭ ﻣﯽ ﮐﻨﺪ‪ .‬ﺍﻣﺎ ﺩﺭ ﺍﻳﻦ ﻣﺜﺎﻝ‪ ،‬ﻣﺎ ﺍﺯ ﺗﺮﻣﻴﻨﺎﻝ ‪ command-line‬ﺟﻬﺖ ﺍﺟﺮﺍﯼ ﺣﻤﻠﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ‪ .‬ﻗﺒﻞ‬
‫ﺍﺯ ﺍﺟﺮﺍﯼ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ ،Ettercap‬ﻧﻴﺎﺯ ﺑﻪ ﭘﻴﮑﺮﺑﻨﺪﯼ ﻭ ﺍﻧﺠﺎﻡ ﺑﺮﺧﯽ ﺗﻨﻈﻴﻤﺎﺕ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺩﺭ ﺍﺻﻞ ﻳﮏ ﻭﺳﻴﻠﺔ‬
‫ﺗﺠﺴﺲ ﻣﯽ ﺑﺎﺷﺪ ﮐﻪ ﺍﺯ ‪ plug-in‬ﻫﺎﯼ )ﺩﻭﺷﺎﺧﻪ ﻫﺎﯼ( ﻣﺨﺘﻠﻒ ﺟﻬﺖ ﺍﺟﺮﺍﯼ ﺣﻤﻠﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﺪ‪ .‬ﺍﺯ ﺁﻧﺠﺎﻳﻴﮑﻪ ﺩﺭ ﺍﻳﻦ‬
‫ﻣﺜﺎﻝ‪ plug-in ،‬ﻣﺮﺑﻮﻁ ﺑﻪ ‪ dns_spoof‬ﺣﻤﻠﻪ ﺭﺍ ﺍﺟﺮﺍ ﻣﯽ ﻧﻤﺎﻳﺪ‪ ،‬ﻣﺎ ﺑﺎﻳﺪ ﭘﻴﮑﺮ ﺑﻨﺪﯼ ﻓﺎﻳ ﻞ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻳﻦ ‪ plug-in‬ﺭﺍ ﺍﺻﻼﺡ‬
‫ﮐﻨﻴﻢ‪ .‬ﺩﺭ ﺻﻮﺭﺕ ﮐﺎﺭ ﺑﺎ ﺳﻴﺴﺘﻢ ﻋﺎﻣﻞ ﻭﻳﻨﺪﻭﺯ‪ ،‬ﺍﻳﻦ ﻓﺎﻳﻞ ﻣﯽ ﺗﻮﺍﻧﺪ ﺩﺭ ﺁﺩﺭﺱ ﻫﺎﯼ ﺯﻳﺮ ﺫﺧﻴﺮﻩ ﺷﻮﺩ‪:‬‬
‫‪C:\Program Files (x86)\EttercapNG\share\etter.dns‬‬
‫‪/usr/share/ettercap/etter.dns‬‬
‫ﺍﻳﻦ ﻓﺎﻳﻞ ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩ ﺑﻮﺩﻩ ﻭ ﺣﺎﻭﯼ ﺍﻃﻼﻋﺎﺕ ‪ DNS‬ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺭﻭﺵ ""ﻓﺮﻳﺐ ‪ ""DNS‬ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﻫﺪﻑ ﻣﺎ ﺍﻳﻦ ﺍﺳﺖ ﮐﻪ‬
‫ﻫﺮ ﮐﺎﺭﺑﺮﯼ ﺭﺍ ﮐﻪ ﻗﺼﺪ ﻭﺍﺭﺩ ﺷﺪﻥ ﺑﻪ ﺳﺎﻳﺖ ‪ yahoo.com‬ﺩﺍﺭﺩ‪ ،‬ﺑﻪ ﻳﮏ ﺳﺎﻳﺖ ﻣﻴﺰﺑﺎﻥ ﺩﺭ ﺷﺒﮑﺔ ﻣﺤﻠﯽ ﻫﺪﺍﻳﺖ ﻭ ﻣﻨﺘﻘﻞ ﮐﻨﻴﻢ‬
‫ﺗﺎ ﺑﺘﻮﺍﻧﻴﻢ ﻭﺭﻭﺩﯼ ﻣﺸﺨﺺ ﺷﺪﻩ ﺩﺭ ﺷﻜﻞ ‪ ۱۴‬ﺭﺍ ﺍﺿﺎﻓﻪ ﻧﻤﺎﻳﻴﻢ‪.‬‬
‫ﺷﻜﻞ ‪ .۱۴‬ﺍﺿﺎﻓﻪ ﻛﺮﺩﻥ ﻳﻚ ﻭﺭﻭﺩﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ‪ DNS‬ﻓﺮﻳﺐ ﺩﺍﺩﻩ ﺷﺪﻩ ﺑﻪ ‪etter.dns‬‬
‫ﺍﺳﺎﺱ ﻋﻤﻠﮑﺮﺩ ﺍﻳﻦ ﻭﺭﻭﺩﯼ ﻫﺎ ﺑﻪ ﺍﻳﻨﺼﻮﺭﺕ ﺍﺳﺖ‪ :‬ﺍﻳﻦ ﻭﺭﻭﺩﯼ ﻫﺎ ﺑﻪ ‪ plug-in‬ﻣﺮﺑﻮﻁ ﺑﻪ ‪ dns_spoof‬ﺩﺳﺘﻮﺭ ﻣﯽ ﺩﻫﻨﺪ ﮐﻪ ﺩﺭ‬
‫ﺻﻮﺭﺕ ﻣﺸﺎﻫﺪﺓ ﻳﮏ ﺩﺳﺘﺔ ﺩﺭﺧﻮﺍﺳﺘﯽ ‪ DNS‬ﺑﺮﺍﯼ ‪ yahoo.com‬ﻳﺎ ‪) www.yahoo.com‬ﺍﻃﻼﻋﺎﺕ ﻣﺮﺟﻊ ﮐﻼﺱ ‪ ،(A‬ﻳﮏ‬
‫ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ﺑﺎ ﺁﺩﺭﺱ ‪ 172.16.16.100 : IP‬ﺗﻮﻟﻴﺪ ﮐﻨﻨﺪ‪ .‬ﺳﭙﺲ‪ ،‬ﮐﺎﻣﭙﻴﻮﺗﺮ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻳﻦ ﺁﺩﺭﺱ ‪ ،IP‬ﻳﮏ ﺳﺎﻳﺖ ﺟﻌﻠﯽ ﺭﺍ‬
‫ﺩﺭ ﻣﻌﺮﺽ ﻧﻤﺎﻳﺶ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﯽ ﻣﯽ ﮔﺬﺍﺭﺩ‪.‬‬
‫ﺑﻪ ﻣﺤﺾ ﺍﻳﻨﮑﻪ ﻋﻤﻠﻴﺎﺕ ﭘﻴﮑﺮﺑﻨﺪﯼ ﻓﺎﻳﻞ ﺑﻪ ﺍﺗﻤﺎﻡ ﺭﺳﻴﺪ ﻭ ﺍﻳﻦ ﻓﺎﻳﻞ ﺫﺧﻴﺮﻩ ﺷﺪ‪ ،‬ﻣﺎ ﻗﺎﺩﺭ ﻫﺴﺘﻴﻢ ﺩﺳﺘﻮﺭ ﺍﺟﺮﺍﻳﯽ ﺭﺍ ﺻﺎﺩﺭ‬
‫ﻧﻤﻮﺩﻩ ﻭ ﺣﻤﻠﻪ ﺭﺍ ﺁﻏﺎﺯ ﮐﻨﻴﻢ‪ .‬ﺍﺯ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﺮﺍﯼ ﺻﺪﻭﺭ ﺩﺳﺘﻮﺭ ﺍﺟﺮﺍﻳﯽ ﻣﯽ ﺗﻮﺍﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ‪:‬‬
‫‪-T‬‬ ‫ﮐﺎﺭﺑﺮﺩ ﺗﺮﻣﻴﻨﺎﻝ ﻣﺘﻨﯽ ﺭﺍ ﻧﺸﺎﻥ ﻣﯽ ﺩﻫﺪ‬
‫‪-Q‬‬ ‫ﺩﺳﺘﻮﺭﺍﺕ ﺭﺍ ﺩﺭ ﺣﺎﻟﺖ ﺑﯽ ﺳﺮ ﻭ ﺻﺪﺍ ﺍﺟﺮﺍ ﻣﯽ ﮐﻨﺪ ﺗﺎ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﻳﺎﻓﺘﯽ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭ ﻧﻴﺎﻳﻨﺪ‬
‫‪-P dns_spoof‬‬ ‫ﻧﺸﺎﻥ ﺩﻫﻨﺪﻩ ﻱ ﻛﺎﺭﺑﺮ ﭘﻼﮔﻴﻦ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻥ ﺍﺳﺖ‬
‫ﻭ ﻫﻤﭽﻨﻴﻦ ﺩﺳﺘﻮﺭ ‪ –M arp‬ﺑﺎﻋﺚ ﺍﻧﺠﺎﻡ ﻳﮏ ﺣﻤﻠﺔ ""ﺷﺨﺺ ﻣﻴﺎﻧﯽ"" ﺍﺯ ﻧﻮﻉ ""ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ""ARP‬ﻣﯽ ﮔﺮﺩﺩ ﻭ‬
‫ﺩﺭ ﻧﺘﻴﺠﻪ ﺍﻣﮑﺎﻥ ﺩﺭﻳﺎﻓﺖ ﻭ ﻣﺸﺎﻫﺪﺓ ﺍﻃﻼﻋﺎﺕ ﺭﺩﻭ ﺑﺪﻝ ﺷﺪﻩ ﺑﻴﻦ ﻗﺮﺑﺎﻧیﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﯽ ﺳﺎﺯﺩ‪.‬‬
‫‪// //-‬‬ ‫ﻛﻞ ﺷﺒﻜﻪ ﺭﺍ ﺑﻪ ﻋﻨﻮﺍﻥ ﻫﺪﻑ ﺣﻤﻠﻪ ﺗﻌﻴﻴﻦ ﻣﻲ ﻛﻨﺪ‬
‫ﺩﺳﺘﻮﺭ ﺯﻳﺮ‪ ،‬ﺁﺧﺮﻳﻦ ﺩﺳﺘﻮﺭ ﺍﺟﺮﺍﻳﯽ ﺩﺭ ﺣﻤﻠﺔ ﻣﺎ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪:‬‬
‫‪Ettercap.exe –T –q –P dns_spoof –M arp // //‬‬
‫ﺑﺎ ﺍﺟﺮﺍﯼ ﺩﺳﺘﻮﺭﺍﺕ ﺑﺎﻻ‪ ،‬ﺣﻤﻠﻪ ﺩﺭ ﺩﻭ ﻣﺮﺣﻠﻪ ﺍﻧﺠﺎﻡ ﻣﯽ ﺷﻮﺩ‪ -۱ :‬ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ARP‬ﮐﺎﻣﭙیﻮﺗﺮ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺩﺭ‬
‫ﺷﺒﮑﻪ ﻭ ‪ -۲‬ﺍﻧﺘﻘﺎﻝ ﺩﺳﺘﺔ ﭘﺎﺳﺨﯽ ﺟﻌﻠﯽ ﺑﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ ﻗﺮﺑﺎﻧﻴﺎﻥ‪.‬‬
‫ﺷﻜﻞ ‪ .۱۵‬ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ Ettercap‬ﺩﺍﺋﻤﺎﹰ ﺩﺭ ﺣﺎﻝ ﺩﺭﻳﺎﻓﺖ ﺩﺳﺘﻪ ﻫﺎﯼ ﺩﺭﺧﻮﺍﺳﺘﯽ ‪ DNS‬ﻣﯽ ﺑﺎﺷﺪ‬
‫ﭘﺲ ﺍﺯ ﺍﺟﺮﺍﯼ ﺍﻳﻦ ﺩﺳﺘﻮﺭﺍﺕ ﻭ ﺁﻏﺎﺯ ﺣﻤﻠﻪ‪ ،‬ﻫﺮﮐﺲ ﮐﻪ ﻗﺼﺪ ﻭﺭﻭﺩ ﺑﻪ ﺳﺎﻳﺖ ‪ www.yahoo.com‬ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﺑﻪ ﺳﺎﻳﺖ‬
‫ﺟﻌﻠﯽ ﻣﺎ ﻫﺪﺍﻳﺖ ﺧﻮﺍﻫﺪ ﺷﺪ )ﺷﻜﻞ ‪.(۱۶‬‬
‫ﺷﻜﻞ ‪ .۱۶‬ﻧﺘﻴﺠﻪ ﻳﻚ ﺣﻤﻠﻪ ﺍﺯ ﻧﻮﻉ ﻓﺮﻳﺐ ‪ DNS‬ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﻗﺮﺑﺎﻧﻲ‬

