{"id":528,"date":"2011-10-24T00:38:21","date_gmt":"2011-10-24T00:38:21","guid":{"rendered":"http:\/\/41j.com\/blog\/?p=528"},"modified":"2011-10-24T00:38:45","modified_gmt":"2011-10-24T00:38:45","slug":"securitytube-wireless-lan-security-megaprimer-notes-part-12-a-man-in-the-middle-attack","status":"publish","type":"post","link":"https:\/\/41j.com\/blog\/2011\/10\/securitytube-wireless-lan-security-megaprimer-notes-part-12-a-man-in-the-middle-attack\/","title":{"rendered":"SecurityTube, Wireless Lan Security Megaprimer notes: part 12 (A Man-In-The-Middle Attack)"},"content":{"rendered":"<p>Vivek&#8217;s video is <a href=\"http:\/\/www.securitytube.net\/video\/1782\">here<\/a>.<\/p>\n<p>In the unencrypted man in the middle attack, we deauth the client from the regular AP and reconnect it to our own fake AP.<\/p>\n<p>We can either connect the client to a new wired (or 3G) internet connection or we can connect back to the real AP.<\/p>\n<p>In our setup we&#8217;re going to get our victim to connect to our fake AP, and then send the traffic out to the internet via a different access point.<\/p>\n<p>We&#8217;ll use the alfa card to create a fake AP. We&#8217;ll use the laptops built in wifi card to connect to our other AP.<\/p>\n<p>0. Setup your network card in VirtualBox\/VMWare, using &#8220;NAT&#8221; is probably your best option.<\/p>\n<p>1. Bring up eth0 in backtrack<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nifconfig eth0 up\r\n<\/pre>\n<p>2. Bring up an access point with SSID SecurityTube<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nifconfig wlan0 up\r\nairmon-ng start wlan0\r\niwconfig wlan0 channel 1\r\nairbase-ng -ssid SecurityTube mon0\r\n<\/pre>\n<p>3. Bridge the interfaces<\/p>\n<p>Run this in a new terminal window:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nifconfig at0 up\r\nbrctl addbr mitm\r\nbrctl show #will show the bridge, but no interfaces added\r\nbrctl addif mitm eth0\r\nbrctl addif mitm at0\r\nifconfig eth0 0.0.0.0 up  #not sure why this is needed!\r\nifconfig at0 0.0.0.0 up\r\n<\/pre>\n<p>If you do ifconfig, you&#8217;ll see a new bridge, mitm. Bring up the interface:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nifconfig mitm\r\ndhclient3 mitm\r\n<\/pre>\n<p>The dhclient command, gets an IP address, this will come from the virtualbox dhcp server.<\/p>\n<p>4. Go to the airbase-ng window. Connect a device to the fake network you created.<\/p>\n<p>The device will get a IP address from VirtualBox.<\/p>\n<p>5. Open up wireshark, start a capture on at0. Open a webpage on your client.<\/p>\n<p>You should see a lot of traffic in wireshark. You should be able to view pages on your client via the laptops internet connect.<\/p>\n<p>All packets have to go though us, this is a little better than passively sniffing cleartext packets and all packets \/MUST\/ go through us.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vivek&#8217;s video is here. In the unencrypted man in the middle attack, we deauth the client from the regular AP and reconnect it to our own fake AP. We can either connect the client to a new wired (or 3G) internet connection or we can connect back to the real AP. In our setup we&#8217;re [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[14,13,12,10,11],"class_list":["post-528","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-pentest","tag-security","tag-securitytube","tag-wifi","tag-wifiprimer"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1RRoU-8w","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/528","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/comments?post=528"}],"version-history":[{"count":2,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/528\/revisions"}],"predecessor-version":[{"id":530,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/528\/revisions\/530"}],"wp:attachment":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/media?parent=528"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/categories?post=528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/tags?post=528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}