Hands-On Penetration Testing on Windows
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Sniffing and Spoofing

During the 1970s, the United States conducted a daring Signals Intelligence (SIGINT) operation against the Soviet Union called Operation Ivy Bells in the Sea of Okhotsk. Whereas any other message with a reasonable expectation of intercept would have been encrypted, some key communications under the Sea of Okhotsk took place in plaintext. Using a device that captured signals moving through the cable via electromagnetic induction, United States intelligence was able to retrieve sensitive military communication from hundreds of feet below the surface of the sea. It was a powerful demonstration of sniffing—the capture and analysis of data moving through a communications channel.

Decades earlier, the Allies were preparing to liberate Nazi-occupied Western Europe in the 1944 Battle of Normandy. A critical component of success was catching the Germans unprepared, but they knew an invasion was imminent; so, a massive deception campaign called Operation Fortitude was employed. Part of this deception operation was convincing the Germans that an invasion would take place in Norway (Fortitude North) by generating fake radio traffic in Operation Skye. The generated traffic was a perfect simulation of the radio signature of army units coordinating their movements and plans for attack. The strategy was deployed, and its ingenious attention to detail is a powerful demonstration of spoofing – false traffic intended to mislead the receiver.  

Our discussion in this chapter will be in the context of modern computer networks and your consideration of these concepts as a pen tester, but these historical examples should help illuminate the theory behind the technical details. For now, let's demonstrate some hands-on examples of sniffing and spoofing for today's pen tester armed with Kali Linux.

In this chapter, we will cover the following topics:

  • Wireshark statistical analysis and display filtering to find the individual bits we need on a network
  • Ettercap fundamentals to build a stealthy eavesdropping access point
  • Ettercap packet filters to analyze, drop, and manipulate traffic in transit through our access point
  • BetterCAP fundamentals to conduct an Internet Control Message Protocol (ICMP) redirect spoofing attack
上一章目录下一章