‫ﺭﻭﺵ ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺕ ‪:DNS‬‬
‫ﺍﺯ ﺁﻧﺠﺎﻱ ﮐﻪ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺩﺍﺭﺍﯼ ﻃﺒﻴﻌﺘﯽ ﻭﺍﮐﻨﺸﯽ ﻣﯽ ﺑﺎﺷﺪ‪ ،‬ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﺁﻥ ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﺍﺳﺖ‪ .‬ﻗﺎﻋﺪﺗﺎﹰ ﺗﺎ ﺯﻣﺎﻧﻴﮑﻪ ﺷﻤﺎ‬
‫ﺑﻄﻮﺭ ﮐﺎﻣﻞ ﻗﺮﺑﺎﻧﯽ ﺍﻳﻦ ﺣﻤﻠﻪ ﻧﺸﺪﻩ ﺍﻳﺪ‪ ،‬ﺍﺯ ﻓﺮﻳﺐ ﺧﻮﺭﺩﻥ ‪ DNS‬ﺧﻮﺩ ﺑﯽ ﺍﻃﻼﻉ ﺑﺎﻗﯽ ﻣﯽ ﻣﺎﻧﻴﺪ‪ .‬ﺩﺭ ﺻﻮﺭﺕ ﺍﻧﺠﺎﻡ ﭼﻨﻴﻦ ﺣﻤﻠﻪ‬
‫ﺍﯼ‪ ،‬ﺷﻤﺎ ﺑﺎ ﻭﺏ ﺳﺎﻳﺘﯽ ﻣﻮﺍﺟﻪ ﻣﯽ ﺷﻮﻳﺪ ﮐﻪ ﮐﻤﯽ ﺑﺎ ﺁﻧﭽﻪ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺷﺘﻴﺪ ﺗﻔﺎﻭﺕ ﺩﺍﺭﺩ‪ .‬ﺩﺭ ﺣﻤﻼﺗﯽ ﮐﻪ ﺑﻄﻮﺭ ﮐﺎﻣﻞ ﺳﺎﺯﻣﺎﻥ‬
‫ﺩﻫﯽ ﺷﺪﻩ ﺍﻧﺪ‪ ،‬ﻣﻤﮑﻦ ﺍﺳﺖ ﮐﻪ ﺣﺘﯽ ﺷﻤﺎ ﻣﺘﻮﺟﻪ ﻧﺸﻮﻳﺪ ﮐﻪ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺏ ﺑﺎﻧﮑﯽ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻳﮏ ﺳﺎﻳﺖ ﺟﻌﻠﯽ ﻭﺍﺭﺩ ﮐﺮﺩﻩ‬
‫ﺍﻳﺪ‪ ،‬ﺗﺎ ﺍﻳﻨﮑﻪ ﺍﺯ ﻃﺮﻑ ﺑﺎﻧﮏ ﺑﺎ ﺷﻤﺎ ﺗﻤﺎﺱ ﺑﮕﻴﺮﻧﺪ ﻭ ﺍﺯ ﺷﻤﺎ ﺩﺭ ﺧﺼﻮﺹ ﮐﺸﺘﯽ ﺗﺎﺯﻩ ﺧﺮﻳﺪﺍﺭﯼ ﻧﻤﻮﺩﻩ ﺩﺭ ﺳﻮﺍﺣﻞ ﻳﻮﻧﺎﻥ ﺳﻮﺍﻝ‬
‫ﮐﻨﻨﺪ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ‪ ،‬ﻫﻨﻮﺯ ﺍﻗﺪﺍﻣﺎﺕ ﺩﻓﺎﻋﯽ ﺩﻳﮕﺮﯼ ﻧﻴﺰ ﺑﺮﺍﯼ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﺣﻤﻠﻪ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪:‬‬
‫ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﺔ ﺧﻮﺩ ﺭﺍ ﺍﻳﻤﻦ ﺳﺎﺯﻳﺪ‪ :‬ﭼﻨﻴﻦ ﺣﻤﻼﺗﯽ ﺩﺭ ﺍﻏﻠﺐ ﻣﻮﺍﺭﺩ ﺍﺯ ﺩﺍﺧﻞ ﺷﺒﮑﻪ ﺻﻮﺭﺕ ﻣﯽ ﮔﻴﺮﺩ‪ .‬ﺍﮔﺮ‬
‫ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﺷﺒﮑﻪ ﺷﻤﺎ ﺍﻳﻤﻦ ﺑﺎﺷﻨﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﺍﺣﺘﻤﺎﻝ ﮐﻤﺘﺮﯼ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺗﺎ ﺍﺯ ﺍﻳﻦ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎ ﺟﻬﺖ ﺍﻧﺠﺎﻡ ﺣﻤﻠﻪ ﺑﻪ ﺷﻤﺎ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ‪.‬‬
‫ﺑﻪ ﺍﻳﻤﻨﯽ ‪ DNS‬ﺍﻃﻤﻴﻨﺎﻥ ﻧﮑﻨﻴﺪ‪ :‬ﺳﻴﺴﺘﻢ ﻫﺎﯼ ﻣﺮﻭﺭﮔﺮ ﺍﻳﻨﺘﺮﻧﺖ ﮐﻪ ﺍﺯ ﺣﺴﺎﺳﻴﺖ ﻭ ﺍﻳﻤﻨﯽ ﺑﺎﻻﻳﯽ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ‪ ،‬ﺍﺯ ‪ DNS‬ﺩﺭ‬
‫ﻋﻤﻠﮑﺮﺩ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﯽ ﮐﻨﻨﺪ‪ .‬ﺷﻤﺎ ﻣﻌﻤﻮﻻﹰ ﺍﺯ ﭼﻨﻴﻦ ﻣﺮﻭﺭﮔﺮﻫﺎﻳﯽ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﯽ ﮐﻨﻴﺪ ﻭﻟﯽ ﺍﮔﺮ ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭﯼ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻣﯽ ﻧﻤﺎﻳﻴﺪ ﮐﻪ ﺩﺭ ﻋﻤﻠﮑﺮﺩ ﺧﻮﺩ ﺍﺯ ﻧﺎﻡ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺩﺭ ﺷﺒﮑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﺪ‪ ،‬ﻧﺎﻡ ﺍﻳﻦ ﻣﻴﺰﺑﺎﻧﺎﻥ ﺭﺍ ﺑﺼﻮﺭﺕ ﺩﺳﺘﯽ ﺩﺭ ﻓﺎﻳﻞ‬
‫ﻣﻴﺰﺑﺎﻧﺎﻥ ﺫﺧﻴﺮﻩ ﮐﻨﻴﺪ‪.‬‬
‫ﺍﺯ ‪ IDS‬ﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻴﺪ‪ :‬ﺩﺭ ﺻﻮﺭﺕ ﻧﺼﺐ ﻭ ﺍﺳﺘﻔﺎﺩﺓ ﺻﺤﻴﺢ ﺍﺯ ﺳﻴﺴﺘﻢ ﺗﺸﺨﻴﺺ ﻧﻔﻮﺫ )‪ ،(IDS‬ﻣﯽ ﺗﻮﺍﻥ ﺑﺎ ﺍﮐﺜﺮ ﺣﻤﻼﺕ‬
‫""ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ""ARP‬ﻭ ""ﻓﺮﻳﺐ ‪""DNS‬ﻣﻘﺎﺑﻠﻪ ﻧﻤﻮﺩ‪.‬‬
‫‪-‬‬ ‫ﺍﺯ ‪ DNSSEC‬ﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻴﺪ‪ DNSSEC :‬ﻧﺴﺨﺔ ﺟﺪﻳﺪ ‪ DNS‬ﻣﯽ ﺑﺎﺷﺪ ﮐﻪ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ‪ DNS‬ﮐﻪ ﺩﺍﺭﺍﯼ ﺍﻣﻀﺎﯼ ﺩﻳﺠﻴﺘﺎﻟﯽ ﻣﯽ‬
‫ﺑﺎﺷﻨﺪ ﺟﻬﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﻭﺍﻗﻌﯽ ﺑﻮﺩﻥ ﺩﺳﺘﻪ ﻫﺎﯼ ﭘﺎﺳﺨﯽ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﺪ‪ .‬ﺍﻳﻦ ﺳﻴ ﺴﺘﻢ ﻫﻨﻮﺯ ﺑﻄﻮﺭ ﮔﺴﺘﺮﺩﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻗﺮﺍﺭ ﻧﮕﺮﻓﺘﻪ ﺍﺳﺖ ﻭﻟﯽ ﺑﻪ ﻋﻨﻮﺍﻥ ""‪ DNS‬ﺁﻳﻨﺪﻩ"" ﻣﻮﺭﺩ ﻗﺒﻮﻝ ﻫﻤﮕﺎﻥ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﺗﺎ ﺣﺪﯼ ﻣﻮﺭﺩ ﺍﻃﻤﻴﻨﺎﻥ‬
‫ﻣﯽ ﺑﺎﺷﺪ ﮐﻪ ‪ DOD‬ﺁﻣﺮﻳﮑﺎ ﺩﺳﺘﻮﺭ ﺩﺍﺩﻩ ﺍﺳﺖ ﮐﻪ ﺗﻤﺎﻣﯽ ﻭﺏ ﺳﺎﻳﺖ ﻫﺎﻳﻲ ﮐﻪ ﺩﺍﺭﺍﯼ ﭘﺴﻮﻧﺪ ‪ MIL‬ﻭ ‪ GOV‬ﺩﺭ ﺁﺩﺭﺱ ﺧﻮﺩ‬
‫ﻫﺴﺘﻨﺪ ﻣﯽ ﺑﺎﻳﺴﺖ ﺣﺪﺍﮐﺜﺮ ﺗﺎ ﻳﮏ ﺳﺎﻝ ﺩﻳﮕﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ DNSSEC‬ﺭﺍ ﺁﻏﺎﺯ ﻧﻤﻮﺩﻩ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ )‪:(Session Hijacking‬‬
‫ﺍﺻﻄﻼﺡ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ""‪ ،‬ﻫﺮ ﺍﺯ ﭼﻨﺪ ﮔﺎﻫﯽ ﺑﻪ ﮔﻮﺵ ﻣﺎ ﻣﯽ ﺭﺳﺪ‪ .‬ﺍﻳﻦ ﺭﻭﺵ‪ ،‬ﺍﺯ ﺭﻭﺵ ﻫﺎﯼ ﻣﺨﺘﻠﻔﯽ ﺷﮑﻞ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ .‬ﺑﻄﻮﺭ‬
‫ﮐﻠﯽ ﻣﯽ ﺗﻮﺍﻥ ﮔﻔﺖ ﮐﻪ ﻫﺮ ﻧﻮﻉ ﺣﻤﻠﻪ ﺍﯼ ﮐﻪ ﺍﺯ ﺟﻠﺴﻪ ﻭ ﺍﺭﺗﺒﺎﻁ ﺟﺎﺭﯼ ﺑﻴﻦ ﺩﻭ ﮐﺎﻣﭙﻴﻮﺗﺮ )ﻗﺮﺑﺎﻧﯽ( ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﺪ‪ ،‬ﻧﻮﻋﯽ‬
‫""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﻣﺤﺴﻮﺏ ﻣﯽ ﺷﻮﺩ‪ .‬ﻣﻨﻈﻮﺭ ﺍﺯ ""ﺟﻠﺴﻪ""‪ ،‬ﺍﺭﺗﺒﺎﻃﯽ ﺍﺳﺖ ﮐﻪ ﺩﺭ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺭﺩ ﻭ ﺑﺪﻝ ﻣﯽ ﮔﺮﺩﺩ‪.‬‬
‫ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ‪ ،‬ﻳﮏ ﺟﻠﺴﻪ‪ ،‬ﺍﺭﺗﺒﺎﻃﯽ ﺍﺳﺖ ﮐﻪ ﺟﻬﺖ ﺷﮑﻞ ﮔﻴﺮﯼ ﺁﻥ‪ ،‬ﺩﻭ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﺷﺪﻩ‪ ،‬ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﺷﺪﻩ ﻭ‬
‫ﻣﯽ ﺑﺎﻳﺴﺖ ﻣﺮﺍﺣﻞ ﻣﺸﺨﺼﯽ ﺑﺮﺍﯼ ﻗﻄﻊ ﺍﺭﺗﺒﺎﻁ ﺍﻧﺠﺎﻡ ﭘﺬﻳﺮﺩ‪ .‬ﺍﮔﺮ ﺍﺯ ﻟﺤﺎﻅ ﺗﺌﻮﺭﯼ ﺑﻪ ﻭﺍﮊﺓ ""ﺟﻠﺴﻪ"" ﻧﮕﺎﻩ ﮐﻨﻴﻢ‪ ،‬ﺍﻳﻦ ﻭﺍﮊﻩ ﮐﻤﯽ‬
‫ﻧﺎﻣﻔﻬﻮﻡ ﺑﻪ ﻧﻈﺮ ﻣﯽ ﺭﺳﺪ‪ ،‬ﭘﺲ ﺷﺎﻳﺪ ﺑﻬﺘﺮ ﺑﺎﺷﺪ ﺍﻳﻦ ﻭﺍﮊﻩ ﺭﺍ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﻋﻤﻠﯽ ﻣﻮﺭﺩ ﺑﺮﺭﺳﯽ ﻗﺮﺍﺭ ﺩﻫﻴﻢ‪.‬‬
‫ﺩﺭ ﺍﻳﻦ ﻣﻘﺎﻟﻪ‪ ،‬ﺑﻪ ﺑﺮﺭﺳﯽ ﺭﻭﺵ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﺗﻮﺳﻂ ﺩﺯﺩﯼ ‪ cookie‬ﻫﺎ ﻣﯽ ﭘﺮﺩﺍﺯﻳﻢ‪ .‬ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ‪ ،‬ﺟﻠﺴﺎﺕ ‪ HTTP‬ﻣﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﯽ ﮔﻴﺮﻧﺪ‪ .‬ﻭﺏ ﺳﺎﻳﺖ ﻫﺎﻳﯽ ﮐﻪ ﺑﺮﺍﯼ ﻭﺭﻭﺩ ﺑﻪ ﺁﻧﻬﺎ ﺑﻪ ‪ username‬ﻭ ‪ password‬ﻧﻴﺎﺯ ﺍﺳﺖ‪ ،‬ﻣﺜﺎﻝ ﻫﺎﯼ ﺧﻮﺑﯽ ﺍﺯ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺟﻠﺴﻪ ﺍﯼ ﻫﺴﺘﻨﺪ‪ .‬ﺑﺮﺍﯼ ﺑﺮﻗﺮﺍﺭﯼ ﭼﻨﻴﻦ ﺟﻠﺴﻪ ﺍﯼ‪ ،‬ﺍﺑﺘﺪﺍ ﻻﺯﻡ ﺍﺳﺖ ﺷﻤﺎ ﺗﻮﺳﻂ ﺁﻥ ﻭﺏ ﺳﺎﻳﺖ ﻣﻌﺘﺒﺮ ﺷﻨﺎﺧﺘﻪ ﺷﻮﻳﺪ‬
‫)ﺍﺯ ﻃﺮﻳﻖ ‪username‬ﻭ ‪ ،(password‬ﺩﺭ ﻫﻨﮕﺎﻡ ﺑﺮﻗﺮﺍﺭﯼ ﺟﻠﺴﻪ‪ ،‬ﺁﻥ ﻭﺏ ﺳﺎﻳﺖ ﺍﺯ ﻃﺮﻳﻖ ‪ cookie‬ﻫﺎ‪ ،‬ﺍﺗﺼﺎﻝ ﺩﺍﺋﻢ ﺷﻤﺎ ﺑﻪ ﻭﺏ‬
‫ﺳﺎﻳﺖ ﺭﺍ ﭼﮏ ﻣﯽ ﮐﻨﺪ ﺗﺎ ﻣﺠﻮﺯ ﺩﺳﺘﺮﺳﯽ ﺑﻪ ﻣﻨﺎﺑﻊ ﻣﻮﺟﻮﺩ ﺩﺭ ﺁﻥ ﺳﺎﻳﺖ ﺭﺍ ﺑﺮﺍﯼ ﺷﻤﺎ ﺻﺎﺩﺭ ﮐﻨﺪ‪ .‬ﺩﺭﻫﻨﮕﺎﻡ ﭘﺎﻳﺎﻥ ﺟﻠﺴﻪ‬
‫)ﺧﺮﻭﺝ ﺍﺯ ﻭﺏ ﺳﺎﻳﺖ(‪ username ،‬ﻭ ‪ password‬ﺷﻤﺎ ﭘﺎﮎ ﺷﺪﻩ ﻭ ﺟﻠﺴﻪ ﺑﻪ ﭘﺎﻳﺎﻥ ﻣﯽ ﺭﺳﺪ‪ .‬ﺍﻳﻦ ﺗﻨﻬﺎ ﻳﮏ ﻣﺜﺎﻝ ﺍﺯ ﺍﺭﺗﺒﺎﻃﺎﺕ‬
‫ﺟﻠﺴﻪ ﺍﯼ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﻫﻨﮕﺎﻡ ﻓﻌﺎﻟﻴﺖ ﻣﺎ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ‪ ،‬ﺟﻠﺴﺎﺕ ﺑﺴﻴﺎﺭﯼ ﺷﮑﻞ ﻣﯽ ﮔﻴﺮﻧﺪ ﺑﺪﻭﻥ ﺍﻳﻨﮑﻪ ﻣﺎ ﺍﺯ ﺁﻧﻬﺎ ﺍﻃﻼﻋﯽ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ ﻭ ﺍﮐﺜﺮ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮ ﭘﺎﻳﺔ ﺷﮑﻞ ﮔﻴﺮﯼ ﺍﻳﻦ ﺟﻠﺴﺎﺕ ﺍﻧﺠﺎﻡ ﻣﯽ ﭘﺬﻳﺮﺩ‪.‬‬
‫ﺷﻜﻞ ‪ .۱۷‬ﻳﻚ ﺟﻠﺴﻪ ﻋﺎﺩﻱ‬
‫‪-‬‬ ‫ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﺩﺭ ﺣﻤﻠﻪ ﺍﺯ ﻧﻮﻉ ""ﻓﺮﻳﺐ ‪ "" DNS‬ﻣﺸﺎﻫﺪﻩ ﻧﻤﻮﺩﻳﺪ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺭﺩ ﻭ ﺑﺪﻝ ﺷﺪﻩ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺍﻣﻨﻴﺖ ﮐﺎﻣﻞ ﻧﻤﯽ‬
‫ﺑﺎﺷﻨﺪ‪ ،‬ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﮑﻞ ﮔﺮﻓﺘﻪ ﺩﺭ ﺟﻠﺴﺎﺕ ﻧﻴﺰ ﺍﺯ ﺍﻳﻦ ﻗﺎﻋﺪﻩ ﻣﺴﺘﺜﻨﯽ ﻧﻴﺴﺘﻨﺪ‪ .‬ﻗﺎﻋﺪﺓ ﮐﻠﯽ ﺣﻤﻼﺕ ﺍﺯ ﻧﻮﻉ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﺍﻳﻦ‬
‫ﺍﺳﺖ ﮐﻪ ﺍﮔﺮ ﺷﻤﺎ ﺑﺘﻮﺍﻧﻴﺪ ﻗﺴﻤﺘﯽ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺭﺩﻭﺑﺪﻝ ﺷﺪﻩ ﺩﺭ ﻳﮏ ﺟﻠﺴﻪ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﮐﻨﻴﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﮐﻪ ﺗﻮﺳﻂ‬
‫ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﯼ ﻳﮑﯽ ﺍﺯ ﻃﺮﻓﻴﻦ ﺍﻳﻦ ﺟﻠﺴﻪ ﻣﻌﺮﻓﯽ ﮐﻨﻴﺪ ﻭ ﺩﺭ ﻧﺘﻴﺠﻪ ﺑﻪ ﺳﺎﻳﺮ ﺍﻃﻼﻋﺎﺕ ﺁﻥ ﺟﻠﺴﻪ ﻧﻴﺰ ﺩﺳﺘﺮﺳﯽ‬
‫ﭘﻴﺪﺍ ﮐﻨﻴﺪ‪ .‬ﺩﺭ ﻣﻮﺭﺩ ﻣﺜﺎﻝ ﻗﺒﻠﯽ‪ ،‬ﻣﯽ ﺗﻮﺍﻥ ﮔﻔﺖ ﮐﻪ ﺍﮔﺮ ﻣﺎ ﻗﺎﺩﺭ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ‪ cookie‬ﻫﺎﯼ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺍﻳﺠﺎﺩ ﺟﻠﺴﻪ ﺑﻴﻦ‬
‫ﻣﺮﻭﺭﮔﺮ ﻭ ﻭﺏ ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﮔﺮﺩﻳﻢ‪ ،‬ﺁﻧﮕﺎﻩ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﻢ ﺑﻮﺩ ﺍﻳﻦ ‪ cookie‬ﻫﺎ ﺭﺍ ﺑﻪ ﺳﺮﻭﺭ ﺍﺭﺍﺋﻪ ﺩﻫﻴﻢ ﻭ ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﯼ‬
‫ﺷﺨﺺ ﺩﻳﮕﺮﯼ ﺟﺎ ﺑﺰﻧﻴﻢ‪ .‬ﺑﺎ ﺍﻳﻨﮑﻪ ﻣﻤﮑﻦ ﺍﺳﺖ ﻳﮏ ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ ﺑﺎﻭﺭ ﻧﮑﻨﺪ ﮐﻪ ﭼﻨﻴﻦ ﺭﻭﺵ ﺁﺳﺎﻧﯽ ﺑﺮﺍﯼ ﺣﻤﻠﻪ ﻭﺟﻮﺩ‬
‫ﺩﺍﺭﺩ‪ ،‬ﺍﻣﺎ ﭼﻨﻴﻦ ﺣﻤﻠﻪ ﺍﯼ ﻭﺍﻗﻌﺎﹰ ﺑﻪ ﻫﻤﻴﻦ ﺁﺳﺎﻧﯽ ﺻﻮﺭﺕ ﻣﯽ ﮔﻴﺮﺩ‪.‬‬
‫ﺷﻜﻞ ‪ .۱۸‬ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ‬
‫ﺍﮐﻨﻮﻥ ﮐﻪ ﺍﺯ ﺗﺌﻮﺭﯼ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ ﺍﻃﻼﻉ ﭘﻴﺪﺍ ﻧﻤﻮﺩﻳﻢ‪ ،‬ﺑﻪ ﺍﺭﺍﺋﺔ ﻣﺜﺎﻝ ﻫﺎﯼ ﻋﻤﻠﯽ ﻣﯽ ﭘﺮﺩﺍﺯﻳﻢ‪.‬‬
‫ﺭﺑﻮﺩﻥ ‪ cookie‬ﻫﺎ ﺗﻮﺳﻂ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﯼ ‪ Hamster‬ﻭ ‪: Ferret‬‬
‫ﺩﺭ ﺍﻳﻦ ﻣﺜﺎﻝ ﻋﻤﻠﯽ‪ ،‬ﺑﻪ ﺑﺮﺭﺳﯽ ﺣﻤﻠﺔ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﺍﺯ ﻃﺮﻳﻖ ﺭﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﯽ ﮐﻪ ﺩﺭ ﺣﺎﻝ ﺩﺳﺘﺮﺳﯽ ﺑﻪ ﺁﺩﺭﺱ‬
‫‪ Gmail‬ﺧﻮﺩ ﺍﺳﺖ‪ ،‬ﻣﯽ ﭘﺮﺩﺍﺯﻳﻢ‪ .‬ﻣﺎ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﻢ ﺑﻮﺩ ﮐﻪ ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﯼ ﺁﻥ ﺷﺨﺺ ﺟﺎ ﺑﺰﻧﻴﻢ ﻭ ﺍﺯ‬
‫ﮐﺎﻣﭙﻴﻮﺗﺮ ﺧﻮﺩﻣﺎﻥ ﺑﻪ ﺁﺩﺭﺱ ‪ Gmail‬ﺍﻭ ﺩﺳﺘﺮﺳﯽ ﭘﻴﺪﺍ ﮐﻨﻴﻢ‪.‬‬
‫ﻣﺎ ﺍﺯ ﺩﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ Hamster‬ﻭ ‪ Ferret‬ﺟﻬﺖ ﺍﺟﺮﺍﯼ ﺍیﻦ ﺣﻤﻠﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ‪ ..‬ﻫﺮ ﺩﻭﯼ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻫﺎ ﺍﺯ ﻧﻮﻉ‬
‫‪ command-line‬ﻣﯽ ﺑﺎﺷﻨﺪ ﺗﺎ ﻓﻮﻟﺪﺭ ‪ Hamster‬ﺩﺭ ﺟﺎﻳﯽ ﺩﺭ ﮐﺎﻣﭙﻴﻮﺗﺮ ﮐﻪ ﺑﺮﺍﺣﺘﯽ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﯽ ﺑﺎﺷﺪ ﺫﺧﻴﺮﻩ ﺷﻮﺩ‪.‬‬
‫ﻫﻤﭽﻨﻴﻦ‪ ،‬ﺷﻤﺎ ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺑﺮﺍﯼ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﺣﻤﻠﻪ‪ ،‬ﺑﺮﻧﺎﻣﺔ ‪ Backtrack4‬ﺭﺍ ﺩﺍﻧﻠﻮﺩ ﻭ ﺍﺟﺮﺍ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ )‪ ،(BT4‬ﺍﺯ‬
‫ﻣﺤﺼﻮﻻﺕ ‪ Linux‬ﺑﻮﺩﻩ ﻭ ﺻﺮﻓﺎﹰ ﺟﻬﺖ ﺗﺴﺖ ﻭ ﺁﺯﻣﺎﻳﺶ ﻫﮏ ﮐﺮﺩﻥ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎ ﺗﻮﻟﻴﺪ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﺣﺎﻭﯼ ﺑﺴﻴﺎﺭﯼ ﺍﺯ‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﯼ ﺍﺯ ﭘﻴﺶ ﻧﺼﺐ ﺷﺪﻩ ﺑﺮ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺍﺯ ﻗﺒﻴﻞ ‪ Hamster‬ﻭ ‪ Ferret‬ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﭘﺲ ﺍﺯ ﻧﺼﺐ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ‪ ،‬ﺷﻤﺎ ﻣﯽ‬
‫ﺗﻮﺍﻧﻴﺪ ﻓﺎﻳﻞ ‪ Hamster‬ﺭﺍ ﺩﺭ ﻓﻮﻟﺪﺭ ‪ /pentest/sniffers/hamster‬ﺑﻴﺎﺑﻴﺪ‪.‬‬
‫ﺍﻭﻟﻴﻦ ﻗﺪﻡ ﺩﺭ ﺍﺟﺮﺍﯼ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺍﺯ ﺣﻤﻼﺕ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ""‪ ،‬ﺍﻳﻦ ﺍﺳﺖ ﮐﻪ ﻫﻨﮕﺎﻣﻴﮑﻪ ﺷﺨﺺ ﻗﺮﺑﺎﻧﯽ ﺗﺼﻤﻴﻢ ﺩﺍﺭﺩ ﻭﺍﺭﺩ‬
‫ﺳﺎﻳﺖ ‪ Facebook‬ﺷﻮﺩ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺗﻮﺳﻂ ﺍﻭ ﺭﺍ ﺑﺮﺑﺎﻳﻴﻢ‪ .‬ﺍﻣﮑﺎﻥ ﺩﺯﺩﯼ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺗﻮﺳﻂ ﻫﺮ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺗﺠﺴﺴﯽ‬
‫ﺍﺯ ﻗﺒﻴﻞ ‪ TCPDump‬ﻳﺎ ‪ Wireshark‬ﺍﻣﮑﺎﻥ ﭘﺬﻳ ﺮ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺑﺮﺍﯼ ﺭﺑﻮﺩﻥ ﺩﺳﺘﻪ ﻫﺎﯼ ﺍﻃﻼﻋﺎﺗﯽ ﻣﻨﺎﺳﺐ‪ ،‬ﻣﯽ ﺑﺎﻳﺴﺖ ﺍﺯ ﺭﻭﺵ‬
‫ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪ ARP‬ﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻴﻢ ‪.‬‬
‫ﺷﻜﻞ ‪ .۱۹‬ﺭﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﻛﻪ ﻗﺼﺪ ﻭﺭﻭﺩ ﺑﻪ ‪ Gmail‬ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﺩ‬
‫ﺯﻣﺎﻧﻴﮑﻪ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﯽ ﮐﻪ ﻣﯽ ﺧﻮﺍﻫﺪ ﻭﺍﺭﺩ ‪ Gmail‬ﺧﻮﺩ ﺑﺸﻮﺩ ﺭﺍ ﺭﺑﻮﺩﻳﺪ‪ ،‬ﻣﯽ ﺑﺎﻳﺴﺖ ﺁﻥ ﻓﺎﻳﻞ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﺭ ﺩﺍﻳﺮﮐﺘﻮﺭﯼ‬
‫‪ Hamster‬ﺫﺧﻴﺮﻩ ﻧﻤﺎﻳﻴﺪ‪ .‬ﻣﺎ ﻓﺎﻳﻞ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺍﻳﻦ ﻣﺜﺎﻝ ﺭﺍ ‪ victim_gmail.pcap‬ﻧﺎﻡ ﻣﯽ ﮔﺬﺍﺭﻳﻢ‪ .‬ﻫﻨﮕﺎﻣﻴﮑﻪ ﺍﻳﻦ ﻓﺎﻳﻞ‬
‫ﺩﺭ ﻣﺤﻞ ﻣﺨﺼﻮﺹ ﺧﻮﺩ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ Ferret‬ﺟﻬﺖ ﭘﺮﺩﺍﺯﺵ ﺍﻳﻦ ﻓﺎﻳﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ‪ .‬ﺍﻳﻦ ﮐﺎﺭ ﺗﻮﺳﻂ‬
‫ﻭﺍﺭﺩ ﺷﺪﻥ ﺑﻪ ﻓﺎﻳﻞ ‪ Hamster‬ﻭ ﺍﺟﺮﺍﯼ ﺩﺳﺘﻮﺭ ‪ ferret-r victim_gmail.pcap‬ﺍﻧﺠﺎﻡ ﻣﯽ ﮔﻴﺮﺩ‪ .‬ﺑﺮﻧﺎﻣﺔ ‪ ferret‬ﻓﺎﻳﻞ ﻣﻮﺭﺩ‬
‫ﻧﻈﺮ ﺭﺍ ﭘﺮﺩﺍﺯﺵ ﻧﻤﻮﺩﻩ ﻭ ﻳﮏ ﻓﺎﻳﻞ ‪ hamster.txt‬ﺗﻮﻟﻴﺪ ﻣﯽ ﮐﻨﺪ‪ .‬ﻓﺎﻳﻞ ﺗﻮﻟﻴﺪ ﺷﺪﻩ ﻣﯽ ﺗﻮﺍﻧﺪ ﺗﻮﺳﻂ ﺑﺮﻧﺎﻣﺔ ‪ Hamster‬ﻫﻨﮕﺎﻡ‬
‫ﺍﺟﺮﺍﯼ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ‪.‬‬
‫ﺷﻜﻞ ‪ .۲۰‬ﭘﺮﺩﺍﺯﺵ ﻓﺎﻳﻞ ﺩﺯﺩﻳﺪﻩ ﺷﺪﻩ ﺗﻮﺳﻂ ‪Ferret‬‬
‫ﺯﻣﺎﻧﻴﮑﻪ ﺍﻃﻼﻋﺎﺕ ‪ HTTP‬ﺭﺍ ﺭﺑﻮﺩﻩ ﻭ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻴﻢ‪ ،‬ﻣﯽ ﺗﻮﺍﻧﻴﻢ ﺣﻤﻠﻪ ﺭﺍ ﺁﻏﺎﺯ ﮐﻨﻴﻢ‪ .‬ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ ،Hamster‬ﺧﻮﺩ ﻫﻤﺎﻧﻨﺪ ﻳﮏ‬
‫ﭘﺮﺍﮐﺴﯽ ﻋﻤﻞ ﻣﯽ ﮐﻨﺪ ﻭ ﺑﺎﻋﺚ ﺍﻳﺠﺎﺩ ﺗﺮﻣﻴﻨﺎﻟﯽ ﺟﻬﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ cookie‬ﻫﺎ ﻣﯽ ﮔﺮﺩﺩ‪ .‬ﺑﺮﺍﯼ ﺍﺟﺮﺍﯼ ﭘﺮﺍﮐﺴﯽ ‪ ،Hamster‬ﻣﯽ‬
‫ﺗﻮﺍﻧﻴﺪ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺭﺍ ﺑﺪﻭﻥ ﺍﻣﮑﺎﻧﺎﺕ ﻭ ﺁﭘﺸﻦ ﻫﺎﯼ ‪ command-line‬ﺍﺟﺮﺍ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺷﻜﻞ ‪ .۲۱‬ﺍﺟﺮﺍﻱ ﺑﺮﻧﺎﻣﻪ ‪Hamster‬‬

