| Author |
MitM / Listening and Forwarding |
Arbolito
Member
Posts: 3
Location:
Joined: 04.10.10
Rank: Apprentice |
|
Short Version - I have physical access to a machine. I want to intercept packets coming out to find the password to a router in the HTTP headers, I have no idea how to go about this. Should I setup my laptop as a router that will act as the first hop from that machine, and then it simply listens to all the packets before passing them along to the actual router?
Long Version - Alright, here's what I'm trying to do. My dad had 2 ports forworded for my use, I was running a minecraft server on one, and a webserver on the other. Anyway, old router crapped out after 10 years, and we got a new one (Linksys E3000, if you care). I also recently got my own laptop, instead of using the communal PC. Linux Mint, if you care. Anyway, I asked him to forward the ports again, and he told me to do it myself. Of course, the thing is password protected. My dad is a pretty cool guy, he only helps me out when I really need it, forcing me to learn on my own. So, here is what I came up with to try and get the password: After a bit of social engineering, I'll get him to access the router, sending in the username and password along as part of the HTTP authentation. I want to capture those packets. I tried simply using wireshark, but I'm not getting all the traffic from the network. I need a listener somewhere between him, and the router. This gave me an idea, setup my laptop as a router and have it be the first hop between him and the router. Is this feasible? Are there better ways? I'm not too adverse to hacking together something in C that simply listens and passes on packets, but I'm betting that would be the hardest way to go about it 
Thanks |
|
| Author |
RE: MitM / Listening and Forwarding |
GTADarkDude
Member
Posts: 142
Location: The Netherlands
Joined: 23.02.08
Rank: God |
|
Google 'ARP Poisoning'. Stuff becomes harder when the router uses SSL for logging in.
... |
   
|
| Author |
RE: MitM / Listening and Forwarding |
onejerlo
Member
Posts: 145
Location:
Joined: 02.11.08
Rank: Elite |
|
You have physical access??
Use a keylogger..preferably one that you compile yourself..
Theres an ok one in the codebank..but its uses loads of memory.
As for making a C program to catch and send packets..Whoa..Thats over my head..I need to learn up I suppose.
Added:
Forgot to mention..you can set the priority to idle class on the keylogger in the codebank...that would prevent it from grabbing ALL possible resources.
While you read this message,corrupt politicians are gobbling up your hard earned money;rebels,armies and terrorists are torturing and killing hundreds of innocent men;companies are exploiting millions of people and ruining the environment,people are fighting each other on the basis of color,creed and religion and your nation is being slowly destroyed.
But whats REALLY worrying,is that I write color instead of colour.
Edited by onejerlo on 06-01-11 10:49 |
|
|
| Author |
RE: MitM / Listening and Forwarding |
GTADarkDude
Member
Posts: 142
Location: The Netherlands
Joined: 23.02.08
Rank: God |
|
If his dad won't even allow him to access their router, I doubt he will allow him to run his own software on his dad's pc. Or were you going to make him type the password on your own laptop? In either case, a keylogger is certainly easier. If you can't access your dad's pc and he's making the connection from his own pc, then ARP poisoning/spoofing is the way to go.
... |
|
|
| Author |
RE: MitM / Listening and Forwarding |
stealth-
Member
Posts: 998
Location: Eh?
Joined: 10.04.09
Rank: God |
|
You're on Mint you said?
sudo apt-get install ettercap
sudo ettercap -M arp -i <interface> -w packets.pcap -T "/<RouterIP>,<DadsIP>/"
# Get him to login to the router (not over HTTPS)
# Press "q" in the terminal to close ettercap
wireshark packets.pcap
Problem solved.
If you actually care to learn from this experience, then (like already mentioned) research ARP poisoning and how it works, and then read the ettercap manual to see what exactly the command does. It's really pretty simple.
Just starting up Wireshark and running it isn't doing a MitM attack. That's just sniffing, which will only show you your own traffic if you are on a switch. On a hub, you'll see other's traffic, but switches are more common these days. ARP spoofing is generally the easiest way to achieve a LAN MitM, and then tools like ettercap will do both the capturing and Man In The Middle setup. You can later review the packets captured with ettercap in a program you are more comfortable with (eg: Wireshark).
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com
Edited by stealth- on 07-01-11 01:55 |
|
|
| Author |
RE: MitM / Listening and Forwarding |
Arbolito
Member
Posts: 3
Location:
Joined: 04.10.10
Rank: Apprentice |
|
ARP Poisoning, I'll look into that. I knew Wireshark was only a sniffer, but it was all I had at the time. Yes, I have physical access, but I do not, however, have logical access to his computer. A keylogger is out of the question, it's inelegant and dirty when other things will work. I'll resort to a keylogger if I have to, but I'd rather not. I'll look into ettercap. Thanks guys!
Edit: Just read up on ARP and the ettercap man pages, it's exactly what I was looking for. Once again, thanks.
Edited by Arbolito on 07-01-11 05:23 |
|
|
| Author |
RE: MitM / Listening and Forwarding |
telnet
Banned
Posts: 8
Location:
Joined: 28.07.06
Rank: Uber Elite |
|
|
Arbolito wrote:
ARP Poisoning, I'll look into that. I knew Wireshark was only a sniffer, but it was all I had at the time. Yes, I have physical access, but I do not, however, have logical access to his computer. A keylogger is out of the question, it's inelegant and dirty when other things will work. I'll resort to a keylogger if I have to, but I'd rather not. I'll look into ettercap. Thanks guys!
Edit: Just read up on ARP and the ettercap man pages, it's exactly what I was looking for. Once again, thanks.
Just get on the HBH IRC if you need help. - Fritzo
HBH 10,000th member 
...also rainbows (a) |
|
|
| Author |
RE: MitM / Listening and Forwarding |
fashizzlepop
Member
Posts: 482
Location: Old folks home.
Joined: 08.04.08
Rank: Uber Elite |
|
Are you sure it's not just the default password and user?
"The definition of insanity is doing the same thing over and over again and expecting different results.”
~Albert Einstein~
 |
|
|
| Author |
RE: MitM / Listening and Forwarding |
Arbolito
Member
Posts: 3
Location:
Joined: 04.10.10
Rank: Apprentice |
|
|
fashizzlepop wrote:
Are you sure it's not just the default password and user?
I may be uninitiated, but I'm not stupid  |
|
|
Main:
