vailixi Posted September 17, 2015 Share Posted September 17, 2015 I had this prettty nifty tool called Suberfuge a while back. It has a pretty nifty web interface and a cool code injection module that you can use metsploit. The problem is it doesn't seem to work anymore. There were some tools like hamster, ferret, ettercap, and firesheep that did this a while back. I'm not sure if any of those are really working. I tried messing around with ettercap but I got a lot of errors. Not sure if I have etter.conf correct. Anybody still using ettercap? I know there had been some improvements to SSL that rendered SSL strips non-functional. Then SSL split came about as a replacement. I'm not really sure how a lot of newer MITM stuff works. I'm also not really up on the technical aspect of ip forwarding and whatnot. But I'm serious about learning it. Anybody want to talk me point me in the way of some still working tutorials or talk through some attacks? What I'm curious about: Capturing credentials spoofing DNS and directing people to websites to harvest credentials Spoofing so the target machine thinks my payload is an update or something else trusted. Any of you guys doing this on the regular these days? Quote Link to comment Share on other sites More sharing options...
IvanDoe Posted September 17, 2015 Share Posted September 17, 2015 (edited) Try https://github.com/byt3bl33d3r/MITMf or https://github.com/evilsocket/bettercap I have tried both, mitmf has alot of plugins, i even made a web ui for mitmf that collects data via xss/php/mysql > https://github.com/ivangr0zni/mitm-grabb3r Edited September 17, 2015 by IvanDoe Quote Link to comment Share on other sites More sharing options...
digip Posted September 17, 2015 Share Posted September 17, 2015 Hamter and Ferret, as well as Cain still work on the windows side. Linux, same, as well as many other tools, although you have a lot of them to choose from compared to windows. It's a matter of targets, wireless usually being the easier to attack, while wired, almost always gets hosed up quicker if not right away depending on the equipment. You can somewhat defeat arp attacks and hang the network in the process if you use static entries everywhere on the lan though, and depending on the setup, even when correctly spoofed, sticky ports on equipment can thwart you if the device sees the same mac address on more than one port, it will only honor the first known port and block the second one. This is why wireless arp spoofing attacks work so well since there are no real checks other than nodes using static entries for arp. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted September 17, 2015 Share Posted September 17, 2015 Hamter and Ferret, as well as Cain still work on the windows side. Linux, same, as well as many other tools, although you have a lot of them to choose from compared to windows. It's a matter of targets, wireless usually being the easier to attack, while wired, almost always gets hosed up quicker if not right away depending on the equipment. You can somewhat defeat arp attacks and hang the network in the process if you use static entries everywhere on the lan though, and depending on the setup, even when correctly spoofed, sticky ports on equipment can thwart you if the device sees the same mac address on more than one port, it will only honor the first known port and block the second one. This is why wireless arp spoofing attacks work so well since there are no real checks other than nodes using static entries for arp. The stuff of nightmares. Quote Link to comment Share on other sites More sharing options...
vailixi Posted September 17, 2015 Author Share Posted September 17, 2015 Try https://github.com/byt3bl33d3r/MITMf or https://github.com/evilsocket/bettercap I have tried both, mitmf has alot of plugins, i even made a web ui for mitmf that collects data via xss/php/mysql > https://github.com/ivangr0zni/mitm-grabb3r Trying out some of these. bettercap seems to be working just fine. Where does the -X option write the captured data to? Quote Link to comment Share on other sites More sharing options...
digip Posted September 17, 2015 Share Posted September 17, 2015 Trying out some of these. bettercap seems to be working just fine. Where does the -X option write the captured data to? Look in the source? if not specificed, most likely the same directory as the script, although you can try using a path to a file instead. -O is output from what this looks like, but can set a pcap file path as well. haven't tried it or use the tool yet, just looking at: https://github.com/evilsocket/bettercap/blob/master/bin/bettercap Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.