4

For research purpose, I want to launch a MitM attack on computers that are connected to my wireless network.

I wonder what is the best way to do so. Notice that I control the router, and do not want to launch constantly attacks like ARP poisoning or something like this. I want to use my router and a dedicated computer for this goal, in as clean as possible manner.

I thought about the following option:

Change the DNS server address in the router to my dedicated computer, and just impersonate every interesting website.

However, I'm sure there are some other options, and I would like to get information about them. In particular, is there something similar I can do via ARP? e.g., change some settings in the router to make everyone think that the gateway is my computer?

If there are other ways, which one is better?

References to other methods and tools will be appreciated.

Gari BN
  • 485
  • 1
  • 6
  • 14
  • 1
    I don't have time to post a full explanation but you want the router to forward all requests to a proxy server. Check this out: http://mitmproxy.org/doc/howmitmproxy.html – Andrew Hoffman Nov 18 '14 at 21:40
  • @AndrewHoffman Thanks for the reference. I saw that there is transparent mode there which might be useful. Yet, I don't see there how to automatically redirect traffic of computers that connect to the network, to the proxy. – Gari BN Nov 18 '14 at 22:12

5 Answers5

1

If the clients were given IPs via DHCP, you could perform some kind of ARP poisoning attack. Essentially, when a computer broadcasts to determine what MAC the router IP has, you respond with your MAC before the router can respond with its MAC.

Another option is to masquerade as an access point and trick the clients into connecting to your fake access point. Airbase-ng is good for this type of attack.

There really isn't a way to change a setting on the router that will make clients think you are the gateway. Also, the DNS idea, while it would work for connections using domains, it would not catch IP traffic where the IP was not discovered via DNS.

superultranova
  • 256
  • 1
  • 3
1

there's a few solutions out there for this sort of thing,

the easiest way is with a linux distribution live CD or USB,

with subterfuge, or netool.sh

these aren't very transparent though, especially when people visit sites that only allow https like gmail or facebook.

however most people will just view certificate errors as something they've messed up, rather than an attacker being in the middle.

A more transparent way would be creating a dns proxy with filters, but I haven't seen anything that's very turn-key, so you'll have to mess around a bit to do this.

catsquid
  • 434
  • 3
  • 5
0

You might be interested in the WiFi Pineapple from Hak5, which provides turn-key MitM functionality.

Troy Hunt has a helpful quick start guide.

nitrl
  • 3,003
  • 4
  • 20
  • 23
  • I'm interested in achieving similar functionality, but by doing it myself (with my router and computer). – Gari BN Nov 20 '14 at 16:24
0

If you have a rooted Android connected over WiFi, dsploit is an excellent tool. It can perform active attacks of various kinds, as well as network scans. MITM with sslstrip and content substitution is an option.

http://www.dsploit.net/

Natanael
  • 821
  • 7
  • 10
0

EvilFOCA will introduce you to a few common network MITM concepts. It runs on Windows and is very easy to setup and control.

atdre
  • 18,885
  • 6
  • 58
  • 107