Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

15
Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy

TAGS:

Transcript of Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

Page 1: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

Introduction

MITM 101Easy Traffic Manipulation Techniques Using

Scapy

Page 2: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

Introduction

Bob Simpson@bobby_simpson

Bob Simpson has fun researching security…

and is CIO for Finley & Cook, PLLC, and inventor of GhostSentry, a technology that uses MITM techniques for good purposes.

Page 3: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

What is MITM?

MITM (aka MiTM, MitM, etc.)

• NOT just sniffing

• Involves getting in the middle of a two-way conversation

• Often explained as Alice talking to Bob, with Mallory in the middle convincing Alice that she’s Bob, and Bob that she’s Alice.

Picture from https://en.wikipedia.org/wiki/Man-in-the-middle_attack

Page 4: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

What is MITM?

Let’s do it!

[ DEMO ]

Picture from https://en.wikipedia.org/wiki/Man-in-the-middle_attack

Page 5: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

What do we get?

• What do we get?• Reconnaissance (fingerprinting)• NTLM capture, relay, escalation, redirection• SSL bypass• Steal and/or break credentials• Or, simple redirection ( … and the resulting

software download, browser exploit, etc)

Page 6: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

What do we get?

• What do we get?• Pwnage!!!

Page 7: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

How is it done?

Google it:• Tools:

• Ettercap, Cain and Abel, Arpspoofing, mitmf, websploit, Burp suite, SSL Strip, middler, Fiddler2, Subterfuge, DSniff, wsniff, and commercial stuff (Hack5’s new LanTurtle)

• Methods:

• ICMP redirect, STP Mangling, Route mangling, imposter domains and URLs

• Attacking local systems

• ARP, DNS, STP, hardware

• Attacking remote systems

• DNS, route mangling, proxy and tunneling

Page 8: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

How is it done?

Why easy is good:

From the DEF CON

ROOTZ Asylum

area:

Page 9: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

Let’s do it!

Our Setup:• Tools:

• Scapy (packet manipulation for Python)

• NFQUEUE (bindings for netfilter queue)

• Method:

• Bridging

Page 10: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

Basic Method

• Preparation:• Ubuntu 14.04 (or your own flavor)• Apt-get install bridge-utils, scapy, python-

nfqueue• Execution:• Follow the three steps:

1. Create a Bridge2. Redirect Packets to Scapy3. Mangle to your hearts content

Page 11: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

Basic Method

Let’s do it!

[ DEMO ]

Page 12: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

Summary

• Preparation• Ubuntu 14.04 (or your own flavor)• Apt-get install bridge-utils, scapy, python-

nfqueue• Execution• Follow the three steps:

1. Create a Bridge2. Redirect Packets to Scapy3. Mangle to your hearts content

Page 13: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

Summary

Google Scapy and NFQUEUE for great tutorials

Page 14: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

Q&A

What would you like to know?

Page 15: Introduction MITM 101 Easy Traffic Manipulation Techniques Using Scapy.

The End

Bob Simpson@bobby_simpson


Scapy Documentation - Packetlevel.ch · 2009-12-12 · CHAPTER ONE INTRODUCTION 1.1About Scapy Scapy is a Python program that enables the user to send, sniff and dissect and forge

Scapy Documentation - Packetlevel.ch · 2009-12-12 · CHAPTER ONE INTRODUCTION 1.1About Scapy Scapy is a Python program that enables the user to send, sniff and dissect and forge

Network packet manipulation with Scapy - SecDev.org · nmap, xprobe, p0f, cron-OS, queso, ikescan, amap, ... Philippe BIONDI Network packet manipulation with Scapy. Problematic Scapy

Network packet manipulation with Scapy - SecDev.org · nmap, xprobe, p0f, cron-OS, queso, ikescan, amap, ... Philippe BIONDI Network packet manipulation with Scapy. Problematic Scapy

Scapy Pacsec05.Handout

Scapy Pacsec05.Handout

Network packet manipulation with Scapy -

Network packet manipulation with Scapy -

MITM attack demov2

MITM attack demov2

MITM Cisco

MITM Cisco

Network packet forgery with Scapy - · PDF fileProblematic Scapy Network discovery and attacks Network packet forgery with Scapy Philippe BIONDI phil(at)secdev.org / philippe.biondi(at)eads.net

Network packet forgery with Scapy - · PDF fileProblematic Scapy Network discovery and attacks Network packet forgery with Scapy Philippe BIONDI phil(at)secdev.org / philippe.biondi(at)eads.net

scapy - Computer Sciencecobweb.cs.uga.edu/~perdisci/CSCI4760-F16/Slides/Scapy-Bo.pdf · What is Scapy • Scapy is a packet manipulation tool for computer networks. • forge or decode

scapy - Computer Sciencecobweb.cs.uga.edu/~perdisci/CSCI4760-F16/Slides/Scapy-Bo.pdf · What is Scapy • Scapy is a packet manipulation tool for computer networks. • forge or decode

Network packet forgery with Scapy - PacSec · Philippe BIONDI Network packet forgery with Scapy 26/109. Problematic Scapy Network discovery and attacks Concepts Quick overview High-level

Network packet forgery with Scapy - PacSec · Philippe BIONDI Network packet forgery with Scapy 26/109. Problematic Scapy Network discovery and attacks Concepts Quick overview High-level

MITM Attacks on HTTPS: Another Perspective · - A. stops the MitM attack 4. JS can interact with HostA in a usual way Browser knows nothing about MitM! ... MITM Attacks on HTTPS:

MITM Attacks on HTTPS: Another Perspective · - A. stops the MitM attack 4. JS can interact with HostA in a usual way Browser knows nothing about MitM! ... MITM Attacks on HTTPS:

MITM 613 Intelligent System

MITM 613 Intelligent System

Network packet manipulation with Scapy · Problematic Scapy Network discovery and attacks State of the art Forge exactly what you want Decode or interpret ? Many programs Testing

Network packet manipulation with Scapy · Problematic Scapy Network discovery and attacks State of the art Forge exactly what you want Decode or interpret ? Many programs Testing

Scapy Test

Scapy Test

c Copyright 2016 ACM Notice Changes introduced as a result ... · manipulation tool scapy. The software tool utilises a DNP3 scapy plug-in which is used to implement the DNP3 protocol

c Copyright 2016 ACM Notice Changes introduced as a result ... · manipulation tool scapy. The software tool utilises a DNP3 scapy plug-in which is used to implement the DNP3 protocol

BeEF Injection MITM

BeEF Injection MITM

Scapy Packet Forgery

Scapy Packet Forgery

Network packet manipulation with Scapy - · PDF fileHack.lu, October 15, 2005 ... Philippe BIONDI Network packet manipulation with Scapy. Problematic Scapy Network discovery and attacks

Network packet manipulation with Scapy - · PDF fileHack.lu, October 15, 2005 ... Philippe BIONDI Network packet manipulation with Scapy. Problematic Scapy Network discovery and attacks

Python Scapy

Python Scapy

Offensive MitM

Offensive MitM

Scapy and IPv6 networking - SecDev.orgsecdev.org/conf/scapy-IPv6_HITB06.pdf · The Scapy Concept Scapy + IPv6 = Scapy6 Fun Security with Scapy6 Beware! IPv6 is coming, and it is not

Scapy and IPv6 networking - SecDev.orgsecdev.org/conf/scapy-IPv6_HITB06.pdf · The Scapy Concept Scapy + IPv6 = Scapy6 Fun Security with Scapy6 Beware! IPv6 is coming, and it is not