Network Vulnerabilities: Man in the Middle - Paiet/SEC-335 GitHub Wiki

  • Man-in-the-middle
    • ARP spoofing
    • Replay
      • Repeat a captured transmission for malicious purposes
        • Captured password/token/hash
          • DEMO: bWAPP session cookie replay
            1. Start Burp and turn off Intercept
            2. Login to bWAPP as bee
            3. Start Wireshark
            4. From target machine, login as A.I.M.
            5. Copy AIM's cookie from Wireshark capture
            6. From Kali, turn on Intercept in Burp
            7. Browse to http://10.0.0.175/bWAPP/portal.php
            8. Change PHPSESSID to AIM's and forward
    • Relay
      • Intercepting target traffic
      • Acting as a malicious proxy server
        • Data can be viewed/manipulated
    • Downgrade
      • Stealthily force use of weak/no encryption
    • SSL Stripping
      • Removes SSL/TLS
        • MITM with arpspoof and sslstrip.py
    • DEMO: MITM Facebook Account Creds
      • Follow instructions from SSLstripHowTo.txt
        • Use IE not Firefox
        • Make sure IE is set to factory defaults
        • Browse to Facebook
        • Sign in
        • cat sslstrip.log > sslout.txt
        • nano sslout.txt
        • You'll see the user/pass creds