What is Intercepter-NG
Let's consider the essence of ARP functioning on simple example. Computer A (IP address 10.0.0.1) and Computer B (IP address 10.22.22.2) are connected by an Ethernet network. Computer A wants to send a data packet to computer B; it knows the IP address of computer B. However, the Ethernet network they are connected to does not work with IP addresses. Therefore, in order to transmit via Ethernet, computer A needs to know the address of computer B Ethernet networks(MAC address in Ethernet terms). The ARP protocol is used for this task. Using this protocol, computer A sends a broadcast request addressed to all computers in the same broadcast domain. The essence of the request: “computer with IP address 10.22.22.2, provide your MAC address to the computer with MAC address (for example, a0:ea:d1:11:f1:01).” The Ethernet network delivers this request to all devices on the same Ethernet segment, including computer B. Computer B responds to computer A to the request and reports its MAC address (eg 00:ea:d1:11:f1:11) Now, Having received the MAC address of computer B, computer A can transmit any data to it via the Ethernet network.
To avoid the need to use the ARP protocol before each data sending, the received MAC addresses and their corresponding IP addresses are recorded in the table for some time. If you need to send data to the same IP, then there is no need to poll devices every time in search of the desired MAC.
As we just saw, ARP includes a request and a response. The MAC address from the response is written to the MAC/IP table. When a response is received, it is not checked in any way for authenticity. Moreover, it doesn't even check whether the request was made. Those. you can immediately send an ARP response to the target devices (even without a request), with spoofed data, and this data will end up in the MAC/IP table and will be used for data transfer. This is the essence of the ARP-spoofing attack, which is sometimes called ARP etching, ARP cache poisoning.
Description of the ARP-spoofing attack
Two computers (nodes) M and N on an Ethernet local network exchange messages. Attacker X, located on the same network, wants to intercept messages between these nodes. Before applying the ARP-spoofing attack on the network interface of host M, the ARP table contains IP and MAC address node N. Also on the network interface of node N, the ARP table contains the IP and MAC of node M.
During an ARP-spoofing attack, node X (the attacker) sends two ARP responses (without a request) - to node M and node N. The ARP response to node M contains the IP address of N and the MAC address of X. The ARP response to node N contains the IP address M and MAC address X.
Since computers M and N support spontaneous ARP, after receiving an ARP response, they change their ARP tables, and now the ARP table M contains the MAC address X bound to the IP address N, and the ARP table N contains the MAC address X, bound to the IP address M.
Thus, the ARP-spoofing attack is completed, and now all packets (frames) between M and N pass through X. For example, if M wants to send a packet to computer N, then M looks in its ARP table, finds an entry with the host’s IP address N, selects the MAC address from there (and there is already the MAC address of node X) and transmits the packet. The packet arrives at interface X, is analyzed by it, and then forwarded to node N.
Interceptor is a multifunctional network tool that allows you to obtain data from traffic (passwords, instant messenger messages, correspondence, etc.) and implement various MiTM attacks.
Intercepter program interface
Main functionality
- Interception of instant messenger messages.
- Interception of cookies and passwords.
- Interception of activity (pages, files, data).
- Ability to spoof file downloads by adding malicious files. Can be used in conjunction with other utilities.
- Replacing Https certificates with Http.
Messengers Mode– allows you to check correspondence that was sent in unencrypted form. Used to intercept messages in such ICQ messengers, AIM, JABBER messages.
Ressurection Mode– recovery of useful data from traffic, from protocols that transmit traffic in clear text. When the victim views files, pages, data, they can be partially or completely intercepted. Additionally, you can specify the size of the files so as not to download the program in small parts. This information can be used for analysis.
Password Mode– mode for working with cookies. In this way, it is possible to gain access to the victim's visited files.
Scan mode– main mode for testing. To start scanning, click right click Smart Scan mice. After scanning, all network participants will be displayed in the window, their operating system and other parameters.
Additionally, in this mode you can scan ports. You must use the Scan Ports function. Of course, there are much more functional utilities for this, but the presence of this function is an important point.
If we are interested in a targeted attack on the network, then after scanning we need to add the target IP to Nat using the command (Add to Nat). In another window it will be possible to carry out other attacks.
Nat Mode. The main mode, which allows you to carry out a number of attacks via ARP. This is the main window that allows targeted attacks.
DHCP mode. This is a mode that allows you to raise your DHCP server to implement DHCP attacks in the middle.
Some types of attacks that can be carried out
Site spoofing
To spoof the victim’s website, you need to go to Target, after which you need to specify the site and its substitution. This way you can replace quite a lot of sites. It all depends on how high-quality the fake is.
Site spoofing
Example for VK.com
Selecting MiTM attack
Changing the injection rule
As a result, the victim opens a fake website when requesting vk.com. And in password mode there should be the victim’s login and password:
To carry out a targeted attack, you need to select a victim from the list and add it to the target. This can be done using the right mouse button.
Adding MiTm attacks
Now you can use Ressurection Mode to recover various data from traffic.
Victim files and information via MiTm attack
Traffic spoofing
Specifying Settings
After this, the victim’s request will change from “trust” to “loser”.
Additionally, you can kill cookies so that the victim logs out of all accounts and logs in again. This will allow you to intercept logins and passwords.
Destroying cookies
How to see a potential sniffer on the network using Intercepter?
Using the Promisc Detection option, you can detect a device that is scanning on the local network. After scanning, the status column will show “Sniffer”. This is the first way to detect scanning on a local network.
Sniffer Detection
SDR HackRF Device
SDR is a kind of radio receiver that allows you to work with different radio frequency parameters. Thus, it is possible to intercept the signal of Wi-Fi, GSM, LTE, etc.
HackRF is a full SDR device for $300. The author of the project, Michael Ossman, is developing successful devices in this direction. The Ubertooth Bluetooth sniffer was previously developed and successfully implemented. HackRF is a successful project that has raised more than 600 thousand on Kickstarter. 500 such devices have already been sold for beta testing.
HackRF operates in the frequency range from 30 MHz to 6 GHz. The sampling frequency is 20 MHz, which allows you to intercept signals from Wi-FI and LTE networks.
How to protect yourself at the local level?
First, let's use SoftPerfect WiFi Guard software. Eat portable version, which takes up no more than 4 MB. It allows you to scan your network and display what devices are displayed on it. It has settings that allow you to choose network card And maximum quantity scanned devices. Additionally, you can set the scanning interval.
Ability to add comments for users
Conclusion
Thus, we have considered in practice how to use software to intercept data within the network. We looked at several specific attacks that allow you to obtain login data, as well as other information. Additionally, we looked at SoftPerfect WiFi Guard, which allows you to protect at a primitive level local network from listening to traffic.
Each member of the ][ team has their own preferences regarding software and utilities for
pen test. After consulting, we found out that the choice varies so much that it is possible
create a real gentleman's set of proven programs. That's it
decided. In order not to make a hodgepodge, we divided the entire list into topics - and in
This time we’ll touch on utilities for sniffing and manipulating packets. Use it on
health.
Wireshark
Netcat
If we talk about data interception, then Network Miner will be taken off the air
(or from a pre-prepared dump in PCAP format) files, certificates,
images and other media, as well as passwords and other information for authorization.
A useful feature is to search for those sections of data that contain keywords
(for example, user login).
Scapy
Website:
www.secdev.org/projects/scapy
A must-have for any hacker, it is a powerful tool for
interactive packet manipulation. Receive and decode packets of the most
different protocols, respond to the request, inject the modified and
a package created by yourself - everything is easy! With its help you can perform a whole
a number of classic tasks such as scanning, tracorute, attacks and detection
network infrastructure. In one bottle we get a replacement for such popular utilities,
like: hping, nmap, arpspoof, arp-sk, arping, tcpdump, tetheral, p0f, etc. At that
it's about time Scapy allows you to perform any task, even the most specific
a task that can never be done by another developer already created
means. Instead of writing a whole mountain of lines in C to, for example,
generating the wrong packet and fuzzing some daemon is enough
throw in a couple of lines of code using Scapy! The program does not have
graphical interface, and interactivity is achieved through the interpreter
Python. Once you get the hang of it, it won’t cost you anything to create incorrect
packets, inject the necessary 802.11 frames, combine different approaches in attacks
(say, ARP cache poisoning and VLAN hopping), etc. The developers themselves insist
to ensure that Scapy's capabilities are used in other projects. Connecting it
as a module, it’s easy to create a utility for various types of local area research,
searching for vulnerabilities, Wi-Fi injection, automatic execution specific
tasks, etc.
packeth
Website:
Platform: *nix, there is a port for Windows
An interesting development that allows, on the one hand, to generate any
ethernet packet, and, on the other hand, send sequences of packets with the purpose
checks bandwidth. Unlike other similar tools, packeth
has GUI, allowing you to create packages as easily as possible
form. Further - more. The creation and sending are especially elaborated
sequences of packets. You can set delays between sending,
send packets with maximum speed to check bandwidth
section of the network (yep, this is where they’ll be filing) and, what’s even more interesting -
dynamically change parameters in packets (for example, IP or MAC address).
About the dangers of open Wifi access points, about how passwords can be intercepted.
Today we’ll look at intercepting passwords over Wi-Fi and intercepting cookies over Wi-Fi using the program.
