Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Understanding Man-In-The-Middle Attacks
From: Dan Crowley <dcrowley () coresecurity com>
Date: Thu, 04 Nov 2010 14:35:42 -0400

To clarify, this is only showing how to use tools to execute an ARP
spoofing attack. There are other methods to launch a man-in-the-middle
attack such as DNS spoofing. It's even possible to launch a physical
MitM attack! One of my favorite examples of MitM attacks is the
Aspidistra radio station used in a MitM attack during World War II.

For information about what a MitM attack is in general as well as other
examples, take a look at
http://en.wikipedia.org/wiki/Man-in-the-middle_attack.
--
Daniel Crowley, CICP, GCIH
Technical Specialist
Core Security Technologies
Direct: +1 (617) 695-1151
Fax: +1 (617) 399-6987

"All the forces in the world are not so powerful as an idea whose time
has come." - Victor Hugo


On 11/2/2010 5:09 PM, Adam Behnke wrote:
Hi everyone, a few instructors here at InfoSec Institute have put together a
short presentation and video tutorial on how to perform a Man-In-The-Middle
(MitM) attack. You can view the presentation that diagrams out how a MitM
attack works:

http://resources.infosecinstitute.com/man-in-the-middle-demystified/

You can also view a how-to video tutorial that you can follow along with if
you have a few virtual machines to play with on your local network:

http://resources.infosecinstitute.com/video-man-in-the-middle-howto/

In a pen test, it is important to learn how to do these attacks to intercept
server to server communication, server to client communication, etc. 

Coming soon we will demonstrate how to perform a MitM attack against SSL
encrypted sessions. 

Happy hacking! 

InfoSec Institute


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]