Welcome to My Blog KYXRECON Plus+ , My blog is database of Tool's Hacking & all stuff security things & great recource for beginner's & professionals too . . our admins aim collecting exploit's & tools and posting hacking security tutorials & concentrate them in one easy navigate on this database This site written by Kyxrecon .Use it at your own risk. And i am not responsible for any damage /// My Hacking Service Price List -> pastebin.com/raw/3kTqdK0T
[!] tor blog is down -> http://kyxroj5ziov3ic7.onion

Advanced WLAN Attacks: MITM - Spying in the lan with Engine_packet & other tools

Labels:
,

Hi Folks !
This is my tutorial on Man In The Middle attacks .I've tried to explain things in a little more depth than many tutorials out there, so hopefully you will understand what is actually happening rather than just firing off tools at targets and hoping for results.
TODO :
Engine Packet : is just another thing i publish it in another public site ...
urlsnarf :outputs all requested URLs sniffed from HTTP traffic in CLF (Common Log Format, used by almost all web servers), suitable for offline post-processing with your favorite web log analysis tool (analog, wwwstat, etc.).
urlsnarf is written by Dug Song .
urlsnarf OPTIONS :
-n Do not resolve IP addresses to hostnames.
-i interface
-v "Versus" mode. Invert the sense of matching, to select non-matching URLs. Specify the interface to listen on.
pattern Specify regular expression for URL matching.
expression Specify a tcpdump(8) filter expression to select traffic to sniff.
Usage
urlsnarf [-n] [-i interface] [[-v] pattern [expression]]
How to open urlsnarf
For this tool you don't need to go anywhere and  just open the terminal  thats it .
short Introduction Driftnet :
Driftnet - capture images from network traffic and display them in an X window .
Driftnet watches network traffic, and picks out and displays JPEG and GIF images for display.
It is an horrific invasion of privacy and shouldn't be used by anyone anywhere.
Webspy : is an interesting tool from the dsniff family of tools including dsniff (password sniffer),
arpspoof (ARP poisoning tool), dnsspoof (DNS spoofing tool), msgsnarf (view messages from IM clients),
mailsnarf (view email messages), tcpkill (kill tcp connections on a local LAN), tcpnice (force other
connections to "play nice" with their tcp connections) and webspy (view a targets web
browsing in real time). When properly setup it will intercept web browsing requests from the victim
and display them in the attackers web browser in real time. This post will show you how to run webspy
successfully. I am assuming a basic knowledge of the Unix command shell in addition to......
reading the entire man pages for all of the applications listed in this write up.
Install the tools :
Installing ettercap on Linux
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
sudo apt-get install zlib1g zlib1g-dev
sudo apt-get install build-essential
sudo apt-get install ettercap
For installing ettercap-graphical, use the command :
sudo apt-get install ettercap-graphical


For installing ettercap-text only, use the command :

sudo apt-get install ettercap-text-only

- After the installation is done, you can open ettercap in different modes. For opening ettercap in graphic mode, use :

sudo ettercap -G

For text mode, use
sudo ettercap -T
To read about ettercap and its different modes, you can use :

man ettercap
Enable IP Forwarding :
Most Linux distros do not have IP forwarding enabled by default, and Kali/Backtrack are no exceptions! To allow traffic to flow through our machine, IP forwarding needs to be enabled. Open a terminal and run the following command;
echo 1 > /proc/sys/net/ipv4/ip_forward

Add an IPTables Rule to Redirect Traffic to SSLStrip :
This adds an IPTables rule so that our machine knows how to handle incoming traffic from the victim. The following rule will take any traffic originally destined for port 80 (HTTP, web traffic) and redirect it to port 8080, which SSLStrip will be running on.

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

You may be thinking - "Wait a minute. HTTPS traffic uses port 443, and we're only intercepting traffic that uses port 80. How can we intercept HTTPS traffic?"

It's a perfectly valid question, I've seen it asked on many forums. To understand the answer, you must take a look at how SSLStrip works. 

Another things need to confgure ...
config of etter dns file 
microsoft.com      A   192.168.1.3
*.micosoft.com    A   192.168.1.3
www.microsoft.com  PTR 192.168.1.3      # Wildcards in PTR are not allowed
  # if you use iptables:
   redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %$
   redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport $

Watch my Demo video here ...

Posted by Unknown at 6:03:00 AM  

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

CHATBOX



Cont@ct

Name

Email *

Message *