Jump to content

Would this MITM attack be possible?

M47H3W

By M47H3W
in Questions

 Share

Recommended Posts

M47H3W Newbie

M47H3W

Posted
Posted

I am wondering if this would be possible. Lets say that I have a server in my home and it is properly port forwarded and everything which means that the website can be accessed outside of the network. My question is, if I am inside the same network as the server, is it possible to MITM that server so that when someone outside of the network logs in with the website, I can capture the login data?

Link to comment
Share on other sites
M47H3W Newbie

M47H3W

Posted
  • Author
Posted (edited)

You would probably need to forward the port from your router to the attacker machine and then from there to the server. You could probably even write your own proxy server in C or Python to capture all of the traffic.

I can definitely edit the port forward settings, but will that disrupt the server/service if my attacker machine goes offline?

Edited by M47H3W
Link to comment
Share on other sites
i8igmac Newbie

i8igmac

Posted
Posted

My question is probably rather silly but if it is your server on your network why wouldn't you just login to the database and get the login creditials from there?

I was thinking the same thing.... if a person had access to the machine, u could configure the use of a proxy located on another machine...

With out physical access to the web server, then mitm is necessary... you must then become the router...

Link to comment
Share on other sites
M47H3W Newbie

M47H3W

Posted
  • Author
Posted

My question is probably rather silly but if it is your server on your network why wouldn't you just login to the database and get the login creditials from there?

My goal is to capture the traffic without tampering with the server but with the network instead.

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted

Well, in the simplest of terms the router and the server are communicating within the local network and you want to MITM that. It really is that simple. So you ARP poison the router to get it to identify your machine as the one who has the real server's IP. Your biggest problem will be that out of all the machines on the network the one most likely to be hardened against ARP spoofing will be the router, simply because it, by virtue of the port forwarding setup and likely integration of IP mappings for fixed machines, is the definitive source for information on which mac has which IP address.

Link to comment
Share on other sites
Bitbot17 Newbie

Bitbot17

Posted
Posted (edited)

i remember a program called cain & able (one of the coolest programs i ever used) back in the day it was easy to use you i just installed the program and you could get a lot of information on what was happening on the network, but that was like 5 years ago. not sure if it works today

USE AT YOUR OWN RISK!

Edited by Bitbot17
Link to comment
Share on other sites
i8igmac Newbie

i8igmac

Posted
Posted (edited)

follow arpspoof tutorial... install the suite by apt-get install dsniff

arpspoof 192.168.0.1 -t 192.168.0.111

arpspoof 192.168.0.111 -t 192.168.0.1

192.168.0.1= router

192.168.0.111=server

enable ip forwarding on your distro.

Then use some ip tables to control all traffic on port 80, 8080, 443 to a proxy like squid...

learn it...

Edited by i8igmac
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...