Content
Brief Top▲
A simple program which creates "Man In The Middle" attack by ARP spoofing using scapy. The program uses our simple chat final project link of the project here. Since the simple chat applies a non-secured applicative protocol that we have created, the chats can be exposed by an attacker that wants to sabotage the users' chats. The attack explanation is based on a story that will be presented here.
Background Story Top▲
Eve is falling in love with Bob, which is falling in love with Alice. In one day, Bob decided to propose Alice but in a brilliant platform - our wonderful chat application. Since Eve and Bob are good friends, he told her his intentions to propose Alice, and in response, Eve decided to use her malicious abilities and sabotage Bob's proposal. Eve will break the chat between Bob and Alice, such that each message in the chat will be transferred to her, wil be changed by her and delivered to Alice after the changes. Finally, Eve will join Bob's chat and will use Bob's heartbreaking to propose him 😊.
Attack Progression Top▲
The attack will be over 3 virtual machines of ubuntu20.04 of SEED Lab, which have a common subnet.
- The first machine holds the chat server and Bob.
- The second machine resembles Alice's computer.
- The third machine resembles Eve - the attacker's computer.
Here is a picture which depicts the net's scheme, with the real details.
It's needless to say who is Bob, because bob's messages will be sent to the server, and only then from the server to Alice, but here we will have Bob and the server in the same virtual machine, as mentioned above.
Let's present a normal chat over our chat application.
- Bob joins the chat, and then Alice joins too.
- Now they can chat.
Now to the attacking, Eve will apply ARP poisoning. She will poison the ARP cache of Alice and the server (Bob's machine).
- The blue address and the red address belongs to the attacker, which is only connected to the subnet.
As mentioned, the attacker - Eve will send 2 Arp replies - one for Bob and one for Alice. This poisons Alice's and Bob's ARP cache.
Here is a picture of the poisoning scheme.
The next step for Eve is to run her script to poison Alice's and Bob's ARP cache.
- The red square marks that this is Eve's computer.
Let's see the poisoning in the background using Wireshark.
- The poisoning is made every 10 seconds, and we can see this traffic in the last picture. This is important because the cache could be refreshed.
We can check if the poisoning has fully succeeded, by seeing the arp table using arp -n command.
And in comparison to the last state, we can see that Alice's and Bob's arp address are altered to Eve's mac address, so the poison worked!
Proceeding to Eve's next step, Eve should take the incoming packets, change them and sent it to Alice. This idea is depicted in the following scheme.
The software will take this idea and implement it:
- The software prints the real content.
- The software will alter the real content and then sent it to Alice.
And now we can surly say that the Bob's proposal is completely ruined.
Languages and Tools Top▲
Acknowledgements Top▲
Contact Top▲
Amir - here
Simcha - here
Project Link: here
Project book: here
Copyright © This Project last modified on July 17, 2022, by Simcha & Amir.