192.168.0.199
. The tool that we will use for this is called dnsspoof
and the syntax is as follows:dnspoof –i mitm-bridge
The output of the command is as follows:
google.com
), Dnsspoof replies back:google.com
as 192.168.0.199
, which is the hacker machine's IP, but there is no service listening on port 80:apachet2ctl start
The output of the command is as follows:
We did an application hijacking attack using a Wireless MITM as the base. So what happened behind the scenes? The MITM setup ensured that we were able to see all the packets sent by the victim. As soon as we saw a DNS request packet coming from the victim, the Dnsspoof program running on the attacker's laptop sent a DNS response to the victim with the attacker machine's IP address that of google.com
. The victim's laptop accepted this response and the browser sent an HTTP request to the attacker's IP address on port 80
.
In the first part of the experiment, there was no listening process on port 80 of the attacker's machine and thus, Firefox responded with an error. Then, once we started the Apache server on the attacker's machine on port 80 (the default port), the browser's requested received a response from the attacker's machine with the default It Works! page.
This lab shows us that, once we have full control of the lower layers (Layer 2 in this case), it is easy to hijack applications running on higher layers such as DNS clients and web browsers.
The next step in session hijacking using a wireless MITM will be to modify the data being transmitted by the client. Explore software available on Kali called Ettercap. This will help you create search and replace filters for network traffic.
In this challenge, write a simple filter to replace all occurrences of security in the network traffic to insecurity. Try searching Google for security and check whether the results show up for insecurity instead.