"To know your enemy, you must become your enemy." | ||
| --Sun Tzu, Art of War | ||
As a penetration tester, it is important to know the advanced attacks a hacker can do, even if you might not check or demonstrate them during a penetration test. This chapter is dedicated to showing how a hacker can conduct advanced attacks using wireless access as the starting point.
In this chapter, we will take a look at how we can conduct advanced attacks using what we have learned so far. We will primarily focus on the man-in-the-middle attack (MITM), which requires a certain amount of skill and practice to conduct successfully. Once we have done this, we will use this MITM attack as a base from which to conduct more sophisticated attacks such as Eavesdropping and session hijacking.
In this chapter, we will cover the following topics:
- MITM attack
- Wireless Eavesdropping using MITM
- Session hijacking using MITM
MITM attacks are probably one of the most potent attacks on a WLAN system. There are different configurations that can be used to conduct the attack. We will use the most common one—the attacker is connected to the Internet using a wired LAN and is creating a fake access point on his client card. This access point broadcasts an SSID similar to a local hotspot in the vicinity. A user may accidently get connected to this fake access point (or can be forced to via the higher signal strength theory we discussed in the previous chapters) and may continue to believe that he is connected to the legitimate access point.
The attacker can now transparently forward all the user's traffic over the Internet using the bridge he has created between the wired and wireless interfaces.
In the following lab exercise, we will simulate this attack.