Results 1 to 6 of 6

Thread: Detect someone on network mitm?

  1. #1
    Join Date
    2013-Jun
    Posts
    123

    Detect someone on network mitm?

    Using kali, is there a way to detect someone on network doing a mitm attack?

  2. #2
    Join Date
    2013-Mar
    Location
    http://rastamouse.me
    Posts
    86
    The most common technique for MITM is to use ARP poisoning. To learn about the process, put a promiscuous sniffer on to your LAN and use a tool such as arpspoof or ettercap to do the MITM; and a tool like wireshark to monitor the packets. IDS type tools such as SNORT are capable of automatically spotting these attacks.
    OSCP
    --
    If it smells like a duck, walks like a duck and quacks like a duck; then it probably is a duck.

  3. #3
    Join Date
    2013-Mar
    Location
    localhost
    Posts
    41
    use wireshark for get thats packet , then sniff it , open armitage , scam the networking using nmap os detect 192.168.1.0/24 , u will have the attacker ip in local network , reattack him and its okay .

  4. #4
    Join Date
    2013-Nov
    Posts
    24
    If he/she is ARP spoof, run "arp -a". If your router IP resolves to a MAC already listed, then you are being MITM'ed. Also there is an ettercap plugin that can detect this.
    Visit my blog! PenTesting for Amateurs, by Amateurs -- Request your own tutorial, or send one to me to post.
    "thevanoutside" a Wordpress Blog!

  5. #5
    You can use these 2 scripts to detect MITM attacks. I don't take credit for either I just happen to have them both in my script collection.

    Link to script: http://vladz.devzero.fr/svn/codes/bash/mitm.sh


    Here's a link for a python version I just uploaded it for you guys called mitm_alert.py

    https://app.box.com/s/n2olxty9ma7vhokd72b5


    I pasted the bash script below for those who don't want to click the link. Don't worry I don't paste dumb links for AdFly or any of that ****. Hope this helps!



    #!/bin/bash
    # A fully customisable ARP spoofing detection script
    #
    # Copyright (C) 2008 vladz <[email protected]>
    #
    # This tool will prevent yourself against Man-In-The-Middle attacks. For
    # better usage run this script in a xterm:
    # $ xterm -e "/bin/bash mitm.sh"

    f="/proc/net/arp" # Dump file of the kernel ARP table
    t=5 # Time interval between two checks (in sec)
    m="- WARNING - MITM detected" # Alert msg displayed when MITM occurs
    d="+%y/%m/%d-%H:%M:%S" # Date format style

    while true; do
    sleep ${t}; awk '{if(x[$4]++) exit 1;}' ${f} || \
    { printf "*** At %s %s ***\n" "`date ${d}`" "${m}"; cat ${f}; }
    done
    Last edited by n1tr0g3n; 2014-01-17 at 09:05.

  6. #6
    Wireshark, will pick it up instantly.

Similar Threads

  1. Detect Network Hardware
    By Sp00n9 in forum Installing Archive
    Replies: 1
    Last Post: 2014-12-30, 18:33
  2. network-manager disconnects while doing MITM attack
    By br0k3ngl@55 in forum TroubleShooting Archive
    Replies: 0
    Last Post: 2014-01-26, 15:21

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •