How can we be MAN-IN-MIDDLE using MITMF

How can we be MAN-IN-MIDDLE using MITMF

The man-in-the middle attack intercepts a communication between two systems. For example, in an HTTP transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.

The MITM attack is very effective because of the nature of the http protocol and data transfer which are all ASCII based. In this way, it’s possible to view and interview within the HTTP protocol and also in the data transferred. So, for example, it’s possible to capture a session cookie reading the http header, but it’s also possible to change an amount of money transaction inside the application context.

15fig06

To be the Man-In-Middle what attacker does is

  1. Tell the target client that i am the router
  2. Tell the Accesspoint that i am the client.
  3. Enabling the IP forward to allow packets to flow through our device without being dropped.

So that each and every packet or a request that is generated from the client or target system will flow through his device . And attacker able to stop the request for a while and see what is in it. This is how Man-In-Middle attack works.

This is a very dangerous attack the attacker can see what you are browsing on the the Internet and even passwords . And this is simple but being a Man-In-Middle he can compromise your whole system.

To do this there are many ways , But there a tool named MITMF which is pretty good which puts you as a man in the middle with a single command.

MITMF

Man-In-Middle-Framework it a tool which is fully automated , you don’t need to do SSL striping separately . It includes many, many different tools to help you with MITM attacks.

DOWNLOAD: https://github.com/byt3bl33d3r/MITMf

It is having many functions like injecting scripts, screenshot , key-logger , dns spoofing and many more.

Usage of MITMF

mitmf –arp –spoof –gateway [gateway ip] –targets [target ip] -i [interface]

h

To add plugins

mitmf –arp –spoof –gateway [gateway ip] –targets [target ip] -i [interface] –jskeylogger

h1

For more plugins

mitmf –help

There are many more things that you can do with this.

Note: we can’t use these attacks on some popular websites like facebook,twitter etc..
because they use some called HSTS which will be not allowed by the browser.
It is a hard coded data which is stored in the browser and instructed not to allow the
https to http conversion for certain websites. And it work on the old browsers.

But ssl strip v2.0 can  convert https to http even it is using HSTS .

This article is only for Educational purpose , I am not responsible for any illegal activities. Do not break into devices that you don’t have permission.
If you think this article is helpful please let me know on the comments below. And Share as much as possible. Thank you 🙂

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s