Penetration Testing mailing list archives
Re: Understanding Man-In-The-Middle Attacks
From: Dan Crowley <dcrowley () coresecurity com>
Date: Thu, 04 Nov 2010 14:35:42 -0400
To clarify, this is only showing how to use tools to execute an ARP spoofing attack. There are other methods to launch a man-in-the-middle attack such as DNS spoofing. It's even possible to launch a physical MitM attack! One of my favorite examples of MitM attacks is the Aspidistra radio station used in a MitM attack during World War II. For information about what a MitM attack is in general as well as other examples, take a look at http://en.wikipedia.org/wiki/Man-in-the-middle_attack. -- Daniel Crowley, CICP, GCIH Technical Specialist Core Security Technologies Direct: +1 (617) 695-1151 Fax: +1 (617) 399-6987 "All the forces in the world are not so powerful as an idea whose time has come." - Victor Hugo On 11/2/2010 5:09 PM, Adam Behnke wrote:
Hi everyone, a few instructors here at InfoSec Institute have put together a short presentation and video tutorial on how to perform a Man-In-The-Middle (MitM) attack. You can view the presentation that diagrams out how a MitM attack works: http://resources.infosecinstitute.com/man-in-the-middle-demystified/ You can also view a how-to video tutorial that you can follow along with if you have a few virtual machines to play with on your local network: http://resources.infosecinstitute.com/video-man-in-the-middle-howto/ In a pen test, it is important to learn how to do these attacks to intercept server to server communication, server to client communication, etc. Coming soon we will demonstrate how to perform a MitM attack against SSL encrypted sessions. Happy hacking! InfoSec Institute ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Understanding Man-In-The-Middle Attacks Adam Behnke (Nov 04)
- Re: Understanding Man-In-The-Middle Attacks Dan Crowley (Nov 04)