mitm - dvanmosselbeen/security-cheat-sheet GitHub Wiki
Man in the middle attacks are attacks where you are in between the victim and the destination. There are different methods to be the man in the middle.
Being in the middle allows you for example to sniff all the data and hopefully gather some interesting information.
ARP spoofing attacks have 3 main reasons: Denial-of Service, Session hijacking, Man-in-the-Middle. Read more here: https://en.wikipedia.org/wiki/ARP_spoofing and here: https://www.indusface.com/blog/protect-arp-poisoning/
Note that modern systems, or systems that are protected against arp spoof will detect arp spoofing, and even prevent this. Also note that arp spoofing can be seen with Wireshark
for example. So arp spoofing can be very obvious on networks that are monitored.
Note that you need to activate port forwarding on your machine. Otherwise, it will block the traffic and not forward it to the target machine. If not enabled, this become some sort of Denial of Service attack for the target machine.
echo 1 > /proc/sys/net/ipv4/ip_forward
If you don't know what devices are connected to the network, make use of netdiscover
! See here for more information.
Syntax:
arpspoof -i <interface> <victime> <router>
arpspoof -i <interface> <router> <victim>
Example:
arpspoof -i eth0 -t 10.0.2.5 10.0.2.1
arpspoof -i eth0 -t 10.0.2.1 10.2.5
- Static ARP Entry - You can set up a static arp entry instead of a by default dynamic one.
- Packet Filtering - Like snort can do. More info here: https://github.com/eldondev/Snort/blob/master/doc/README.arpspoof
- Encryption - By making use of secured protocols like HTTPS, SSH etc. Data is encrypted this way.
- VPNs - Make use of a Virtual Private Network, that's nice for individuals who are abroad, or using Free, or public Wi-Fi. This option is not doable inside a corporate network. Well, when employers are outside the companies network, then for sure it is a protection layer. If you don't have a VPN system set up, and you need to exchange sensible data in a public area, you are probably more safe to make use of a mobile hotspot with your mobile. This way it is less likely there's someone in the middle. Although this is absolutely not a solution nor still secure, just a safer method than using public Wi-Fi.
- Qualitative router - Some routers and switches have a build in detection and ARP poisoning prevention system.
-
xarp
for example is a tool for on Windows.
This consist at tapping with some hardware device on a network.
On the website https://hak5.org you can find for example a few TAP devices. For example the Packet Squirrel.
You can read more on the dedicated Network tap Wikipedia website.