‫ﻭﻗﺘﯽ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺍﺟﺮﺍ ﮐﺮﺩﻳﺪ‪ ،‬ﻻﺯﻡ ﺍﺳﺖ ﺗﻨﻈﻴﻤﺎﺕ ﭘﺮﺍﮐﺴﯽ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺭﺍ ﻣﻄﺎﺑﻖ ﺧﺮﻭﺟﯽ ﻫﺎﯼ ﺗﻮﻟﻴﺪﯼ ﺗﻮﺳﻂ ﺑﺮﻧﺎﻣﺔ‬
‫‪ Haster‬ﺗﻐﻴﻴﺮ ﺩﻫیﺪ‪ .‬ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ‪ ،‬ﺷﻤﺎ ﻣﯽ ﺑﺎﻳﺴﺖ ﺗﻨﻈﻴﻤﺎﺕ ﭘﺮﺍﮐﺴﯽ ﺧﻮﺩ ﺭﺍ ﻃﻮﺭﯼ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ ﮐﻪ ﻗﺎﺩﺭ ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﻣﺴﻴﺮ ﺑﺮﮔﺸﺘﯽ ﺁﺩﺭﺱ ‪ 127.0.0.1‬ﺩﺭ ﭘﻮﺭﺕ ‪ 1234‬ﺑﺎﺷﻴﺪ‪ .‬ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺑﺮﺍﯼ ﺗﻐﻴﻴﺮ ﺍﻳﻦ ﺗﻨﻈﻴﻤﺎﺕ ﺩﺭ ‪ ،Internet Explorer‬ﻭﺍﺭﺩ‬
‫‪ Tools‬ﺷﺪﻩ‪ ،‬ﺳﭙﺲ ﻭﺍﺭﺩ ‪ Internet Options‬ﺷﻮﻳﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﻭﺍﺭﺩ ‪ Connections‬ﺷﻮﻳﺪ ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ﻭﺍﺭﺩ ‪ LAN Setting‬ﺷﻮﻳﺪ‬
‫ﻭ ﻗﺴﻤﺖ ‪ Use a proxy server‬ﺭﺍ ﺩﺭ ‪ LAN box‬ﺧﻮﺩ ﺗﻴﮏ ﺑﺰﻧﻴﺪ‪.‬‬
‫ﺷﻜﻞ ‪ .۲۲‬ﺗﻐﻴﻴﺮ ﺗﻨﻈﻴﻤﺎﺕ ﭘﺮﺍﻛﺴﻲ ﺟﻬﺖ ﺍﺳﺘﻔﺎﺩﻩ ﭘﺮﺍﻛﺴﻲ ﺑﺎ ﺑﺮﻧﺎﻣﻪ ‪Hamster‬‬
‫ﭘﺲ ﺍﺯ ﺗﻐﻴﻴﺮ ﺗﻨﻈﻴﻤﺎﺕ ﭘﺮﺍﮐﺴﯽ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﺑﺎ ﺭﻓﺘﻦ ﺑﻪ ﺁﺩﺭﺱ ‪ ،http://hamster‬ﺑﻪ ﻣﻴﺰ ﻓﺮﻣﺎﻥ ‪ Hamster‬ﺩﺳﺘﺮﺳﯽ‬
‫ﭘﻴﺪﺍ ﮐﻨﻴﺪ‪ .‬ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ ،Hamster‬ﺍﺯ ﻓﺎﻳﻞ ﺗﻮﻟﻴﺪ ﺷﺪﻩ ﺗﻮﺳﻂ ﺑﺮﻧﺎﻣﺔ ‪ Ferret‬ﺟﻬﺖ ﺍﻳﺠﺎﺩ ﻟﻴﺴﺘﯽ ﺍﺯ ﺁﺩﺭﺱ ﻫﺎﯼ ‪ IP‬ﻣﺮﺑﻮﻁ ﺑﻪ‬
‫ﺟﻠﺴﺔ ﺩﺯﺩﻳﺪﻩ ﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﺪ‪ ،‬ﺳﭙﺲ ﺍﻳﻦ ﺁﺩﺭﺱ ﻫﺎﯼ ‪ IP‬ﺭﺍ ﺩﺭ ﻗﺴﻤﺖ ﺳﻤﺖ ﺭﺍﺳﺖ ﻣﺮﻭﺭﮔﺮ ﻧﺸﺎﻥ ﻣﯽ ﺩﻫﺪ‪ .‬ﻓﺎﻳﻠﯽ‬
‫ﮐﻪ ﻣﺎ ﺳﺎﺧﺘﻪ ﺍﻳﻢ ﺗﻨﻬﺎ ﺷﺎﻣﻞ ﻳﮏ ﺁﺩﺭﺱ ‪ IP‬ﺍﺯ ﻗﺮﺑﺎﻧﯽ ﻣﯽ ﺑﺎﺷﺪ‪ ،‬ﺑﻨﺎﺑﺮﺍﻳﻦ‪ ،‬ﺑﺎ ﮐﻠﻴﮏ ﺑﺮ ﺭﻭﯼ ﺁﻥ‪ ،‬ﺟﻠﺴﻪ ﻫﺎﯼ ﻗﺎﺑﻞ ﺩﺯﺩﯼ ﺩﺭ‬
‫ﻗﺴﻤﺖ ﺳﻤﺖ ﭼﭗ ﻣﺮﻭﺭﮔﺮ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭ ﻣﯽ ﺁﻳﻨﺪ‪.‬‬
‫ﺷﻜﻞ‪ GUI .۲۳‬ﻣﺮﺑﻮﻁ ﺑﻪ ﺑﺮﻧﺎﻣﻪ ‪Hamster‬‬
‫ﺩﺭ ﻗﺴﻤﺖ ﺳﻤﺖ ﭼﭗ ﻣﺮﻭﺭﮔﺮ‪ ،‬ﻣﺸﺎﻫﺪﻩ ﻣﯽ ﺷﻮﺩ ﮐﻪ ﺁﺩﺭﺱ ‪ facebook.com‬ﻧﻴﺰ ﺩﺭ ﻟﻴﺴﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺑﺎ ﮐﻠﻴﮏ ﺑﺮ ﺭﻭﯼ‬
‫ﺁﻥ‪ ،‬ﻭﺍﺭﺩ ﺻﻔﺤﺔ ﺟﺪﻳﺪﯼ ﻣﯽ ﺷﻮﻳﺪ ﮐﻪ ﺷﻤﺎ ﺭﺍ ﺑﻪ ﺻﻔﺤﺎﺕ ‪ facebook‬ﻗﺮﺑﺎﻧﻴﺎﻥ ﻫﺪﺍﻳﺖ ﻣﯽ ﮐﻨﺪ‪.‬‬
‫ﺷﻜﻞ‪ .۲۴‬ﻳﻚ ﺁﺩﺭﺱ ‪ Gmail‬ﻛﻪ ﺑﺎ ﻣﻮﻓﻘﻴﺖ ﺩﺯﺩﻳﺪﻩ ﺷﺪﻩ‬

