Jump to content

Man in the middle attacks


StarchyPizza
 Share

Recommended Posts

I watched the Hak5 video and I followed it step by step but of course there is always that one problem in between.

I got up to the point with Cain & Abel where you have to "sniff" and I only get one IP that it find when connected to my network either wireless or wired.

Then when I use this one IP in APR poisoning it doesnt let me use it.

Pic1.jpg

Pic2.jpg

Link to comment
Share on other sites

Zone Alarm will block ARP redirects. I always have to turn mine off when doing MITM attacks with Cain. Also, Cain works best on wireless, not wired networks. I fyou only find one address, IE: the router, use the other tests when scanning. There are check boxes you can select all or inidividual tests, but usually once you disable Zone Alarm, MITM works fine with cain.

Link to comment
Share on other sites

Also, Cain works best on wireless, not wired networks.

It's acsually the other way around.

Wireless doesn't have to be aware of ARP at all, so an ARP poisoning attack may not even be 'physically' possible on a wireless network. Not that it has to be in order to attack clients of the wireless network.

Link to comment
Share on other sites

It's acsually the other way around.

Wireless doesn't have to be aware of ARP at all, so an ARP poisoning attack may not even be 'physically' possible on a wireless network. Not that it has to be in order to attack clients of the wireless network.

Well, I have a switch that when I try to use Cain on it, nothing will work afterwards. I have to then reset all the PC's connections to talk to the switch again afterwards. Never had much luck with it on wired networks.

As far as Cain on wireless, I use it all the time to do MITM attacks on Wireless networks. It does this by way of an Arp Poison attack, so I don't know what you mean by -- "ARP poisoning attack may not even be 'physically' possible on a wireless network" --

I can see where it doesn't work on "wired" network switches though...

Link to comment
Share on other sites

As far as Cain on wireless, I use it all the time to do MITM attacks on Wireless networks. It does this by way of an Arp Poison attack, so I don't know what you mean by -- "ARP poisoning attack may not even be 'physically' possible on a wireless network" --

Would you mind posting/pm'ing on how you got it to work wireless-ly because that is what would be most useful to me.

Link to comment
Share on other sites

Wireless networks work just like a HUB (as opposed to a switch). HUBs are stupid and don't know how to direct traffic (i'd like to see a AP try to direct traffic lol), so they send it every where (much like broadcast traffic, except for all traffic rather than just broadcast traffic). The only way a ARP poison attack will work is if the AP is also attached to a switch (which is often the case).

Ultimately the attack is the same as been done one a wired network except you more than double (it's probably closer to triple) the traffic on the wireless network.

Link to comment
Share on other sites

Would you mind posting/pm'ing on how you got it to work wireless-ly because that is what would be most useful to me.

Under Cain, there is a tab to scan for wireless networks. It looks like Netstumbler to some degree. It doesn't allow you to conenct to them, but only shows you what it can find. If you don't see any access points under this tab screen, you are not set up properly to see wireless traffic.

Few things. 1, are you associated with the wireless access point you want to sniff on. I mean, can you get online and surf the net from this access point. Make sure you can do this first. If not, that will be something you need to do before you can use cain.

2, once on the access point, open cain and turn on sniffing. Make sure under the preferences that you select your correct wireless card.

3, when you do a scan you should see the router and any attached users to the system. If you only see the router, then chances are there are no other people on the router and you can't go any further without a target. Use the scan that does all the tests and let it finish. If it only finds the router, there are no other users on that access point, so disconnect and move on to the next wireless access point. Rinse, repeat until you get multiple users on an access point.

4, Once you have established there are multiple devices on the access point, now you want to go to the APR tab and click in the area that looks like an excel sheet, then the + symbol at the top. It should list your targets. Pick the router and then one of the victims and it adds it to the list to start yoru attack on. Then click the yellow APR icon to initiate the "arp poison routing". Once this is working, open up wireshark or your favorite packet sniffer and you will be able to see ALL the wieless traffic. Cain does capture packets, but it only looks for certain things. I found that when using cain in combo with Wireshark, wireshark finds more stuff, you just have to filter out what it is you want to see.

Anything the user does to encrypt his traffic will thwart you from being able to read it, say like SSL or SSH, but any non-encrypted traffic will be viewable. What sites they go to, what emails they opened, instant messages, logins and apsswords, etc.

If things still do not work, go into the preference and make sure you ar eno tusing a spoofed MAC address. If you use a spoofed mac address, you have to go into yoru wieless card settings and make sure you change it to match whatever the spoofed address it that you use, otherwise, it won't know where to send the packets back to.

edit: Oh, and make sure ZoneAlarm and any firewall software are OFF when doing this. ZA will filter the arp requests and Cain will not see any other users/devices on the network. It will only find your router's IP.

Link to comment
Share on other sites

Okay I still have the same problem and I troubleshooted what you said to change... I don't have a spoofed mac at the moment so that is not the problem. But when I go to prefrences and make sure that my wireless card is selected there is a little note on the bottom that says "Warning:Only ethernet adapter cards supported"

BTW i am running Cain & Abel version 4.9.23

Link to comment
Share on other sites

Okay I still have the same problem and I troubleshooted what you said to change... I don't have a spoofed mac at the moment so that is not the problem. But when I go to prefrences and make sure that my wireless card is selected there is a little note on the bottom that says "Warning:Only ethernet adapter cards supported"

BTW i am running Cain & Abel version 4.9.23

It always says that "Warning:Only ethernet adapter cards supported".

Pick the one that has a valid IP address on the Access Point that you are connected to. Are you testing this on your own router? And are there other devices connected to this router? Either you are not doing something correctly or your card is not compatible with Cain(although I have never ran into a card that didn't work with it). You have the WinPcap driver installed as well, right?

Link to comment
Share on other sites

The good old Cain and Abel.

The pictures showed that you were running on a wireless card.

Then make sure you're not using promiscuous mode...

First thing first, go into -> Configure -> Your NIC -> "Don't use promiscuous mode"

Good luck :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...