Parrot Community

Community portal of the Parrot Project.

You are not logged in.

Announcement

Welcome Aboard Pirate!

Support us on Patreon and contribute to our project!

HappyHacking!

#1 2017-05-14 10:23:06

Rebian
Community Member
From: Netherlands
Registered: 2017-02-12
Posts: 21

Lets get to the real thing, MITM

Hello all,
On the forum, I mainly see questions about how to install parrot-os and problems with it.
Then many people try to hack wifi first. But what do we do when we are on a network?

The most logical step is an Man In The Middle (MITM) attack.
Who has already gained some experience here and what tools have you used for this attack?

I'm curious how you work.


Greetings, Rebian

Offline

#2 2017-05-16 11:30:15

palinuro
Parrot Project Founder
From: Italy
Registered: 2017-02-11
Posts: 238
Website

Re: Lets get to the real thing, MITM

want to have fun with MITM attacks? start using bettercap


Lorenzo "Palinuro" Faletra - Parrot Security

GPG FINGERPRINT: B350 5059 3C2F 7656 40E6 DDDB 97CA A129 F4C6 B9A4
GPG Info: http://pgp.mit.edu/pks/lookup?op=vindex … 29F4C6B9A4
GPG Key: http://pgp.mit.edu/pks/lookup?op=get&se … 29F4C6B9A4

Offline

#3 2017-05-23 17:32:39

Motionless
Community Member
Registered: 2017-05-21
Posts: 12

Re: Lets get to the real thing, MITM

Rebian wrote:

Hello all,
On the forum, I mainly see questions about how to install parrot-os and problems with it.
Then many people try to hack wifi first. But what do we do when we are on a network?

The most logical step is an Man In The Middle (MITM) attack.
Who has already gained some experience here and what tools have you used for this attack?

I'm curious how you work.


Greetings, Rebian

As palinuro said ettercap is good.The best is Mitmf.Also try Bettercap.Wireshark,tcpdumb,etherape,dnsspoof netsniff-ng sslsniff and many more.And for spoofing again mitmf dnsspoof arpspoof sslsplit sslstrip and many more.Also github has a lot of tools for sniffing spoofing or mitm.Google or see some yotuube videos.And you can do some stuff with Windows.Hope i helped a bit.

Last edited by Motionless (2017-05-23 17:33:34)

Offline

#4 2017-07-08 13:20:39

pcnoic
Unconfirmed Member
Registered: 2017-07-08
Posts: 1

Re: Lets get to the real thing, MITM

Actually, MITM (basically all forms of sniffing and routing traffic through a compromised machine) attacks is just another tool that you will find useful in some scenarios. First of all find a purpose. If you just want to mess around with the network users there are more fun ways such as changing the DNS server addresses or trying to bypass with firewall of the Windows machines connected and execute a script. All sorts of things.

MITM is not actually the real thing, but finding a cause, is.

Offline

#5 2017-07-23 16:56:08

iDontExist
Community Member
Registered: 2017-07-23
Posts: 5

Re: Lets get to the real thing, MITM

Hi,

I have had a few experiences with a few tools. One of the first tools I started to use was Cain & Abel, which helped me understand the concept of placing yourself between the communications and sniff the traffic from there.

One tool I really recommend for these sorts of attacks are bettercap or even the good old wireshark.

hope this helps!

Offline

#6 2017-09-12 08:54:09

xhnz
Community Member
Registered: 2017-09-12
Posts: 3

Re: Lets get to the real thing, MITM

Start with the HT-WPS script ..  it's a bit outdated, but does MIM. (search on Git Hub)
Wifi-pumkin can do some serious damage ..faking AP's, providing dummy encryption.

In any case :-) get a decent/2nd network/wifi card ..that's "the real thing", for "MITM".


Running Parrot since 2015 on ChromeBooks/MacBooks/MacPro.
Liked the Parrot startup-sound, which is recently missing >:-()

Offline

#7 2017-10-17 16:53:59

PoshMagiC0de
Community Member
Registered: 2017-07-06
Posts: 38

Re: Lets get to the real thing, MITM

Bettercap is a better start for a newbie.
I place MiTMf second but you will have to git it from their repo.  The one is Kali doesn't work due to twisted and the author doesn't support it that much.  I added it here because it had module Bettercap doesn't like HTA injection and support for Backdoor-factory to patch binaries in download to the client.  Silent Squirrel did mention he was going to try and transpose the project to Ruby so it can be used in Bettercap so we will see on that.  I also like it because it is in Python so I can modify it if I have to.  Cons to it is you have to go git it from github and the second is you should run it in a python virtual environment.  So, difficulty raises.

Last thing to do is do it manually.  Add forwarding, add iptable rules to forwarding packets, use arpspoof to begin the mitm attack, use sslstrip to strip and capture in a log, use tcpdump, tshark, wireshark to capture and examine packets.  Write something in python scapy to manipulate contents in traffic.

The first few will get you started,  the last will get you the understanding on how and why it works.

Offline

Board footer

Powered by FluxBB

Design by Klocek.