This project delves into network security vulnerabilities, focusing on ARP spoofing, Man-In-The-Middle (MITM), and pharming attacks. Implemented in C++, it demonstrates how to execute these attacks and explores their inner workings and defenses.
Table of Contents
This project is a comprehensive exploration of network security vulnerabilities and attack vectors, specifically focusing on ARP spoofing, Man-In-The-Middle (MITM), and pharming attacks. Implemented in C++, the project showcases how these attacks can be conducted and provides insights into their mechanisms.
-
ARP Spoofing: The project starts by implementing ARP spoofing to deceive devices on a local Wi-Fi network. By pretending to be the gateway, the attacker can redirect network traffic through their machine, making it possible to monitor and manipulate the data.
-
Man-In-The-Middle (MITM) Attack: Using the ARP spoofing setup, the project demonstrates a MITM attack. The attacker intercepts HTTP traffic and extracts sensitive information, such as usernames and passwords, from HTTP POST requests. This illustrates the risks associated with unsecured network communication.
-
Pharming Attack: The project also explores pharming attacks, where DNS responses are manipulated to redirect users from legitimate websites to malicious ones. This is done by altering DNS resolution responses on the network, effectively hijacking attempts to visit specific websites and directing them to different, often malicious, destinations.
-
ARP Spoofing Setup:
- The attacker tool performs ARP spoofing to position itself between the target devices and the network gateway.
- This enables the attacker to intercept all network traffic flowing through the gateway.
-
MITM Attack Execution:
- Once ARP spoofing is in place, the attacker captures and analyzes HTTP traffic.
- The focus is on extracting sensitive data from HTTP POST requests, such as login credentials.
-
Pharming Attack Execution:
- Instead of merely intercepting data, the attacker manipulates DNS responses to redirect traffic.
- For example, requests to visit a trusted website can be rerouted to a fake or malicious site under the attacker's control.
- Demonstrate Network Vulnerabilities: Show how ARP spoofing can be exploited to execute more complex attacks like MITM and pharming.
- Highlight the Importance of Network Security: Educate on the potential dangers of unsecured networks and the need for robust security measures.
- Provide a Learning Tool: Serve as a practical example for students and professionals to understand and analyze the mechanics of these attacks.
To set up the project locally and observe the attacks in action, follow the steps below:
Ensure you have the following installed on your system:
- A C++ compiler (e.g., GCC)
- Basic networking tools (e.g.,
tcpdump,netcat,wireshark) - Linux Environment: This tool is designed for Linux systems as it relies on raw sockets and Netfilter Queue (NFQUEUE).
- Libnetfilter_queue: The tool requires libnetfilter_queue for handling packets. Install it using:
sudo apt-get install libnetfilter-queue-dev
- Root Privileges: Running the tool requires root privileges to send raw packets and manipulate system settings.
- Clone the repository to your local machine.
git clone https://github.com/bee0511/Computer-Security-Capstone.git
- Navigate to the project directory.
cd project2 - Compile the project using the provided Makefile.
make
Run the MITM attack tool to intercept and manipulate communications.
sudo ./mitm_attack eth0Run the pharming attack tool to redirect DNS queries.
sudo ./pharm_attack eth0To begin, power on two virtual machines: one designated as the victim and the other as the attacker. The experiment setup is depicted below:
The scenario for the Man-In-The-Middle (MITM) attack is illustrated as follows:
- Execute the MITM Attack Tool: On the attacker’s virtual machine, run the MITM attack tool.
sudo ./mitm_attack eth0-
(Optional) Observe Packet Fabrication: You may use Wireshark to monitor and analyze the crafted packets
-
Access the Target Website: On the victim’s virtual machine, navigate to the following URL in a private browsing window: http://vbsca.ca/login/login.asp
-
Submit Credentials: Enter and submit the username and password on the website. The captured credentials will be displayed on the attacker’s terminal.
The scenario for the pharming attack is depicted as follows:
- Execute the Pharming Attack Tool: On the attacker’s virtual machine, initiate the pharming attack tool.
sudo ./pharm_attack eth0-
Visit the Target Website: On the victim’s virtual machine, open a private browsing window and visit the URL: www.nycu.edu.tw
-
Redirection to Phishing Site: The victim’s connection will be redirected to a phishing website at the IP address: 140.113.24.241
This tool is intended for educational purposes only. Unauthorized network scanning, ARP spoofing, and packet interception are illegal activities. Use this tool responsibly and only on networks for which you have explicit permission. The developers are not responsible for any misuse of this tool.