‫ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺣﻤﻼﺕ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ""‪:‬‬
‫ﺍﺯ ﺁﻧﺠﺎﻳﻴ ﮑﻪ ﺭﻭﺵ ﻫﺎﯼ ﻣﺨﺘﻠﻔﯽ ﺑﺮﺍﯼ ﺍﻧﺠﺎﻡ ﺣﻤﻼﺗﯽ ﺍﺯ ﻧﻮﻉ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺭﻭﺵ ﻫﺎﯼ ﻣﺨﺘﻠﻔﯽ ﻧﻴﺰ‬
‫ﺟﻬﺖ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﺣﻤﻼﺕ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ .‬ﺷﻨﺎﺳﺎﻳﯽ ﻭ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺣﻤﻼﺗﯽ ﺍﺯ ﻧﻮﻉ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ"" ﺩﺷﻮﺍﺭ ﺗﺮ ﺍﺯ ﺷﻨﺎﺳﺎﻳﯽ‬
‫ﻭ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺳﺎﻳﺮ ﺣﻤﻼﺗﯽ ﮐﻪ ﺗﺎﮐﻨﻮﻥ ﺑﺮﺭﺳﯽ ﻧﻤﻮﺩﻩ ﺍﻳﻢ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﻋﻠﺖ ﺍﻳﻦ ﺍﻣﺮ ﺁﻥ ﺍﺳﺖ ﮐﻪ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻼﺕ‪ ،‬ﺍﺯ ﺑﻴﺸﺘﺮﻳﻦ‬
‫ﺧﺎﺻﻴﺖ ﻭﺍﮐﻨﺸﯽ ﺩﺭ ﺑﺮﺍﺑﺮ ﺷﻨﺎﺳﺎﻳﯽ ﻭ ﻣﻘﺎﺑﻠﻪ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ‪ .‬ﺍﮔﺮ ﺷﺨﺺ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ‪ ،‬ﻋﻤﻞ ﺷﮏ ﺑﺮﺍﻧﮕﻴﺰﯼ ﺭﺍ ﺩﺭ ﻫﻨﮕﺎﻡ ﺣﻤﻠﻪ‬
‫ﺍﻧﺠﺎﻡ ﻧﺪﻫﺪ‪ ،‬ﺷﻤﺎ ﻫﻴﭽﮕﺎﻩ ﺍﺯ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﺣﻤﻠﻪ ﺍﻃﻼﻉ ﭘﻴﺪﺍ ﻧﺨﻮﺍﻫﻴﺪ ﮐﺮﺩ‪ .‬ﺩﺭ ﺯﻳﺮ‪ ،‬ﺭﺍﻩ ﻫﺎﻳﯽ ﺟﻬﺖ ﻣﻘﺎﺑﻠﺔ ﺑﻬﺘﺮ ﺑﺎ ﺍﻳﻦ ﺣﻤﻼﺕ‬
‫ﺫﮐﺮ ﺷﺪﻩ ﺍﺳﺖ‪:‬‬
‫ﻋﻤﻠﻴﺎﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ ﺭﺍ ﺩﺭ ﻣﻨﺰﻝ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ‪ :‬ﺍﺣﺘﻤﺎﻝ ﺍﻳﻨﮑﻪ ﺷﺨﺼﯽ ﺩﺭ ﺷﺒﮑﺔ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺑﻪ ﺗﺠﺴﺲ ﺩﺭ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﺒﺎﺩﻟﻪ ﺷﺪﺓ ﺷﻤﺎ ﺑﭙﺮﺩﺍﺯﺩ ﮐﻤﺘﺮ ﺍﺯ ﺁﻥ ﺍﺳﺖ ﮐﻪ ﮐﺴﯽ ﺩﺭ ﻣﺤﻞ ﮐﺎﺭ ﺷﻤﺎ ﺑﻪ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻋﻤﻞ ﻣﺒﺎﺩﺭﺕ ﮐﻨﺪ‪ .‬ﻋﻠﺖ ﺍﻳﻦ ﺍﻣﺮ ﺁﻥ‬
‫ﻧﻴﺴﺖ ﮐﻪ ﮐﺎﻣﭙﻴ ﻮﺗﺮ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺍﻣﻦ ﺗﺮ ﺍﺳﺖ ﺯﻳﺮﺍ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺍﺯ ﺍﻣﻨﻴﺖ ﮐﻤﺘﺮﯼ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪ ،‬ﺑﻠﮑﻪ ﻋﻠﺖ ﺁﻧﺴﺖ‬
‫ﮐﻪ ﺍﮔﺮ ﺷﻤﺎ ﻳﮏ ﻳﺎ ﺩﻭ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺩﺭ ﻣﻨﺰﻝ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ ،‬ﺗﻨﻬﺎ ﺧﻄﺮﯼ ﮐﻪ ﺷﻤﺎ ﺭﺍ ﺗﻬﺪﻳﺪ ﻣﯽ ﮐﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﮐﻪ ﭘﺴﺮ ‪ ۱۴‬ﺳﺎﻟﺔ‬
‫ﺷﻤﺎ ﮐﻠﻴﭗ ﻫﺎﯼ ﺁﻣﻮﺯﺵ ﻫﮏ ﮐﺮﺩﻥ ﺭﺍ ﺩﺭ ‪ YouTube‬ﺩﻳﺪﻩ ﺑﺎﺷﺪ‪ .‬ﻭﻟﯽ ﺩﺭ ﺷﺒﮑﺔ ﮐﺎﺭﯼ‪ ،‬ﺷﻤﺎ ﺍﺯ ﺍﺗﻔﺎﻗﺎﺕ ﺭﺥ ﺩﺍﺩ ﺩﺭ ﺍﺗﺎﻕ ﻫﺎﯼ‬
‫ﺩﻳﮕﺮ ﺷﺮﮐﺖ ﻳﺎ ﺩﺭ ﺷﻌﺒﻪ ﻫﺎﯼ ﺩﻳﮕﺮ ﺷﺮﮐﺖ ﺩﺭ ‪ ۲۰۰‬ﻣﺎﻳﻠﯽ ﺧﻮﺩ ﺧﺒﺮ ﻧﺪﺍﺭﻳﺪ‪ ،‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﺍﻳﻨﮑﻪ ﺣﻤﻠﻪ ﺍﯼ ﺑﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ‬
‫ﺷﻤﺎ ﺻﻮﺭﺕ ﮔﻴﺮﺩ‪ ،‬ﭼﻨﺪ ﺑﺮﺍﺑﺮ ﻣﯽ ﺷﻮﺩ‪ .‬ﻳﮑﯽ ﺍﺯ ﺍﺻﻠﯽ ﺗﺮﻳﻦ ﺍﻫﺪﺍﻑ ﺣﻤﻼﺗﯽ ﺍﺯ ﻧﻮﻉ ""ﻓﺮﻳﺐ ﺟﻠﺴﻪ""‪ ،‬ﻋﻤﻠﻴﺎﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ ﻣﯽ‬
‫ﺑﺎﺷﺪ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ‪ ،‬ﺭﺍﻩ ﻫﺎﯼ ﻣﻘﺎﺑﻠﺔ ﺫﮐﺮ ﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻣﻘﺎﻟﻪ‪ ،‬ﺩﺭ ﻣﻮﺭﺩ ﺗﻤﺎﻣﯽ ﺍﻫﺪﺍﻑ ﺍﻳﻦ ﺣﻤﻼﺕ ﮐﺎﺭﺑﺮﺩ ﺩﺍﺭﺩ‪.‬‬
‫ﻫﺸﻴﺎﺭ ﺑﺎﺷﻴﺪ‪ :‬ﺣﻤﻠﻪ ﮐﻨﻨﺪﮔﺎﻥ ﺑﺎﻫﻮﺵ‪ ،‬ﺍﺛﺮﯼ ﺍﺯ ﺧﻮﺩ ﺩﺭ ﺣﺴﺎﺏ ﻫﺎﯼ ﺑﺎﻧﮑﯽ ﺷﻤﺎ ﺑﺎﻗﯽ ﻧﻤﯽ ﮔﺬﺍﺭﻧﺪ‪ ،‬ﺑﺎ ﺍﻳ ﻦ ﻭﺟﻮﺩ‪ ،‬ﺣﺘﯽ ﻫﮑﺮ‬
‫ﻫﺎﯼ ﺣﺮﻓﻪ ﺍﯼ ﻧﻴ ﺰ ﮔﺎﻫﯽ ﺩﭼﺎﺭ ﺍﺷﺘﺒﺎﻩ ﻣﯽ ﺷﻮﻧﺪ‪ .‬ﺍﮔﺮ ﻫﻨﮕﺎﻡ ﮐﺎﺭ ﺩﺭ ﺳﺎﻳﺖ ﻫﺎﻳﯽ ﮐﻪ ﺑﺮ ﻣﺒﻨﺎﯼ ﺗﺸﮑﻴﻞ ﺟﻠﺴﺎﺕ ﻋﻤﻞ‬
‫ﻣﯽ ﮐﻨﻨﺪ ﺁﮔﺎﻩ ﻭ ﻫﺸﻴﺎﺭ ﺑﺎﺷﻴﺪ‪ ،‬ﻣﻤﮑﻦ ﺍﺳﺖ ﺍﺯ ﻭﺟﻮﺩ ﻫﮑﺮﻫﺎ ﻣﻄﻠﻊ ﺷﻮﻳﺪ‪ .‬ﺑﻪ ﻣﻮﺍﺭﺩﯼ ﮐﻪ ﻋﺠﻴﺐ ﺑﻪ ﻧﻈﺮ ﻣﯽ ﺭﺳﻨﺪ ﺩﻗﺖ‬
‫ﮐﻨﻴﺪ‪ ،‬ﻫﻤﭽﻨﻴﻦ‪ ،‬ﺑﻪ ﺳﺎﻋﺖ ﺁﺧﺮﻳﻦ ﻭﺭﻭﺩ ﺧﻮﺩ ﺑﻪ ﻭﺏ ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﺗﻮﺟﻪ ﮐﻨﻴﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻣﻮﺿﻮﻉ ﻏﻴﺮ ﻋﺎﺩﯼ ﻭﺟﻮﺩ‬
‫ﻧﺪﺍﺭﺩ‪.‬‬
‫ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﺔ ﺧﻮﺩ ﺭﺍ ﺍﻳﻤﻦ ﺳﺎﺯﻳﺪ‪ :‬ﻣﺠﺪﺩﺍﹰ ﺗﮑﺮﺍﺭ ﻣﯽ ﮐﻨﻢ ﮐﻪ ﺩﺭ ﺍﻏﻠﺐ ﻣﻮﺍﺭﺩ‪ ،‬ﭼﻨﻴﻦ ﺣﻤﻼﺗﯽ ﺍﺯ ﺩﺍﺧﻞ‬
‫ﺷﺒﮑﻪ ﺻﻮﺭﺕ ﻣﯽ ﮔﻴﺮﺩ‪ .‬ﺍﮔﺮ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﺷﺒﮑﻪ ﺷﻤﺎ ﺍﻳ ﻤﻦ ﺑﺎﺷﻨﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﺍﺣﺘﻤﺎﻝ ﮐﻤﺘﺮﯼ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺗﺎ ﺍﺯ ﺍﻳﻦ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎ‬
‫ﺟﻬﺖ ﺍﻧﺠﺎﻡ ﺣﻤﻠﻪ ﺑﻪ ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ‪.‬‬
‫ﺭﺑﻮﺩﻥ ‪:SSL‬‬
‫ﺍﻳﻦ ﺭﻭﺵ‪ ،‬ﻳﮑﯽ ﺍﺯ ﻗﻮﯼ ﺗﺮﻳﻦ ﺣﻤﻼﺕ ﺷﺨﺺ ﻣﻴﺎﻧﯽ ﻣﺤﺴﻮﺏ ﻣﯽ ﺷﻮﺩ ﺯﻳﺮﺍ ﺗﻮﺳﻂ ﺍﻳﻦ ﺭﻭﺵ‪ ،‬ﺍﻣﮑﺎﻥ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺳﺮﻭﻳﺲ ﻫﺎ ﻭ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﯽ ﮐﻪ ﺑﻪ ﮔﻤﺎﻥ ﻣﺮﺩﻡ ﺍﻣﻦ ﻫﺴﺘﻨﺪ‪ ،‬ﻓﺮﺍﻫﻢ ﻣﯽ ﮔﺮﺩﺩ‪ .‬ﺍﻳﻦ ﻣﻘﺎﻟﻪ ﺭﺍ ﺑﺎ ﺑﺮﺭﺳﯽ ﺗﺌﻮﺭﯼ ﻫﺎﯼ ﻣﺮﺑﻮﻁ‬
‫ﺑﻪ ﺍﺭﺗﺒﺎﻃﺎﺕ ‪ SSL‬ﺁﻏﺎﺯ ﻣﯽ ﮐﻨﻢ‪ .‬ﻫﻤﭽﻨﻴﻦ‪ ،‬ﺷﺮﺡ ﺧﻮﺍﻫﻢ ﺩﺍﺩ ﮐﻪ ﭼﻪ ﻋﻠﻠﯽ ﺍﻳﺠﺎﺩ ﮐﻨﻨﺪﺓ ﺍﻣﻨﻴﺖ ﺩﺭ ﺍﻳﻦ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﯽ ﺑﺎﺷﻨﺪ ﻭ‬
‫ﭘﺲ ﺍﺯ ﺁﻥ‪ ،‬ﻧﺸﺎﻥ ﺧﻮﺍﻫﻢ ﺩﺍﺩ ﮐﻪ ﭼﮕﻮﻧﻪ ﻣﯽ ﺗﻮﺍﻥ ﺍﺯ ﺍﻳﻦ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺩﺭ ﺟﻬﺖ ﺭﺳﻴﺪﻥ ﺑﻪ ﺍﻫﺪﺍﻑ ﺷﻮﻡ ﺧﻮﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻴﻢ‪.‬‬
‫ﻣﻄﺎﺑﻖ ﻫﻤﻴﺸﻪ‪ ،‬ﺑﺨﺶ ﭘﺎﻳﺎﻧﯽ ﺍﻳﻦ ﻣﻘﺎﻟﻪ ﺑﻪ ﺭﻭﺵ ﻫﺎﯼ ﺷﻨﺎﺳﺎﻳﯽ ﻭ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺍﺧﺘﺼﺎﺹ ﻳﺎﻓﺘﻪ ﺍﺳﺖ‪.‬‬
‫‪ SSL‬ﻭ ‪:HTTPS‬‬
‫ﺩﺭ ﻣﻔﻬﻮﻡ ﻣﺪﺭﻥ‪ ،‬ﭘﺮﻭﺗﮑﻞ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺭﻣﺰ ﮔﺬﺍﺭﯼ ﺷﺪﻩ )‪ (SSL‬ﻳﺎ ﭘﺮﻭﺗﮑﻞ ﺍﻣﻦ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩﻩ )‪ ،(TLS‬ﭘﺮﻭﺗﮑﻞ ﻫﺎﻳﯽ ﺍﺳﺖ ﮐﻪ‬
‫ﺟﻬﺖ ﺍﻳﺠﺎﺩ ﺍﻣﻨﻴﺖ ﺩﺭﺷﺒﮑﻪ ﻃﺮﺍﺣﯽ ﺷﺪﻩ ﺍﻧﺪ ﻭ ﺗﻮﺳﻂ ﺭﻣﺰﮔﺬﺍﺭﯼ ﻋﻤﻞ ﻣﯽ ﮐﻨﻨﺪ‪ .‬ﺩﺭ ﺍﻏﻠﺐ ﻣﻮﺍﺭﺩ‪،‬ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺑﻄﻮﺭ ﻣﺸﺘﺮﮎ‬
‫ﺑﺎ ﭘﺮﻭﺗﮑﻞ ﻫﺎﯼ ﺩﻳﮕﺮ )ﺍﺯﻗﺒﻴﻞ ‪ IMAPS ،SMTP‬ﻭ ‪ (HTTPS‬ﻋﻤﻞ ﻣﯽ ﮐﻨﺪ ﺗﺎ ﻗﺎﺩﺭ ﺑﺎﺷﺪ ﺍﻣﻨﻴﺖ ﺭﺍ ﺩﺭ ﺳﺮﻭﻳﺴﯽ ﮐﻪ ﺍﺭﺍﺋﻪ ﻣﻴﺪﻫﺪ‬
‫ﺗﺄﻣﻴﻦ ﻧﻤﺎﻳﺪ‪ .‬ﻫﺪﻑ ﻧﻬﺎﻳﯽ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ‪ ،‬ﺍﻳﺠﺎﺩ ﮐﺎﻧﺎﻟﻬﺎﯼ ﺍﻣﻦ ﺩﺭ ﺷﺒﮑﻪ ﻫﺎﯼ ﻧﺎ ﺍﻣﻦ ﻣﯽ ﺑﺎﺷﺪ‪.‬‬
‫ﺑﺎ ﺍﻳﻨﮑﻪ ﺷﻤﺎ ﻫﺮ ﺭﻭﺯ ﺍﺯ ‪ HTTPS‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﺪ‪ ،‬ﺍﻣﺎ ﺷﺎﻳﺪ ﺍﺯ ﻭﺟﻮﺩ ﭼﻨﻴﻦ ﺣﻤﻼﺗﯽ ﻣﻄﻠﻊ ﻧﮕﺮﺩﻳﺪ‪ .‬ﺍﮐﺜﺮ ﺳﺮﻭﻳﺲ ﻫﺎﯼ‬
‫ﺍﻳﻤﻴﻞ ﻭ ﺑﺮﻧﺎﻣﻪ ﻫﺎﯼ ﺁﻧﻼﻳﻦ ﺑﺎﻧﮑﯽ ﺍﺯ ‪ HTTPS‬ﺟﻬﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺭﻣﺰﺩﺍﺭ ﺑﻮﺩﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻴﻦ ﻣﺮﻭﺭﮔﺮ ﺷﻤﺎ ﻭ ﺧﺪﻣﺎﺗﯽ ﮐﻪ ﺍﻳﻦ‬
‫ﺳﺮﻭﻳﺲ ﻫﺎ ﺍﺭﺍﺋﻪ ﻣﯽ ﺩﻫﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻨﺪ‪ .‬ﺍﮔﺮ ‪ HTTPS‬ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻨﺪ‪ ،‬ﻫﺮﮐﺎﺭﺑﺮﯼ ﺩﺭ ﺷﺒﮑﻪ ﻣﯽ ﺗﻮﺍﻧﺴﺖ ﺑﻮﺳﻴﻠﺔ ﻳﮏ‬
‫ﺑﺮﻧﺎﻣﺔ ﺗﺠﺴﺲ‪ username ،‬ﻭ ‪ password‬ﻭ ﺍﻃﻼﻋﺎﺕ ﻣﺨﻔﯽ ﺩﻳﮕﺮ ﺷﻤﺎ ﺭﺍ ﺑﺮﺑﺎﻳﺪ‪.‬‬
‫ﭘﺮﻭﺳﺔ ﺍﻣﻨﻴﺘﯽ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺗﻮﺳﻂ ‪ ، HTTPS‬ﺑﺮ ﺍﺳﺎﺱ ﺗﻮﺯﻳﻊ ﻣﺠﻮﺯﻫﺎﻳﯽ ﺑﻴﻦ ﺳﺮﻭﺭ‪ ،‬ﮐﺎﺭﺑﺮ ﻭ ﻳﮏ ﺷﺨﺺ ﺛﺎﻟﺚ ﻣﻮﺭﺩ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﻋﻤﻞ ﻣﯽ ﮐﻨﺪ‪ .‬ﺑﻪ ﻋﻨﻮﺍﻥ ﻣﺜﺎﻝ‪ ،‬ﺍﮔﺮ ﮐﺎﺭﺑﺮﯼ ﻗﺼﺪ ﻭﺭﻭﺩ ﺑﻪ ‪ Gmail‬ﺧﻮﺩ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﻣﯽ ﺑﺎﻳﺴﺖ ﻣﺮﺍﺣﻞ ﻣﺸﺨﺼﯽ‬
‫ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪ .‬ﺍﻳﻦ ﻣﺮﺍﺣﻞ ﺑﻄﻮﺭ ﺧﻼﺻﻪ ﺩﺭ ﺷﻜﻞ ‪ ۲۵‬ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺷﻜﻞ ‪ .٢٥‬ﭘﺮﻭﺳﻪ ﺍﻣﻨﻴﺖ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ‪HTTPS‬‬
‫ﺩﺭ ﭘﺮﻭﺳﺔ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺩﺭ ﺗﺼﻮﻳﺮ ﺑﺎﻻ‪ ،‬ﺟﺰﺋﻴﺎﺕ ﻋﻤﻠﮑﺮﺩ ﺍﻳﻦ ﭘﺮﻭﺳﻪ ﺫﮐﺮ ﻧﺸﺪﻩ ﺍﺳﺖ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ‪ ،‬ﺍﻳﻦ ﭘﺮﻭﺳﻪ ﺷﺎﻣﻞ‬
‫ﻣﺮﺍﺣﻞ ﮐﻠﯽ ﺯﻳﺮ ﻣﯽ ﮔﺮﺩﺩ‪:‬‬
‫‪ .۱‬ﻣﺮﻭﺭﮔﺮ ﮐﺎﺭﺑﺮ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ ،HTTP‬ﺑﻪ ﺁﺩﺭﺱ ‪ http://mail.google.com‬ﺩﺭ ﭘﻮﺭﺕ ‪ ۸۰‬ﻣﺘﺼﻞ ﻣﯽ ﺷﻮﺩ‪.‬‬
‫‪ .۲‬ﺳﺮﻭﺭ ﺷﺒﮑﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ ،HTTP code 302‬ﺑﺎﻋﺚ ﻫﺪﺍﻳﺖ ﻭ ﺍﻧﺘﻘﺎﻝ ‪ HTTP‬ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺗﻮﺳﻂ ﮐﺎﺭﺑﺮ ﺑﻪ ‪HTTPS‬‬
‫ﻣﻲ ﮔﺮﺩﺩ‪.‬‬
‫ﮐﺎﺭﺑﺮ ﺑﻪ ﺁﺩﺭﺱ ‪ https://mail.google.com‬ﺩﺭ ﭘﻮﺭﺕ ‪ ۴۴۳‬ﻣﺘﺼﻞ ﻣﯽ ﺷﻮﺩ‪.‬‬ ‫‪.۳‬‬
‫‪ .۴‬ﺳﺮﻭﺭ ﻣﺠﻮﺯﯼ ﺑﻪ ﮐﺎﺭﺑﺮ ﺍﺭﺍﺋﻪ ﻣﯽ ﮐﻨﺪ ﮐﻪ ﺣﺎﻭﯼ ﺍﻣﻀﺎﯼ ﺩﻳﺠﻴﺘﺎﻟﯽ ﮐﺎﺭﺑﺮ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﮐﺎﺭﺑﺮﺩ ﺍﻳﻦ ﻣﺠﻮﺯ‪ ،‬ﺍﺛﺒﺎﺕ ﺷﻨﺎﺳﺔ‬
‫ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﻣﯽ ﺑﺎﺷﺪ‪.‬‬
‫‪ .۵‬ﮐﺎﺭﺑﺮ ﺍﻳﻦ ﻣﺠﻮﺯ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻧﻤﻮﺩﻩ ﻭ ﺑﺎ ﺩﻳﮕﺮ ﻣﺠﻮﺯ ﻫﺎﯼ ﺻﺎﺩﺭ ﺷﺪﻩ ﻣﻘﺎﻳﺴﻪ ﻣﯽ ﮐﻨﺪ‪.‬‬
‫‪ .۶‬ﺍﺭﺗﺒﺎﻁ ﺭﻣﺰﺩﺍﺭ ﺑﺮﻗﺮﺍﺭ ﻣﯽ ﮔﺮﺩﺩ‪.‬‬
‫ﺍﮔﺮ ﻣﺮﺍﺣﻞ ﺑﺮﺭﺳﯽ ﺍﻋﺘﺒﺎﺭ ﺍﻳﻦ ﻣﺠﻮﺯ ﺑﺎ ﺷﮑﺴﺖ ﺭﻭﺑﺮﻭ ﺷﻮﺩ‪ ،‬ﻣﯽ ﺗﻮﺍﻥ ﮔﻔﺖ ﮐﻪ ﻭﺏ ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﻗﺎﺩﺭ ﺑﻪ ﺍﺛﺒﺎﺕ ﺷﻨﺎﺳﺔ‬
‫‪-‬‬ ‫ﺧﻮﺩ ﻧﺒﻮﺩﻩ ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳﻦ ﺣﺎﻟﺖ‪ ،‬ﭘﻴﻐﺎﻡ ﻋﺪﻡ ﺍﺛﺒﺎﺕ ﻣﺠﻮﺯ ﺑﺮﺍﯼ ﮐﺎﺭﺑﺮ ﺻﺎﺩﺭ ﻣﯽ ﺷﻮﺩ‪ .‬ﮐﺎﺭﺑﺮ ﭘﺲ ﺍﺯ ﺩﺭﻳﺎﻓﺖ ﺍﻳﻦ ﭘﻴﻐﺎﻡ‪ ،‬ﻣﯽ‬
‫ﺗﻮﺍﻧﺪ ﺑﺎ ﻣﺴﺌﻮﻟﻴﺖ ﺧﻮﺩ ﻓﻌﺎﻟﻴﺘﺶ ﺭﺍ ﺍﺩﺍﻣﻪ ﺩﻫﺪ‪ ،‬ﺯﻳﺮﺍ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﮐﻪ ﮐﺎﺭﺑﺮ ﺩﺭ ﺣﺎﻝ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺳﺎﻳﺖ ﻣﻮﺭﺩ‬
‫ﻧﻈﺮ ﻧﺒﺎﺷﺪ‪.‬‬
‫ﺷﻜﺴﺖ ‪:HTTPS‬‬
‫ﺍﻳﻦ ﻓﺮﺍیﻨﺪ ﺗﺎ ﭼﻨﺪ ﺳﺎﻝ ﭘﻴﺶ ﺑﺴﻴﺎﺭﺍﻣﻦ ﻭ ﻣﻄﻤﺌﻦ ﺷﻨﺎﺧﺘﻪ ﻣﯽ ﺷﺪ ﺗﺎ ﺍﻳﻨﮑﻪ ﺣﻤﻠﻪ ﺍﯼ ﺍﻧﺠﺎﻡ ﮔﺮﺩﻳﺪ ﮐﻪ ﺍﻣﮑﺎﻥ ﺭﺑﻮﺩﻥ ﻓﺮﺍﻳﻨﺪ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍ ﻓﺮﺍﻫﻢ ﻧﻤﻮﺩ‪ .‬ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﺷﺎﻣﻞ ﺷﮑﺴﺘﻦ ‪ SSL‬ﻧﻤﯽ ﮔﺮﺩﺩ ﺑﻠﮑﻪ ﺑﺎﻋﺚ ﺷﮑﺴﺘﻦ ﭘﻞ ﺍﺭﺗﺒﺎﻃﯽ ﻣﻴﺎﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ‬
‫ﺭﻣﺰﺩﺍﺭ ﻭ ﻏﻴﺮ ﺭﻣﺰﯼ ﻣﯽ ﺷﻮﺩ‪.‬‬
‫ﺁﻗﺎﯼ ‪ ،Moxie Marlinspike‬ﮐﻪ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﺍﻣﻨﻴﺘﯽ ﺷﻬﺮﺕ ﺩﺍﺭﺩ‪ ،‬ﺍﻳﻦ ﻓﺮﺿﻴﻪ ﺭﺍ ﺑﻴﺎﻥ ﮐﺮﺩﻩ ﺍﺳﺖ ﮐﻪ ﻳﮏ‬
‫ﺍﺭﺗﺒﺎﻁ ‪ ،SSL‬ﻫﻴﭽﮕﺎﻩ ﺑﺼﻮﺭﺕ ﻣﺴﺘﻘﻴﻢ ﺑﺮﻗﺮﺍﺭ ﻧﻤﯽ ﺷﻮﺩ‪ .‬ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ‪ ،‬ﺩﺭ ﺍﻏﺐ ﻣﻮﺍﺭﺩ‪ ،‬ﻳﮏ ﺍﺭﺗﺒﺎﻁ ‪ ،SSL‬ﺍﺯ ﻃﺮﻳﻖ ‪HTTP‬‬
‫ﺑﺮﻗﺮﺍﺭ ﻣﯽ ﺷﻮﺩ‪ .‬ﻋﻠﺖ ﺍﻳﻦ ﺍﻣﺮ ﺁﻥ ﺍﺳﺖ ﮐﻪ ﮐﺎﺭﺑﺮﺍﻥ ﺑﻮﺳﻴﻠﺔ ‪ HTTP code 302‬ﺑﻪ ‪ HTTPS‬ﻫﺪﺍﻳﺖ ﻭ ﻣﻨﺘﻘﻞ ﻣﯽ ﺷﻮﻧﺪ ﻳﺎ ﺍﻳﻨﮑﻪ‬
‫ﮐﺎﺭﺑﺮﺍﻥ ﺑﺮ ﺭﻭﯼ ﻟﻴﻨﮑﯽ )ﻣﺎﻧﻨﺪ ‪ (login‬ﮐﻠﻴﮏ ﮐﺮﺩﻩ ﺍﻧﺪ ﮐﻪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﺳﺎﻳﺖ ﻫﺎﯼ ‪ HTTP‬ﻣﻨﺘﻘﻞ ﻣﯽ ﻧﻤﺎﻳﺪ‪ .‬ﺍﻳﻦ ﺍﻳﺪﻩ ﺑﺮ ﺍﻳﻦ‬
‫ﺍﺳﺎﺱ ﺷﮑﻞ ﮔﺮﻓﺘﻪ ﺍﺳﺖ ﮐﻪ ﺍﮔﺮ ﺷﻤﺎ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺣﺎﻝ ﺍﻧﺘﻘﺎﻝ ﺍﺯ ﻳﮏ ﺍﺭﺗﺒﺎﻁ ﻧﺎ ﺍﻣﻦ ﺑﻪ ﺍﺭﺗﺒﺎﻃﯽ ﺍﻣﻦ ﺣﻤﻠﻪ ﮐﻨﻴﺪ )ﺩﺭ ﺍﻳﻦ‬
‫ﻣﺜﺎﻝ ﺍﺯ ‪ HTTP‬ﺑﻪ ‪ ،(HTTPS‬ﺩﺭ ﺣﻘﻴﻘﺖ ﺷﻤﺎ ﺩﺭ ﺑﻪ ﭘﻞ ﺍﺭﺗﺒﺎﻃﯽ ﺣﻤﻠﻪ ﻧﻤﻮﺩﻩ ﺍﻳﺪ ﻭ ﻗﺎﺩﺭ ﺧﻮﺍﻫیﺪ ﺑﻮﺩ ﻳﮏ ﺣﻤﻠﺔ ﺷﺨﺺ‬
‫ﻣﻴﺎﻧﯽ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﺍﺭﺗﺒﺎﻁ ‪ SSL‬ﺍﻋﻤﺎﻝ ﮐﻨﻴﺪ‪ ،‬ﺣﺘﯽ ﺷﻤﺎ ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺍﻳﻦ ﺣﻤﻠﻪ ﺭﺍ ﻗﺒﻞ ﺍﺯ ﺷﮑﻞ ﮔﻴﺮﯼ ﺍﻳﻦ ﺍﺭﺗﺒﺎﻁ ‪ SSL‬ﻧﻴﺰ ﺍﺟﺮﺍ‬
‫ﮐﻨﻴﺪ‪ .‬ﺁﻗﺎﯼ ‪ Moxie Marlinspike‬ﺟﻬﺖ ﺍﻣﮑﺎﻥ ﺍﺟﺮﺍﯼ ﻣﺆﺛﺮ ﺍﻳﻦ ﺭﻭﺵ‪ ،‬ﺍﻗﺪﺍﻡ ﺑﻪ ﺗﻮﻟﻴﺪ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ SSLstrip‬ﻧﻤﻮﺩﻩ ﺍﺳﺖ‪ .‬ﺩﺭ‬
‫ﺍﻳﻦ ﺑﺨﺶ ﻣﺎ ﺍﺯ ﻭﺟﻮﺩ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺑﻬﺮﻩ ﻣﻲ ﺑﺮﻳﻢ‪.‬‬
‫ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﺑﺴﻴﺎﺭ ﺁﺳﺎﻥ ﺑﻮﺩﻩ ﻭ ﻳﺎﺩﺁﻭﺭ ﺑﺮﺧﯽ ﺍﺯ ﺣﻤﻼﺕ ﺑﺮﺭﺳﯽ ﺷﺪﻩ ﺩﺭ ﻗﺴﻤﺖ ﻫﺎﯼ ﻗﺒﻠﯽ ﺍﻳﻦ ﻣﻘﺎﻟﻪ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﺩﺭ‬
‫ﺷﻜﻞ ‪ ۲۶‬ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺷﻜﻞ ‪ .۲۶‬ﺭﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ‪HTTPS‬‬
‫ﻓﺮﺍﻳﻨﺪ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺩﺭ ﺷﻜﻞ ﺑﺎﻻ‪ ،‬ﺑﻪ ﺗﺮﺗﻴﺐ ﺯﻳﺮ ﻋﻤﻞ ﻣﯽ ﮐﻨﺪ‪:‬‬
‫‪ .۱‬ﺍﻃﻼﻋﺎﺕ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺑﻴﻦ ﮐﺎﺭﺑﺮ ﻭ ﺳﺮﻭﺭ ﺭﺑﻮﺩﻩ ﻣﯽ ﺷﻮﺩ‪.‬‬

‫‪ .۲‬ﺯﻣﺎﻧﻴﮑﻪ ‪ URL‬ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﮏ ‪ HTTP‬ﺑﺎ ‪ sslstrip‬ﻣﻮﺍﺟﻪ ﮔﺮﺩﺩ‪ ،‬ﺁﻧﺮﺍ ﺑﺎ ﻳﮏ ﻟﻴﻨﮏ ‪ HTTP‬ﺗﻌﻮﻳﺾ ﻧﻤﻮﺩﻩ ﻭ‬
‫ﺗﻐﻴﻴﺮﺍﺕ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺭﺍ ﺩﺭ ﺧﻮﺩ ﺫﺧﻴﺮﻩ ﻣﯽ ﮐﻨﺪ‪.‬‬
‫‪ .۳‬ﮐﺎﻣﭙﻴﻮﺗﺮ ﺣﻤﻠﻪ ﮐﻨﻨﺪﻩ‪ ،‬ﻣﺠﻮﺯ ﻫﺎﻳﯽ ﺭﺍ ﺑﻪ ﺳﺮﻭﺭ ﺷﺒﮑﻪ ﺍﺭﺍﺋﻪ ﻣﯽ ﮐﻨﺪ ﻭ ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﯼ ﮐﺎﺭﺑﺮ ﻣﻌﺮﻓﯽ ﻣﯽ ﮐﻨﺪ‪.‬‬
‫‪ .۴‬ﺍﻃﻼﻋﺎﺕ ﺍﺯ ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﺩﺭﻳﺎﻓﺖ ﺷﺪﻩ ﻭ ﺑﻪ ﮐﺎﺭﺑﺮ )ﻗﺮﺑﺎﻧﯽ( ﺍﺭﺍﺋﻪ ﻣﯽ ﮔﺮﺩﺩ‪.‬‬
‫ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ ﺑﺴﻴﺎﺭ ﺧﻮﺏ ﻋﻤﻞ ﻣﯽ ﮐﻨﺪ‪ ،‬ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺳﺮﻭﺭ ﻧﻴﺰ‪ ،‬ﺍﻃﻼﻋﺎﺕ ‪ SSL‬ﻣﻮﺭﺩ ﻧﻈﺮ ﺩﺭ ﺣﺎﻝ ﺩﺭﻳﺎﻓﺖ ﺍﺳﺖ ﻭ ﺳﺮﻭﺭ ﺗﻔﺎﻭﺗﯽ ﺭﺍ‬
‫ﺗﺸﺨﻴﺺ ﻧﻤﯽ ﺩﻫﺪ‪ .‬ﻳﮏ ﮐﺎﺭﺑﺮ ﺑﺎ ﺗﺠﺮﺑﻪ ﻳﺎ ﻫﺸﻴﺎﺭ ﻣﻤﮑﻦ ﺍﺳﺖ ﺑﻪ ‪ HTTP‬ﻧﺒﻮﺩﻥ ‪ flag‬ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﺮﻭﺭﮔﺮ ﭘﯽ ﺑﺮﺩﻩ ﻭ ﻣﺘﻮﺟﻪ‬
‫ﺷﻮﺩ ﮐﻪ ﻣﻮﺿﻮﻋﯽ ﻏﻴﺮ ﻋﺎﺩﯼ ﺍﺳﺖ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪:SSLStrip‬‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭﯼ ﮐﻪ ﺍﻣﮑﺎﻥ ﻋﻤﻠﮑﺮﺩ ﻫﺎﯼ ﺫﮐﺮ ﺷﺪﻩ ﺭﺍ ﻣﻬﻴﺎ ﻣﯽ ﺳﺎﺯﺩ‪ SSLStrip ،‬ﻧﺎﻡ ﺩﺍﺭﺩ‪ .‬ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺗﻨﻬﺎ ﺗﺤﺖ ‪ Linux‬ﺍﺟﺮﺍ ﻣﯽ‬
‫ﺷﻮﺩ‪ ،‬ﺍﮔﺮ ﻣﺎﻳﻞ ﺑﻪ ﻣﻮﺍﺟﻪ ﺷﺪﻥ ﺑﺎ ﻣﺮﺍﺣﻞ ﺩﺷﻮﺍﺭ ﻧﺼﺐ ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻧﻴﺴﺘﻴﺪ‪ ،‬ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺑﺮﻧﺎﻣﺔ ‪ Backtrack 4‬ﺭﺍ ﺩﺍﻧﻠﻮﺩ ﻭ ﺍﺟﺮﺍ‬
‫ﮐﻨﻴﺪ ﺯﻳﺮﺍ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ SSLStrip‬ﺍﺯ ﻗﺒﻞ ﺩﺭ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﻧﺼﺐ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻫﻨﮕﺎﻣﻴﮑﻪ ﺑﻪ ‪ SSLStrip‬ﺩﺳﺘﺮﺳﯽ ﭘﻴﺪﺍ ﮐﺮﺩﻳﺪ‪ ،‬ﻻﺯﻡ ﺍﺳﺖ ﺍﻗﺪﺍﻣﺎﺕ ﭘﻴﺶ ﻧﻴﺎﺯﯼ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ‪ .‬ﺍﺑﺘﺪﺍ ﻣﯽ ﺑﺎﻳﺴﺖ ﺳﻴﺴﺘﻢ ﻋﺎﻣﻞ‬
‫‪ Linux‬ﺧﻮﺩ ﺭﺍ ﺟﻬﺖ ﺍﺭﺳﺎﻝ ﺁﺩﺭﺱ ﻫﺎ ‪ IP‬ﭘﻴﮑﺮﺑﻨﺪﯼ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺑﺮﺍﯼ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﮐﺎﺭ ﺑﺎﻳﺪ ﺁﺩﺭﺱ ﺯﻳﺮ ﺭﺍ ﺩﺭ ﺑﺮﻧﺎﻣﺔ ﻭﺍﺳﻂ )‪(shell‬‬
‫ﻭﺍﺭﺩ ﻧﻤﺎﻳﻴﺪ‬
‫‪echo "1" > /proc/sys/net/ipv4/ip_forward‬‬

