Man in The Middle Attack
Man In The Middle Attack experience.
Table of Contents
With a few years of programming experience and some basic knowledge of Python, I set myself a challenge to create a tool that can execute a MiTM (Man in The Middle) attack on a network. A MiTM attack can be achieved by intercepting data between a device and the router – essentially putting yourself in the middle of the connection. I did some research and discovered that ARP (Address Resolution Protocol) packets can be spoofed. This meant that I could send a bunch of packets to the router saying that my machine is at the target’s IP address. I could now log all the data being sent to the router from our target. To receive data being sent from the router to the target machine, I had to send packets to the target machine saying that my machine is also at the router’s IP address.
Wireshark capture filter.
I had a basic understanding of how to perform the attack, I just had to figure out how I was going to do it using Python. I looked at the socket documentation and discovered I could create my own packets using arrays of bytes and send them over the network. Perfect, this should be easy then. Unfortunately, that was not the case. I spent hours looking at packets using Wireshark and making sense of what each byte represented. I used struct.pack and put the bytes in a list to create the structure of the packet and created a function to return the spoofed ARP packet. I gave it a small test run and saw my custom packets, which meant it was working. I ran two windows, each spamming spoofed ARP packets, to allow me to intercept data between the target device and the router.
DNS packets.
I had completed my challenge and it only took me about a day. Excited that I had completed it so quickly, I set myself another challenge: to log websites the target visits. For this, I used DNS packets. This created a whole new problem as I had to start receiving packets, reading the bytes and interpreting what each byte meant. I looked at the structure of common DNS packets, split the bytes into different headers, and created a dictionary to make it easier to retrieve relevant data from the packet. I created some functions to convert certain bytes into readable data and used some string manipulation magic to figure out the domain name contained in the DNS packet and displayed it to the screen.
Conclusion.
Overall, it took me about three days to complete the man in the middle attack, and I feel that I learned a lot about Python and networking in that time. This was my first real project where I went in without much prior knowledge and was able to create a fully functioning program using resources I found on the internet (and some trial and error). The code is not beautiful and is certainly not the most efficient, but it’s a good starting point for anyone wanting to learn from it or to improve it.
Author: https://twitter.com/ow_murphy