MitM
Conferência O Outro Lado 8ª Edição
Ricardo Iramar dos Santos
ricardo.iramar@gmail.com
Agenda
- Basic Concepts
- Address Resolution Protocol (ARP)
- Routing and Default Gateway
- Proxy Server
- SSL Handshake
-
MitM
- ARP Poisoning
-
Definition
- Tools
- Demo
- Mitigations
- Tools
- Static ARP
-
Dynamic ARP Inspection (DAI)
- IEEE 802.1X
- Transport Layer Security
- Questions?
Basic Concepts
Address Resolution Protocol (ARP)
Basic Concepts
Routing and Default Gateway
Basic Concepts
Proxy Server
Basic Concepts
SSL Handshake
MitM
Definition
MitM
ARP Poisoning
ARP poisoning is an attack that is accomplished using the technique of ARP spoofing.
MitM
Flying Pig
MitM
Tools
-
Cain and Abel (http://www.oxid.it)
-
Ettercap (http://ettercap.github.io/ettercap/)
-
sslsniff (http://www.thoughtcrime.org/software/sslsniff/)
- OWASP ZAP (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)
-
Fiddler (http://www.telerik.com/fiddler/)
-
Burp Proxy (http://portswigger.net/burp/proxy.html)
-
mitmproxy (http://mitmproxy.org)
- Others (https://www.google.com)
MitM
Demo
Mitigations
Tools
-
DefendARP (http://www.arppoisoning.com/defense-scripts/)
-
Arpwatch (http://ee.lbl.gov)
-
ArpON (http://arpon.sourceforge.net)
- Antidote (http://antidote.sourceforge.net)
- Arp_Antidote (http://burbon04.gmxhome.de/linux/ARPSpoofing.html)
- Wikipedia (https://en.wikipedia.org/wiki/ARP_spoofing)
- Others (https://www.google.com)
Mitigations
Static ARP
Linux
$ sudo arp -s 10.0.0.2 00:0c:29:c0:94:bf Windows
Others
-
RTFM or https://www.google.com
Mitigations
Dynamic ARP Inspection (DAI)
Mitigations
IEEE 802.1X
Mitigations
Transport Layer Security
Questions?
MitM
By Ricardo Iramar Dos Santos
MitM
The man-in-the-middle attack.