‫ﺷﻜﻞ ‪ .٢٧‬ﻓﻌﺎﻝ ﻧﻤﻮﺩﻥ ﺍﻣﻜﺎﻥ ﺍﺭﺳﺎﻝ ‪IP‬‬
‫ﺯﻣﺎﻧﻴﮑﻪ ﺍﻣﮑﺎﻥ ﺍﺭﺳﺎﻝ ‪ IP‬ﻫﺎ ﺭﺍ ﻓﻌﺎﻝ ﻧﻤﻮﺩﻳﺪ‪ ،‬ﻣﯽ ﺑﺎﻳﺴﺖ ﺗﻤﺎﻣﯽ ﺍﻃﻼﻋﺎﺕ ‪ HTTP‬ﺭﺑﻮﺩﻩ ﺷﺪﻩ ﺭﺍ ﺑﻪ ﭘﻮﺭﺗﯽ ﮐﻪ ‪ SSLStrip‬ﺩﺭ ﺁﻥ‬
‫ﻓﻌﺎﻝ ﺍﺳﺖ ﻣﻨﺘﻘﻞ ﮐﻨﻴﺪ‪ .‬ﺍﻳﻦ ﻋﻤﻞ ﺗﻮﺳﻂ ﺍﺻﻼﺡ ﭘﻴﮑﺮﺑﻨﺪﯼ ﻓﺎﻳﺮﻭﺍﻝ ‪ iptabel‬ﻫﺎ ﺍﻧﺠﺎﻡ ﻣﯽ ﮔﻴﺮﺩ‪ .‬ﺑﺮﺍﯼ ﺍﺻﻼﺡ ﺍﻳﻦ ﭘﻴﮑﺮﺑﻨﺪﯼ‪،‬‬
‫ﻣﯽ ﺑﺎﻳﺴﺖ ﺩﺳﺘﻮﺭ ﺯﻳﺮ ﺭﺍ ﻭﺍﺭﺩ ﻧﻤﺎﻳﻴﺪ‪:‬‬
‫‪iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>.‬‬
‫ﺷﻜﻞ‪ .۲۸‬ﭘﻴﻜﺮﺑﻨﺪﻱ ‪ iptable‬ﺟﻬﺖ ﺍﻧﺘﻘﺎﻝ ﺻﺤﻴﺢ ﺍﻃﻼﻋﺎﺕ ‪HTTP‬‬

‫ﺷﻤﺎ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻋﻤﻞ‪ <listen port> ،‬ﺭﺍ ﺑﺎ ﻳﮏ ﭘﻮﺭﺕ ﺗﺼﺎﺩﻓﯽ ﺑﻪ ﺍﻧﺘﺨﺎﺏ ﺧﻮﺩﺗﺎﻥ ﺗﻌﻮﻳﺾ ﺧﻮﺍﻫﻴﺪ ﻧﻤﻮﺩ‪ .‬ﭘﺲ ﺍﺯ‬
‫ﭘﻴﮑﺮﺑﻨﺪﯼ ﺍﻳﻦ ﻣﻮﺍﺭﺩ‪ ،‬ﻣﺎ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﻢ ﺑﻮﺩ ﮐﻪ ‪ sslstrip‬ﺭﺍ ﺍﺟﺮﺍﻧﻤﻮﺩﻩ ﻭ ﺁﻧﺮﺍ ﺑﺮﺍﯼ ﺗﺠﺴﺲ ﺩﺭ ﭘﻮﺭﺕ ﻣﺸﺨﺺ ﺷﺪﻩ ﺗﻮﺳﻂ‬
‫ﺩﺳﺘﻮﺭ >‪ sslstrip -l <listenPort‬ﭘﻴﮑﺮ ﺑﻨﺪﯼ ﻧﻤﺎﻳﻴﻢ‪.‬‬
‫ﺷﻜﻞ ‪ .٢٩‬ﺑﻜﺎﺭﮔﻴﺮﻱ ‪SSLStrip‬‬
‫ﺁﺧﺮﻳﻦ ﻣﺮﺣﻠﻪ ﺩﺭ ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ‪ ،‬ﭘﻴﮑﺮﺑﻨﺪﯼ ""‪ ""ARP Spoofing‬ﺟﻬﺖ ﺭﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺗﻮﺳﻂ ﻗﺮﺑﺎﻧﯽ ﻣﯽ ﺑﺎﺷﺪ‪ .‬ﻣﺎ‬
‫ﻗﺒﻼﹰ ﺩﺭ ﻭﻳﻨﺪﻭﺯ ﻭ ﺗﻮﺳﻂ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ Cain and Abel‬ﺍﻳﻦ ﮐﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﺍﺩﻩ ﺍﻳﻢ‪ ،‬ﺍﻣﺎ ﺩﺭ ﺍﻳﻨﺠﺎ ﺍﺯ ﺍﺑﺰﺍﺭ ‪ arpspoof‬ﺑﺮﺍﯼ ﺍﻳﻦ ﻣﻨﻈﻮﺭ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﻢ‪ .‬ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺩﺭ ﺩﺍﺧﻞ ﺑﺮﻧﺎﻣﺔ ‪ Backtrack4‬ﺗﻌﺒﻴﻪ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺟﻬﺖ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﮐﺎﺭ ﺑﺎﻳﺪ ﺩﺳﺘﻮﺭ ﺯﻳﺮ ﺭﺍ ﻭﺍﺭﺩ‬
‫ﻧﻤﺎﻳﻴﻢ‪:‬‬
‫>‪arpspoof -i <interface> -t <targetIP> <gatewayIP‬‬

‫ﺷﻜﻞ ‪ .۳۰‬ﭘﻴﻜﺮﺑﻨﺪﻱ ‪ARP Spoofing‬‬
‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺩﺳﺘﻮﺭ‪ ،‬ﺷﻤﺎ >‪ <interface‬ﺭﺍ ﺑﺮﺍﯼ ﺗﺮﻣﻴﻨﺎﻝ ﺷﺒﮑﻪ ﺍﯼ ﮐﻪ ﺷﻤﺎ ﺍﻳﻦ ﺍﻗﺪﺍﻣﺎﺕ ﺭﺍ ﺩﺭ ﺁﻥ ﺍﻧﺠﺎﻡ ﻣﯽ ﺩﻫﻴﺪ‬
‫)‪ eth1 ،eth0‬ﻭ ﻏﻴﺮﻩ( ﺗﻌﻮﻳﺾ ﺧﻮﺍﻫﻴﺪ ﻧﻤﻮﺩ‪ .‬ﻫﻤﭽﻨﻴﻦ‪ <targetIP> ،‬ﺭﺍ ﺑﺮﺍﯼ ﺁﺩﺭﺱ ‪ IP‬ﺷﺨﺺ ﻗﺮﺑﺎﻧﯽ ﺗﻐﻴﻴﺮ ﻣﯽ ﺩﻫﻴﺪ ﻭ‬
‫>‪ <gatewayIP‬ﺭﺍ ﺑﺮﺍﯼ ﺁﺩﺭﺱ ‪ IP‬ﺩﺭﻭﺍﺯﺓ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺷﺨﺺ ﻗﺮﺑﺎﻧﯽ ﻋﻮﺽ ﺧﻮﺍﻫﻴﺪ ﮐﺮﺩ‪.‬‬
‫ﭘﺲ ﺍﺯ ﺗﮑﻤﻴﻞ ﺍﻳﻦ ﻓﺮﺍﻳﻨﺪ‪ ،‬ﺷﻤﺎ ﻣﯽ ﺑﺎﻳﺴﺖ ﺑﻄﻮﺭ ﻓﻌﺎﻻﻧﻪ ﺑﻪ ﺭﺑﻮﺩﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﺮﻗﺮﺍﺭﺷﺪﺓ ‪ SSL‬ﺑﭙﺮﺩﺍﺯﻳﺪ‪ .‬ﺍﮐﻨﻮﻥ ﺷﻤﺎ ﻣﯽ ﺗﻮﺍﻧﻴﺪ‬
‫ﺍﺯ ﻳﮏ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺗﺠﺴﺴﯽ ﺑﺮﺍﯼ ﺩﺯﺩﯼ ‪ password‬ﻫﺎ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺷﻨﺎﺳﺎﻳﯽ ﺷﺨﺼﯽ‪ ،‬ﺷﻤﺎﺭﺓ ﮐﺎﺭﺕ ﻫﺎﯼ ﺍﻋﺘﺒﺎﺭﯼ ﻭ ﻏﻴﺮﻩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻴﺪ‪.‬‬
‫ﺭﻭﺵ ﻫﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ "ﺭﺑﻮﺩﻥ ‪:"SSL‬‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﻗﺒﻼﹰ ﻫﻢ ﺑﻪ ﺁﻥ ﺍﺷﺎﺭﻩ ﺷﺪ‪ ،‬ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺍﺯ ﺣﻤﻼﺕ ""ﺭﺑﻮﺩﻥ ‪ ،""SSL‬ﺑﻪ ﻫﻴﭻ ﻋﻨﻮﺍﻥ ﺗﻮﺳﻂ ﺳﺮﻭﺭ ﻗﺎﺑﻞ ﺷﻨﺎﺳﺎﻳﯽ‬
‫ﻧﻤﯽ ﺑﺎﺷﺪ ﺯﻳﺮﺍ ﺍﻳﻦ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺑﻪ ﻋﻨﻮﺍﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻋﺎﺩﯼ ﻭ ﻧﺮﻣﺎﻝ ﮐﺎﺭﺑﺮ ﺗﻠﻘﯽ ﻣﯽ ﺷﻮﺩ‪ .‬ﻳﮏ ﺳﺮﻭﺭ‪ ،‬ﻧﻤﯽ ﺗﻮﺍﻧﺪ ﺗﺸﺨﻴﺺ‬
‫ﺩﻫﺪ ﮐﻪ ﺍﺯ ﻃﺮﻳﻖ ﻳﮏ ﭘﺮﺍﮐﺴﯽ ﺑﺎ ﮐﺎﺭﺑﺮ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﺍﺳﺖ‪ .‬ﺧﻮﺷﺒﺨﺘﺎﻧﻪ‪ ،‬ﭼﻨﺪ ﺭﻭﺵ ﺑﺮﺍﯼ ﮐﻤﮏ ﺑﻪ ﮐﺎﺭﺑﺮﺍﻥ ﺟﻬﺖ ﺷﻨﺎﺳﺎﻳﯽ ﻭ‬
‫ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﺣﻤﻼﺕ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫ﺍﺯ ﺍﻣﻦ ﺑﻮﺩﻥ ﺍﺗﺼﺎﻻﺗﯽ ﮐﻪ ﺍﺯ ‪ HTTPS‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻨﺪ‪ ،‬ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻧﻤﺎﻳﻴﺪ‪ :‬ﻭﻗﺘﯽ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺭﺍ ﺑﻪ ﺍﺟﺮﺍ‬
‫ﺩﺭ ﻣﯽ ﺁﻳﺪ‪ ،‬ﺟﻨﺒﻪ ﻫﺎﯼ ﺍﻣﻨﻴﺘﯽ ﺍﺭﺗﺒﺎﻁ ﺍﺯ ﺑﻴﻦ ﻣﯽ ﺭﻭﺩ ﻭ ﺍﻳﻦ ﺗﻐﻴﻴﺮ‪ ،‬ﺩﺭ ﻣﺮﻭﺭﮔﺮ ﮐﺎﺭﺑﺮ ﻗﺎﺑﻞ ﻣﺸﺎﻫﺪﻩ ﺍﺳﺖ‪ .‬ﺑﻪ ﻋﻨﻮﺍﻥ ﻣﺜﺎﻝ‪،‬‬
‫ﻫﻨﮕﺎﻣﻴﮑﻪ ﺷﻤﺎ ﻭﺍﺭﺩ ﻋﻤﻠﻴﺎﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ ﺧﻮﺩ ﻣﯽ ﺷﻮﻳﺪ ﻭ ﻣﯽ ﺑﻴﻨﻴﺪ ﮐﻪ ﺗﻨﻬﺎ ﻳﮏ ﺍﺗﺼﺎﻝ ﻋﺎﺩﯼ ‪ HTTP‬ﺑﺮﻗﺮﺍﺭ ﺍﺳﺖ‪ ،‬ﺁﻧﮕﺎﻩ‬
‫ﻣﯽ ﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺟﺮﻳﺎﻥ ﺩﺍﺷﺘﻦ ﭼﻨﻴﻦ ﺣﻤﻼﺗﯽ ﺷﮏ ﮐﻨﻴﺪ‪ .‬ﻣﺴﺘﻘﻞ ﺍﺯ ﺍﻳﻨﮑﻪ ﺷﻤﺎ ﺍﺯ ﭼﻪ ﻣﺮﻭﺭﮔﺮﯼ ﺍﺳﺘﻔﺎﺩﻩ ﻣﯽ ﮐﻨﻴﺪ‪ ،‬ﺑﺎﻳﺪ ﻗﺎﺩﺭ‬
‫ﺑﺎﺷﻴﺪ ﺍﺗﺼﺎﻻﺕ ﺍﻣﻦ ﺭﺍ ﺍﺯ ﺍﺗﺼﺎﻻﺕ ﻧﺎ ﺍﻣﻦ ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ‪.‬‬
‫ﻋﻤﻠﻴﺎﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ ﺭﺍ ﺩﺭ ﻣﻨﺰﻝ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ‪ :‬ﺍﺣﺘﻤﺎﻝ ﺍﻳﻨﮑﻪ ﺷﺨﺼﯽ ﺩﺭ ﺷﺒﮑﺔ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺑﻪ ﺗﺠﺴﺲ ﺩﺭ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﺒﺎﺩﻟﻪ ﺷﺪﺓ ﺷﻤﺎ ﺑﭙﺮﺩﺍﺯﺩ ﮐﻤﺘﺮ ﺍﺯ ﺁﻥ ﺍﺳﺖ ﮐﻪ ﮐﺴﯽ ﺩﺭ ﻣﺤﻞ ﮐﺎﺭ ﺷﻤﺎ ﺑﻪ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻋﻤﻞ ﻣﺒﺎﺩﺭﺕ ﮐﻨﺪ‪ .‬ﻋﻠﺖ ﺍﻳﻦ ﺍﻣﺮ ﺁﻥ‬
‫ﻧﻴﺴﺖ ﮐﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺍﻣﻦ ﺗﺮ ﺍﺳﺖ ﺯﻳﺮﺍ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺧﺎﻧﮕﯽ ﺷﻤﺎ ﺍﺯ ﺍﻣﻨﻴﺖ ﮐﻤﺘﺮﯼ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪ ،‬ﺑﻠﮑﻪ ﻋﻠﺖ ﺁﻧﺴﺖ‬
‫ﮐﻪ ﺍﮔﺮ ﺷﻤﺎ ﻳﮏ ﻳﺎ ﺩﻭ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺩﺭ ﻣﻨﺰﻝ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ ،‬ﺗﻨﻬﺎ ﺧﻄﺮﯼ ﮐﻪ ﺷﻤﺎ ﺭﺍ ﺗﻬﺪﻳﺪ ﻣﯽ ﮐﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﮐﻪ ﭘﺴﺮ ‪ ۱۴‬ﺳﺎﻟﺔ‬
‫ﺷﻤﺎ ﮐﻠﻴﭗ ﻫﺎﯼ ﺁﻣﻮﺯﺵ ﻫﮏ ﮐﺮﺩﻥ ﺭﺍ ﺩﺭ ‪ YouTube‬ﺩیﺪﻩ ﺑﺎﺷﺪ‪ .‬ﻭﻟﯽ ﺩﺭ ﺷﺒﮑﺔ ﮐﺎﺭﯼ‪ ،‬ﺷﻤﺎ ﺍﺯ ﺍﺗﻔﺎﻗﺎﺕ ﺭﺥ ﺩﺍﺩ ﺩﺭ ﺍﺗﺎﻕ ﻫﺎﯼ‬
‫ﺩﻳﮕﺮ ﺷﺮﮐﺖ ﻳﺎ ﺩﺭ ﺷﻌﺒﻪ ﻫﺎﯼ ﺩﻳﮕﺮ ﺷﺮﮐﺖ ﺩﺭ ‪ ۲۰۰‬ﻣﺎﻳﻠﯽ ﺧﻮﺩ ﺧﺒﺮ ﻧﺪﺍﺭﻳﺪ‪ ،‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﺍﻳﻨﮑﻪ ﺣﻤﻠﻪ ﺍﯼ ﺑﻪ ﮐﺎﻣﭙﻴﻮﺗﺮ‬
‫ﺷﻤﺎ ﺻﻮﺭﺕ ﮔﻴﺮﺩ‪ ،‬ﭼﻨﺪ ﺑﺮﺍﺑﺮ ﻣﯽ ﺷﻮﺩ‪ .‬ﻳﮑﯽ ﺍﺯ ﺍﺻﻠﯽ ﺗﺮﻳﻦ ﺍﻫﺪﺍﻑ ﺣﻤﻼﺗﯽ ﺍﺯ ﻧﻮﻉ ""ﺭﺑﻮﺩﻥ ‪ ،""SSL‬ﻋﻤﻠﻴﺎﺕ ﺑﺎﻧﮑﯽ ﺁﻧﻼﻳﻦ‬
‫ﺍﺳﺖ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ‪ ،‬ﺭﺍﻩ ﻫﺎﯼ ﻣﻘﺎﺑﻠﺔ ﺫﮐﺮ ﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻣﻘﺎﻟﻪ‪ ،‬ﺩﺭ ﻣﻮﺭﺩ ﺗﻤﺎﻣﯽ ﺍﻫﺪﺍﻑ ﺍﻳﻦ ﺣﻤﻼﺕ ﮐﺎﺭﺑﺮﺩ ﺩﺍﺭﺩ‪.‬‬
‫ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷﺒﮑﺔ ﺧﻮﺩ ﺭﺍ ﺍﻳﻤﻦ ﺳﺎﺯﻳﺪ‪ :‬ﺑﺎﺯ ﻫﻢ ﺗﮑﺮﺍﺭ ﻣﯽ ﮐﻨﻢ ﮐﻪ ﺩﺭ ﺍﻏﻠﺐ ﻣﻮﺍﺭﺩ‪ ،‬ﭼﻨﻴﻦ ﺣﻤﻼﺗﯽ ﺍﺯ ﺩﺍﺧﻞ‬
‫ﺷﺒﮑﻪ ﺻﻮﺭﺕ ﻣﯽ ﮔﻴﺮﺩ‪ .‬ﺍﮔﺮ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎﯼ ﺷﺒﮑﻪ ﺷﻤﺎ ﺍﻳﻤﻦ ﺑﺎﺷﻨﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﺍﺣﺘﻤﺎﻝ ﮐﻤﺘﺮﯼ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺗﺎ ﺍﺯ ﺍﻳﻦ ﮐﺎﻣﭙﻴﻮﺗﺮﻫﺎ‬
‫ﺟﻬﺖ ﺍﺟﺮﺍﯼ ﺍﻳﻦ ﺣﻤﻼﺕ ﻋﻠﻴﻪ ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ‪.‬‬
:‫ﻣﻨﺎﺑﻊ ﻭ ﻣﺂﺧﺬ‬
MITM Attack, Chris Sanders
Man-in-the-middle attack, OWASP

