Tuesday, April 30, 2013

What is a Man In the Middle Attack?

A Man in the Middle Attack (MITM) is a type of network attack in which an attacker assumes the role of the default gateway and captures all the traffic going to and fro. This is a very serious attack and also very easy to perform. MITM attack can be performed in a Local area network such as airport and  coffee shop wifi, college wifi, computer labs and other any kind of LAN. 

What the attack basically means is that a hacker (or anyone for that matter) with the right set of  tools, can intercept all your internet activities and see all your passwords and  all the websites you are browsing. 

How to perform a Man in the Middle attack?

There are many types of Man in the Middle attacks. There are also many ways to perform this attack. There are several tools such as Cain&Abel, Ettercap, Subterfuge, SSLStrip etc which can do a MITM attack.

In Windows, we use a technique called ARP spoofing to achieve MITM scenario. We use a free ready made tool called Cain&Abel for this. First, you need to be in the same network subnet as the victim (same campus, same room, or same wifi).

Download and Install Cain&Abel. Also download and install Wireshark which is also free. We will be using wireshark to capture the packets and analyze them. 
After everything is installed, run Cain from the desktop or menu. 

  • 1. Start Sniffer by clicking button shown in red box. 2. Then go to Sniffer tab.

  • 3. Right click on screen and select “Scan Mac Addresses”. The screen will quickly  be populated with all users in your LAN.
  • 4. Select all the IP addresses and right click. and select "Resolve host name". Now, you can find the IP address of the person you want to attack by viewing the computer names.

  • Now, 
  •  4. click on “ARP” on bottom and then 
  •  5. click on “Plus” icon to add user in victim list. 

 A window called “New ARP Poison Routing ” will pop up.
  • You will see windows divided in two parts. Select the default gateway in left half and select the victim's IP in the right.  Here you see me selecting as the default gateway for the network and the victim's IP address

  • Click on start ARP option shown in red box. You will see that CAIN starts poisoning the host. 

This completes our ARP poisoning  Now, all the traffic from the victim will pass through the attacker's PC. The victim may notice his internet speed slowing down. 

Now, we need to capture the traffic by using Wireshark. 

Fire up wireshark and
 1. Click on the adapter button shown below in red. 2. Click 'start' in the adapter where there are packets. 

If you let this run for a while, all the traffic going through the victim's PC will be captured by wireshark. You can then save the packet capture file and analyze it with appropriate filters. By analyzing the packets, you can find juicy information like username and passwords, web urls visited by the victim etc.
Please note that you have to be very careful while performing such an attack. If not done properly, it can even cause denial of service to the entire network. 

Saturday, April 20, 2013

Hide your Identity: 6 ways to remain anonymous while surfing the internet

It is a well known fact that governments all over the world are increasing surveillance on their citizens. Their reasons are many. Our surfing habits and online activities are being monitored. Internet privacy has become a big issue all over the world. In India, the situation is not that different. It is just that Indian intelligence agencies  are all shrouded in a cloak of secrecy and the public doesn't  have any idea what is going on. For all we know, all our emails, facebook messages and google searches are being filtered and analyzed for suspected terror links. But that is just an assumption, although the truth can't be far from it. Universities and companies also log their students' and employees' surfing habits. The problem with this kind of surveillance is that our privacies are violated. The filtering is usually done at your router (IT Department) or the ISP. To bypass the filtering, you need to go past them. So, for all those who want to stay anonymous when surfing the internet, I am listing here several ways to do that. Please note that this information is for educational purposes only. 

1. Onion Routing
Onion routing is probably the best way to remain anonymous online. In this, Messages are repeatedly encrypted and then sent through several network nodes called onion routers. The best example is TOR . A person who uses TOR is almost untraceable. TOR is available free of cost and can be downloaded and used by anyone. The only drawback is that it is very slow. 

2. VPN
Virtual Private Networks are another good way to evade firewalls and traffic filtering. It is fairly easy to setup a VPN connection. You need to download a VPN client and connect to the server. I would recommend OpenVPN as a client  as it is completely free. VPNBOOK provides a good VPN server and I use it to bypass my college firewall. Best of all, it is free and unlimited. 

3. Web based proxies
Websites record your IP address every time you visit them.  They may use this to track you. Some countries block certain websites. Web based proxies can be used to bypass these hurdles. The good thing is that you just need a browser, no other setup required. On the downside, If the firewall or proxy blocking is good, most web proxied are probably blocked. But no harm in trying, right? 
Here is a list of web proxies http://www.freeproxy.ru

4. SSH tunneling
In SSH tunneling, you create a secure shell "tunnell" through the internet to a safe site, from where your data will be passed on to the website or server you are accessing.  For this, you need a safe and secure SSH shell account somewhere on the internet. There are plenty of free shell accounts online. If you are using windows, you will connect to them(online shell accounts)  using an SSH client such as Putty. Learn how to do ssh tunneling here

5. Buy a fake sim card , use internet from it
All right, this one sounds a bit shady. But if you are one of those people who are paranoid about your online safety and privacy, you can buy a sim card in the black market and use the internet from there. In India, such sim cards are not difficult to get (I think). 

6. Use random wifi hotspots
If you are in an urban setting, you can drive around town in a car and use people's wifi hotspots. Many cafes and malls provide free wifi. Some people leave their wifi open, making them an easy target. Some people still use WEP encryption, so it won't be difficult to crack. You can use their internet and simply drive away when you are done.