The attack will take place due to Sniffing.
Sniffing— sniff translates as “Sniff.” Sniffing allows you to analyze network activity on the Internet, view which sites the user visits and intercept passwords. But it can also be used for useful purposes, for listening to viruses that send any data to the Internet.
The method I will show is quite primitive and simple. In fact, you can use the program more strongly.
Official website of the program sniff.su (copy the link and open in a new tab), you can download it in the section "Download".
There is a version for Windows Unix systems and for android.
We will consider for Windows since this is the most popular system and here the program is the most advanced.
Your browser or antivirus may complain that the program is dangerous, but you yourself understand that this is a hack program, and it will always respond to such hacks.
The program is downloaded to zip archive, you just need to unpack the program into a folder and use it, there is no need to install anything.
The program has the ability to organize various Mitm attacks on Wi-Fi networks.
The article is written purely for informational purposes to show an example of the dangers open points WiFi any specified actions are performed at your own peril and risk. And I want to remind you about criminal liability for protecting other people’s data.
Service avi1 offers breathtakingly cheap prices for the opportunity to order followers for your Instagram profile. Achieve increased online popularity or sales right now, without spending a lot of effort and time.
Working with the Intercepter NG program
So, the program is launched via Intercepter-NG.exe.
The program has an English interface, but if you confident user I think you'll figure it out.
Below there will be a video on setting up (for those who prefer to watch rather than read).
— Choose the desired network at the top if you have several of them.
— Switch the type Ethernet/WiFi, if you have Wi Fi, then you need to select the Wi FI icon (to the left of the network selection)
— Press the button Scan Mode(radar icon)
- In an empty field, right-click and click on context menu Smart scan
— All connected devices to the network will appear
— Select the victim (you can select everyone while holding down the Shift key), just do not mark the router itself, its IP is usually 192.168.1.1
- Having selected, right-click and click Add to nat
- Go to the tab Nat
- IN Stealth ip It is advisable to change the last digit to any unoccupied one, this will hide your real IP.
- Put a tick on SSL Strip And SSL Mitm.
— Click Settings(gears on the right).
- Put a tick on Resurrection(This will allow you to intercept passwords and cookies of the encrypted Https protocol) and Remove Spoof IP/Mac. You can check the box Cookie Killer, thanks to her, the victim will be kicked out of the current page, for example social network and the victim will have to re-enter the password, and we will intercept it. Compare the settings with the picture.
— Here the setup is complete, close the settings with a checkmark.
— The setup is complete, you can begin the attack.
— Press the button at the top Start/stop sniffing(triangle), in the same window click on the radiation icon at the bottom Start/Stop ARP Poison
— Go to the tab Password mode and right-click in the window and select Show Cookies(“This will allow cookies and passwords entered by victims to be shown”)
That's it, we're waiting for someone to enter the password.
Sometimes it happens that the Internet stops working, try trying to access the Internet yourself, if it doesn’t work, restart the program.
I noticed that it is not always possible to intercept a password, but in fact it works almost without failure.
That's all, we looked at intercepting passwords over Wi-Fi and intercepting cookies over Wi-Fi.
Take care of yourself
The Wi-Fi network packet sniffer module can be used on both normal and monitor modes, but it also supports a third option, the extended mode, for capturing the Wi-Fi network traffic generated by your equipment.
The extended mode allows you to use the while your wireless card is connected to a Wi-Fi network. Apart from viewing signaling packets (beacons, probe requests, probe responses, data packets, etc.), you will be able to view all the TCP, UDP, or Wi-Fi broadcast traffic generated by your system while connected. This way, you will be able to view and analyze all the web browsing ( HTTP) traffic, or any other network connection sent by the Wi-Fi network you are connected to.
This capture mode does not allow you to view Wi-Fi traffic from other channels, since your wireless card is working at a fixed frequency.
The Wi-Fi network sniffer on extended mode and the network packet capture mode sectors are long-awaited new features on Acrylic Wi-Fi Professional v2.3, which is expected to be launched within the next few days.
Download Wireless Network Sniffer for Windows 7/8/8.1/10
If you do not need to view Wi-Fi network packets or use a Wi-Fi network traffic sniffer, download , a free Wi-Fi network and channel sniffer for Windows that allows you to view all the wireless networks within reach. This version supports normal capture and monitor modes.
If you need complete wireless network behavior information, Wi-Fi network sniffer is the right solution for you, since it supports all three Wi-Fi network capture modes, providing Wi-Fi network packet information in real time. A very useful tool for improving wireless network performance, detecting incidents, and learning more about Wi-Fi networking. Try it for free!
And for advanced users, the Acrylic Wi-Fi driver allows you to.
Loading...