Man in The Middle

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Man in The Middle

Uploaded by

Copyright:

Available Formats

‫آﺷﻨﺎﯾﯽ ﺑﺎ ﺣﻤﻼت ﻣﺮدي در ﻣﯿﺎن‬

Introduction to Man-in-the-middle Attacks

Email: whh_iran (AT) yahoo (DOT) com | Blog: Pouya.securitylab.ir

‫ﻣﻘﺪﻣﻪ ﻱ ﺑﺮ ‪۳ ................................................................................................................................................................................................... MITM‬‬

‫ﻣﺴﻤﻮﻡ ﺳﺎﺯﻱ ﺣﺎﻓﻈﻪ ﻛﺶ ‪۵ ............................................................................................................................................................................. ARP‬‬

‫ﻓﺮﻳﺐ ‪۱۳ ......................................................................................................................................................... ....................................................... DNS‬‬

‫ﺭﻭﺵ ﻫﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﻓﺮﻳﺐ ‪۲۰ ............................................................................................................................................................................ DNS‬‬

‫ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ )‪۲۱................................................................................................................................................................. (Session Hijacking‬‬

‫ﺭﻭﺵ ﻫﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ ‪۲۷. ..........................................................................................................................................................................‬‬

‫ﺭﺑﻮﺩﻥ ‪۲۸.................................................................................................................................................................................................................. SSL‬‬

‫ﺭﻭﺵ ﻫﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺭﺑﻮﺩﻥ ‪۳۵ .................................................................................................................................................................... ......... SSL‬‬

‫ﺷﻜﻞ ‪ .۱‬ﻧﻤﻮﻧﻪ ﺗﺼﻮﻳﺮﻱ ﺣﻤﻠﻪ ﺷﺨﺺ ﻣﻴﺎﻧﻲ‬

‫ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪: ARP‬‬

‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻌﻤﻮﻝ ‪: ARP‬‬

‫ﺷﻜﻞ ‪ .۳‬ﻓﺮﺁﻳﻨﺪ ﺍﺭﺗﺒﺎﻁ ‪ARP‬‬

‫ﺭﻭﺵ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪:ARP‬‬

‫ﺷﻜﻞ ‪ .۴‬ﺍﻟﮕﻮﻱ ﺗﺮﺍﻓﻴﻜﻲ ﻋﺎﺩﻱ ﺷﺒﻜﻪ ﻭ ﺳﭙﺲ ﻣﺴﻤﻮﻡ ﺳﺎﺯﻱ ﻛﺶ ‪ARP‬‬

‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪:Cain & Able‬‬

‫ﺷﻜﻞ ‪ .۵‬ﻣﺤﻴﻂ ‪ Sniffer‬ﻧﺮﻡ ﺍﻓﺰﺍﺭ‬

‫ﺷﻜﻞ ‪ .۶‬ﺟﺴﺘﺠﻮﻱ ﺷﺒﻜﻪ ﺑﺮﺍﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻣﻴﺰﺑﺎﻧﺎﻥ‬

‫ﺷﻜﻞ ‪ .۷‬ﺍﻧﺘﺨﺎﺏ ﻗﺮﺑﺎﻧﻲ ﻫﺎ ﺟﻬﺖ ﺷﺮﻭﻉ ﻋﻤﻠﻴﺎﺕ ﻣﺴﻤﻮﻡ ﺳﺎﺯﻱ‬

‫ﺷﻜﻞ ‪ .۸‬ﺗﺰﺭﻳﻖ ﺗﺮﺍﻓﻴﻚ ‪ARP‬‬

‫ﺭﻭﺵ ﻫﺎﯼ ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺴﻤﻮﻡ ﺳﺎﺯﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪:ARP‬‬

‫ﻣﺤﺎﻓﻈﺖ ﺍﺯ ‪) LAN‬ﺷﺒﮑﻪ ﻣﺤﻠﯽ(‪:‬‬

‫ﮐﺪﮔﺬﺍﺭﯼ ﺣﺎﻓﻈﺔ ﮐﺶ ‪:APR‬‬

‫ﺷﻜﻞ ‪ .۹‬ﻣﺸﺎﻫﺪﻩ ﺣﺎﻓﻈﻪ ﻛﺶ ‪ARP‬‬

‫>‪arp –s <IP ADDRESS> <MAC ADDRESS‬‬

‫ﺛﺒﺖ ﺍﻃﻼﻋﺎﺕ ﺗﺒﺎﺩﻝ ﺷﺪﺓ ‪ ARP‬ﺗﻮﺳﻂ ﻳﮏ ﺑﺮﻧﺎﻣﻪ ﺛﺎﻟﺚ‪:‬‬

‫ﺍﺭﺗﺒﺎﻁ ﻣﻌﻤﻮﻝ ‪:DNS‬‬

‫ﻗﺎﺩﺭ ﺑﻪ ﻓﻌﺎﻟﻴﺖ ﻫﺴﺘﻨﺪ‪.‬‬

‫ﺷﻜﻞ ‪ .۱۰‬ﺩﺭﺧﻮﺍﺳﺖ ﻭ ﭘﺎﺳﺦ ‪DNS‬‬

‫ﺷﻜﻞ ‪ .۱۱‬ﺑﺴﺘﻪ ﻫﺎﻱ ﺩﺭﺧﻮﺍﺳﺖ ﻭ ﭘﺎﺳﺦ ‪DNS‬‬

‫ﺷﻜﻞ ‪ .۱۲‬ﺍﺭﺳﺎﻝ ﺩﺭﺧﻮﺍﺳﺖ ﻭ ﭘﺎﺳﺦ ﺍﺯ ﻣﺸﺘﺮﻱ ﺑﻪ ﺳﺮﻭﺭ ﻭ ﺍﺯ ﺳﺮﻭﺭﻱ ﺑﻪ ﺳﺮﻭﺭ ﺩﻳﮕﺮ‬

‫ﻓﺮﻳﺐ ﺩﺍﺩﻥ ‪:DNS‬‬

‫ﺷﻜﻞ ‪ .۱۳‬ﺣﻤﻠﻪ ﺑﻪ ﺭﻭﺵ ﻓﺮﻳﺐ ‪ DNS‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻳﺐ ﺷﻨﺎﺳﻪ ‪DNS‬‬

‫‪C:\Program Files (x86)\EttercapNG\share\etter.dns‬‬

‫ﺷﻜﻞ ‪ .۱۴‬ﺍﺿﺎﻓﻪ ﻛﺮﺩﻥ ﻳﻚ ﻭﺭﻭﺩﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ‪ DNS‬ﻓﺮﻳﺐ ﺩﺍﺩﻩ ﺷﺪﻩ ﺑﻪ ‪etter.dns‬‬

‫‪-T‬‬ ‫ﮐﺎﺭﺑﺮﺩ ﺗﺮﻣﻴﻨﺎﻝ ﻣﺘﻨﯽ ﺭﺍ ﻧﺸﺎﻥ ﻣﯽ ﺩﻫﺪ‬

‫‪-P dns_spoof‬‬ ‫ﻧﺸﺎﻥ ﺩﻫﻨﺪﻩ ﻱ ﻛﺎﺭﺑﺮ ﭘﻼﮔﻴﻦ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻥ ﺍﺳﺖ‬

‫‪// //-‬‬ ‫ﻛﻞ ﺷﺒﻜﻪ ﺭﺍ ﺑﻪ ﻋﻨﻮﺍﻥ ﻫﺪﻑ ﺣﻤﻠﻪ ﺗﻌﻴﻴﻦ ﻣﻲ ﻛﻨﺪ‬

‫ﺩﺳﺘﻮﺭ ﺯﻳﺮ‪ ،‬ﺁﺧﺮﻳﻦ ﺩﺳﺘﻮﺭ ﺍﺟﺮﺍﻳﯽ ﺩﺭ ﺣﻤﻠﺔ ﻣﺎ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪:‬‬

‫‪Ettercap.exe –T –q –P dns_spoof –M arp // //‬‬

‫ﺷﻜﻞ ‪ .۱۶‬ﻧﺘﻴﺠﻪ ﻳﻚ ﺣﻤﻠﻪ ﺍﺯ ﻧﻮﻉ ﻓﺮﻳﺐ ‪ DNS‬ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﻗﺮﺑﺎﻧﻲ‬

‫ﺭﻭﺵ ﻣﻘﺎﺑﻠﻪ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺕ ‪:DNS‬‬

‫ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ )‪:(Session Hijacking‬‬

‫ﺷﻜﻞ ‪ .۱۷‬ﻳﻚ ﺟﻠﺴﻪ ﻋﺎﺩﻱ‬

‫ﺷﻜﻞ ‪ .۱۸‬ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ‬

‫ﺭﺑﻮﺩﻥ ‪ cookie‬ﻫﺎ ﺗﻮﺳﻂ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﯼ ‪ Hamster‬ﻭ ‪: Ferret‬‬

‫ﺷﻜﻞ ‪ .۱۹‬ﺭﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﻛﻪ ﻗﺼﺪ ﻭﺭﻭﺩ ﺑﻪ ‪ Gmail‬ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﺩ‬

‫ﺷﻜﻞ ‪ .۲۰‬ﭘﺮﺩﺍﺯﺵ ﻓﺎﻳﻞ ﺩﺯﺩﻳﺪﻩ ﺷﺪﻩ ﺗﻮﺳﻂ ‪Ferret‬‬

‫ﺷﻜﻞ ‪ .۲۱‬ﺍﺟﺮﺍﻱ ﺑﺮﻧﺎﻣﻪ ‪Hamster‬‬

‫ﺷﻜﻞ ‪ .۲۲‬ﺗﻐﻴﻴﺮ ﺗﻨﻈﻴﻤﺎﺕ ﭘﺮﺍﻛﺴﻲ ﺟﻬﺖ ﺍﺳﺘﻔﺎﺩﻩ ﭘﺮﺍﻛﺴﻲ ﺑﺎ ﺑﺮﻧﺎﻣﻪ ‪Hamster‬‬

‫ﺷﻜﻞ‪ GUI .۲۳‬ﻣﺮﺑﻮﻁ ﺑﻪ ﺑﺮﻧﺎﻣﻪ ‪Hamster‬‬

‫ﺷﻜﻞ‪ .۲۴‬ﻳﻚ ﺁﺩﺭﺱ ‪ Gmail‬ﻛﻪ ﺑﺎ ﻣﻮﻓﻘﻴﺖ ﺩﺯﺩﻳﺪﻩ ﺷﺪﻩ‬

‫ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺣﻤﻼﺕ ""ﺭﺑﻮﺩﻥ ﺟﻠﺴﻪ""‪:‬‬

‫ﺷﻜﻞ ‪ .٢٥‬ﭘﺮﻭﺳﻪ ﺍﻣﻨﻴﺖ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ‪HTTPS‬‬

‫‪ .۱‬ﻣﺮﻭﺭﮔﺮ ﮐﺎﺭﺑﺮ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ ،HTTP‬ﺑﻪ ﺁﺩﺭﺱ ‪ http://mail.google.com‬ﺩﺭ ﭘﻮﺭﺕ ‪ ۸۰‬ﻣﺘﺼﻞ ﻣﯽ ﺷﻮﺩ‪.‬‬

‫ﮐﺎﺭﺑﺮ ﺑﻪ ﺁﺩﺭﺱ ‪ https://mail.google.com‬ﺩﺭ ﭘﻮﺭﺕ ‪ ۴۴۳‬ﻣﺘﺼﻞ ﻣﯽ ﺷﻮﺩ‪.‬‬ ‫‪.۳‬‬

‫ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﻣﯽ ﺑﺎﺷﺪ‪.‬‬

‫‪ .۶‬ﺍﺭﺗﺒﺎﻁ ﺭﻣﺰﺩﺍﺭ ﺑﺮﻗﺮﺍﺭ ﻣﯽ ﮔﺮﺩﺩ‪.‬‬

‫ﺷﻜﻞ ‪ .۲۶‬ﺭﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ‪HTTPS‬‬

‫‪ .۱‬ﺍﻃﻼﻋﺎﺕ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺑﻴﻦ ﮐﺎﺭﺑﺮ ﻭ ﺳﺮﻭﺭ ﺭﺑﻮﺩﻩ ﻣﯽ ﺷﻮﺩ‪.‬‬

‫‪ .۲‬ﺯﻣﺎﻧﻴﮑﻪ ‪ URL‬ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﮏ ‪ HTTP‬ﺑﺎ ‪ sslstrip‬ﻣﻮﺍﺟﻪ ﮔﺮﺩﺩ‪ ،‬ﺁﻧﺮﺍ ﺑﺎ ﻳﮏ ﻟﻴﻨﮏ ‪ HTTP‬ﺗﻌﻮﻳﺾ ﻧﻤﻮﺩﻩ ﻭ‬