Keatron, one of the two lead authors of "Chained Exploits: Advanced Hacking Attacks From Start to Finish", is a Senior Instructor and Training Services Director at InfoSec Institute.
Keatron is regularly engaged in training and consulting for members of the United States intelligence community, military, and federal law enforcement agencies. Keatron specializes in penetration testing and digital forensics. In addition to training, Keatron serves as Senior Security Researcher and Principle of Blink Digital Security which performs penetration tests and forensics for government and corporations.
This is a step-by-step video of the man-in-the-middle attack. We teach this and much more in our ethical hacking course. We’ll also teach you how to defend against such attacks. For a powerpoint diagram version of the man-in-the-middle attack you can go here.
I take offense at the use of “Tux” the Linux penguin as the bad guy here. Why not the Microsoft Windows logo, or the BDS Daemon, or the Apple logo, if you are going to use an operating system logo? Better yet, use another critter like the donkey in the video, perhaps a skunk.
Sorry, BSD Daemon, not BDS. I was typing in a hurry.
Sorry Bob. Already used the Donkey once, he was talkin to granny. Besides, I only used the penguin because it WAS Linux I was using to do the arpspoofing and sniffing… :D
This was an excellent session. I am currently a student in Charlotte, NC. I normally use VMware to try this. Cannot seem to get it to work. Do I have to use Linux as the attacker? Your mentoring would be greatly appreciated.
Hi Keatron,
Thanks for the vital information. I’m currently doing a self study on the penetration test and your MITM attack really helped. But, the attack you just showcased would work only when you are a part of their LAN. I wanted to know, how this attack would actually work when all three i.e. the victims and the attacker are part of different network.
Please provide me with some information.
Hi Mr.Keatron,
i love your work ; ),more video please.
@Arun. You don’t have to use Linux at the attacker. As long as the attacker OS has the ability, or you give it the ability to send arp packets, then make it able to forward packets who’s destination ip is not it’s own. You should be good. In Windows if you want to enable IP forwarding. You’ll need to modify the registry by doing the following;
1. Start Registry Editor (Regedit.exe).
2. In Registry Editor, locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3. Set the following registry value:
Value Name: IPEnableRouter
Value type: REG_DWORD
Value Data: 1
A value of 1 enables TCP/IP forwarding for all network connections that are installed and used by this computer.
4. Quit Registry Editor.
@Mr. GTO. MiTM against SSL coming up tomorrow!
Arun. Arp spoofing is a layer 2 attack, so you’re correct. You would need to be on the same LAN or more specifically, on the same physical network. This includes being on the same wireless network. There are MANY other ways to get their traffic when they’re on a different network. The two most common ways are compromising a router that’s facing their network or at some point their traffic goes through that router, or some type of client-side attack.
Hey… thanks a ton Keatron for the information.
Looking forward for more such videos.
Really good write-up, but this doesn’t really to be compatible with my router ip, any advice?
@myrouterip. I assume you’re saying that your router ip is something different than the ip i used in the video. Simply substitute your router ip for the one I’m using in the video. If you don’t know what your router ip is, from windows click on start>run and then type cmd. You should get a command prompt. In it type ipconfig /all. Look for the ip address that’s listed as default gateway. Use that one.
On Linux from a shell prompt type ifconfig -a to get the same information.
if i didn’t already have a God, i would start buying bananas and goats and starts worshiping you(yes, because of all the videos you have posted). I read your entry about how to educate yourself in security field.
I have a BS in Comp. Science, and I’m actually seeking a graduate degree from a grad school that specializes in information security. do you have any school you’d recommend? would you recommend on online degree program from reputable school(i.e. penn state, boston, carnegie mellon) or traditional reputable school?
@Bud. Not sure I could recommend one school over the other. Honestly I haven’t taken the time to really dig into the program offerings from different schools or tried to reach out to students who’ve attended any of online schools. Maybe a future article will be a review of the online Information Security programs? One thing I would certainly recommend is as soon as possible, combine your degree with some hands on. Maybe even volunteer to do some security consulting for a non-profit or small business. Also, if you take a look at our training programs you’ll find that they all mesh nicely with traditional technology degrees.
Thanks for the kind words!
Take the class from Keatron, you get to see it in person and do it. Super cool and Keatron does a fantastic job!