Certified Ethical Hacking Professional
Indian Cyber Security Solutions
[MITM with Android device]
Author: Priyam Harsh
(Under guidance of Pritam Sir)
According to the Wikipedia, in cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example of a MITM is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted wireless access point (Wi-Fi) could insert himself as a man-in-the-middle.
Now, I would be demonstrating a MITM attack using a rooted Android phone. Since, Android is a Linux-based Operating System, we can do quite a lot of stuffs a Linux Machine can do. So, without wasting any moment, lets dive right into it.
- Rooted Android Phone
- A unencrypted access point (an open WiFi)
- cSploit App
First of all, we will understand how MITM attack works. Let’s take an example, Alice and Bob are having a conversation; Eve wants to eavesdrop on the conversation but also remain transparent. Eve could tell Alice that she was Bob and tell Bob that she was Alice. This would lead Alice to believe she’s speaking to Bob, while actually revealing her part of the conversation to Eve. Eve could then gather information from this, alter the response, and pass the message along to Bob (who thinks he’s talking to Alice). As a result, Eve is able to transparently hijack their conversation. This is how MITM works. The attacker intercept the traffic sent to and fro a access point and hence use this knowledge to initiate any kinds of MITM attacks like, session hijacking, script injection, website redirection and so on.
So now, I will demonstrate some MITM attacks using an Android device. In order to start the MITM attacks, we need to get inside an open WiFi because the communication is not encrypted over the network. Once connected to a WiFi, we will start cSploit app. cSploit app was designed for penetration testing and security researches. It is quite a powerful tool and can also cause damage if used with wrong intentions.
As soon as we open cSploit app, the automatic network discovery is started and all the connected clients are displayed on the screen. We can see that it has also initiated information gathering by port scanning all the clients in the WiFi. Since we are concerned with the Man-In-The-Middle attacks, we will select a victim or we can also select the whole network subnet to perform the attacks.
I have selected a client in the WiFi to become a victim of the attacks. Once selecting the target client(s), we are presented with several options including Trace Route, Port Scanning, Service Inspector, Exploit Finder and so on. Now, we will select MITM option.
After selecting MITM option, we can see all the kinds of attacks we can initiate on the target. We can sniff the traffic and passwords, spoof the DNS, hijack session, kill the connection, redirect the traffic to other website, replace images on the website and inject a script on every webpage.
- KILL CONNECTION:
If we want to kill the internet connection of any specific target or everyone in the network, we can use ‘Kill Connection’ option. As soon as we start this attack, the target will lose the internet connectivity. In simpler words, the attacker, being the middle man in the communication between the victim and the internet, will cut off all the outgoing and incoming requests from the victim.
- SCRIPT INJECTION:
- SESSION HIJACKER:
Session hijacking is another most powerful attack where attacker can directly listen for cookies on the network and hijack any user session. For example, a victim logs into Flipkart using his/her credentials. An attacker can try to sniff the cookies and he can hijack that user session by using the cookies of the victim. Now, he would have full access to his/her Flipkart account.
In cSploit, whenever the target will try to visit any website, the request and the cookies will automatically be captured and we can directly hijack any of the session as per our need.
- REPLACING IMAGES:
In this attack, whenever the target will open any website, every image on the webpage will be replaced with the image selected by the attacker. Once selected the replace image attack in cSploit, we would be prompted for selecting a local image or a web url for the image. After selecting the image, the attack is started.
There are bunch of other attacks too. If used in a wrong way, this can really damage the privacy and the data of any person(s).
Strong WEP/WAP Encryption on Access Points
Having a strong encryption mechanism on wireless access points prevents unwanted users from joining your network just by being nearby. A weak encryption mechanism can allow an attacker to brute-force his way into a network and begin man-in-the-middle attacking. The stronger the encryption implementation, the safer it is going to be.
Virtual Private Network
VPNs can be used to create a secure environment for sensitive information within a local area network. They use key-based encryption to create a subnet for secure communication. This way, even if an attacker happens to get on a network that is shared, he will not be able to decipher the traffic in the VPN.
HTTPS can be used to securely communicate over HTTP using public-private key exchange. This prevents an attacker from having any use of the data he may be sniffing. Websites should only use HTTPS and not provide HTTP alternatives. Users can install browser plugins to enforce always using HTTPS on requests.
Public Key Pair Based Authentication
Man-in-the-middle attacks typically involve spoofing something or another. Public key pair based authentication like RSA can be used in various layers of the stack to help ensure whether the things you are communicating with are actually the things you want to be communicating with.
In the conclusion, I would like to say that this cyber world is developing every day and so does the cyber-attacks. With every new advancement in technology, there comes a new bug, new vulnerabilities and new exploits ready to be misused and exploit. After getting my training for C|EHP, now I can say that I am one of those amazing people whose job is to find this bugs and vulnerability and to create a hack-proof environment for everyone.
Thank you for your attention.