Security
20 June 2011 4 Comments

Man-In-The-Middle Attacks With Ettercap

Introduction

This post explains how to execute a man-in-the-middle attack on Linux. Only the actual attack is described here. The mechanisms of ARP poisoning and man-in-the-middle attacks are explained in a different post.

A man-in-the-middle attack. It can be achieved in various ways, but MITM through ARP  poisoning is a common method.

In this post we demonstrate a MITM with the Ettercap tool. Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN, and pretty much the Swiss army knife of ARP poisoning. Every security researcher should include it in his toolbox, and it is included in the Backtrack Linux distribution. Ettercap features a pretty nice GUI, but in this post we only use the text mode.

Command Syntax

The ettercap program has the following syntax:

ettercap [OPTIONS] [TARGET1] [TARGET2]

The targets can be IPs and MACs, and specific TCP and UDP ports can also be targetted. A simple description of the TARGET1 and TARGET2 syntax is given below. Read the target specification section on the man page for details.

TARGET is in the form MAC/IPs/PORTs. 
 
If you omit any of the parts, it means a wildcard is used for that part.
 
Examples:
//80         means ANY

Tags: , , ,
Linux
18 June 2011 1 Comment

Packet Crafting on Linux Using Scapy

Introduction

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It is written in the Python, and is installed by default on Backtrack 4+. On Ubuntu it can be installed using this command:

sudo apt-get install scapy

The official scapy documentation is located here, and you may also need a Python Cheat Sheet.

Scapy Basics

Execute scapy at the command-line to run the Python interpreter with the scapy libraries loaded.

Start up scapy and run the ls() command. This will list all supported packet types.

$ scapy
Welcome to Scapy (2.0.0.5 beta)
>>> ls()
ARP        : ARP
ASN1_Packet : None
BOOTP      : BOOTP
CookedLinux : cooked linux
DHCP       : DHCP options
...more

List all available functions using lsc():

>>> lsc()
 sr               : Send and receive packets at layer 3
 sr1              : Send packets at layer 3 and return only the first answer
 srp              : Send and receive packets at layer 2
 srp1             : Send and receive packets at layer 2 and return only the first answer
 srloop           : Send a packet at layer 3 in loop and print the answer each time

The ls() command can do much more. Show the contents of the IP structure with ls(IP)

Tags: , , , , lsc, packet crafting, packet generator, , scapy