Kali Linux: Top 5 tools for sniffing and spoofing
The network can be a valuable source of information and provides a wide range of potential attack vectors for a penetration tester. Sniffing network traffic can provide access to valuable intelligence, and spoofing traffic can enable a penetration tester to identify and exploit potential attack vectors.
Kali Linux is an operating system built for penetration testers and includes a large library of built-in tools. One of the tool categories within the Kali Linux operating system focuses on sniffing and spoofing network traffic.
Kali Linux tools for sniffing and spoofing
Kali Linux offers a long list of tools for sniffing and spoofing network traffic. These are some of the best sniffing and spoofing tools built into Kali.
1. Wireshark
Wireshark is one of the most well-known and commonly-used tools for sniffing and spoofing. Wireshark is a network traffic analysis tool with an extremely wide feature set.
One of the major differentiators of Wireshark is its large library of protocol dissectors. These enable the tool to analyze many common and uncommon protocols, break out the various fields in each packet and present them within an accessible graphical user interface (GUI). This makes it possible for users with even limited network knowledge to understand what they are looking at. On top of this, Wireshark also offers several different features for traffic analysis, including statistical analysis and the ability to follow network sessions or decrypt SSL/TLS traffic.
Wireshark is a valuable tool for sniffing because it provides deep visibility into network traffic, either from a capture file or a live capture. This can help with understanding the network layout, capturing leaked credentials and other activities.
2. Mitmproxy
In a man-in-the-middle (MitM) attack, the attacker interjects themselves into communication between a client and a server. All traffic that flows over that connection passes through the attacker, potentially enabling them to eavesdrop on the traffic and modify the data flowing over the network.
Kali Linux’s mitmproxy makes it easier to perform MitM attacks on web traffic. It allows on-the-fly capture and modification of HTTP traffic, supports client and server traffic replay, and includes the ability to automate attacks with Python. mitmproxy also supports the interception of HTTPS traffic with SSL certificates created on the fly.
3. Burp Suite
Burp Suite is a suite of several different tools for penetration testing. It is focused on the security analysis of web applications.
One tool in Burp Suite that is useful for sniffing and spoofing attacks is the Burp Proxy. Burp Proxy allows interception and modification of HTTP connections and offers support for HTTPS interception as well.
Burp Suite works on a freemium model. The basic tools are available for free, but attacks need to be performed manually without the ability to save work. Paying for a license provides access to a wider suite of tools (such as a web vulnerability scanner) and support for automation.
4. Sslstrip
SSL/TLS is a protocol that provides several useful security and privacy features. It encrypts network traffic and authenticates the server in an HTTPS connection. However, these features that are useful for an internet user are a nuisance for a penetration tester or other cyberattacker.
Sslstrip is a tool built into Kali Linux to help mitigate the impacts of SSL/TLS on sniffing and spoofing. Sslstrip monitors the traffic flowing over the network and looks for HTTPS links and redirects contained within HTTP pages. It then modifies the traffic to remap these links to similar HTTP URLs or homograph-similar HTTPS links.
The use of Sslstrip can provide a couple of different benefits to an attacker. Stripping SSL/TLS from web traffic or switching it to a URL under the attacker’s control makes it possible to sniff this traffic for valuable data. Additionally, the URL remapping performed by Sslstrip can redirect users to phishing sites, setting up a second-stage attack.
5. Zaproxy
The executable named Zaproxy on Kali Linux is OWASP’s Zed Attack Proxy (ZAP). Like Burp Suite, ZAP is a penetration testing tool designed to help with the identification and exploitation of vulnerabilities within web applications.
ZAP is a useful tool for sniffing and spoofing due to its ability to perform interception and modification of HTTP(S) traffic. ZAP provides a wide range of features and is a completely free option for performing these attacks.
The best Kali Linux tools for sniffing and spoofing
Kali Linux is a great operating system for penetration testers and network defenders alike. The sniffing and spoofing tools built into the operating system can be used to collect intelligence and test defenses for either offensive or defensive purposes. While the tools listed here are some of the most widely used, Kali Linux also includes a variety of other sniffing and spoofing tools that are worth a try as well.
Sniffer linux kali linux
Основная концепция инструментов для снифинга так же проста, как перехват данных. И Kali Linux имеет некоторые известные инструменты для этого. В этой статье вы узнаете об инструментах для снифинга и спуфинга, которые доступны в Kali Linux.
Burpsuite
Burpsuite может использоваться в качестве инструмента для снифигна между браузером и веб-сервером, для поиска параметров, используемых веб-приложением.
Чтобы открыть Burpsuite, перейдите в Applications → Web Application Analysis → burpsuite.
Чтобы настроить снифинг, мы настраиваем burpsuite для работы в качестве прокси-сервера. Для этого перейдите в раздел Options, установите чекбокс, как показано на следующем скриншоте.
В этом случае IP-адрес прокси-сервера будет 127.0.0.1 с портом 8080.
Затем настройте прокси-сервер в браузере, который и есть наш IP-адрес машины с burpsuite и порт, который был указан выше.
Чтобы начать перехват, перейдите в раздел Proxy → Intercept → нажмите “Intercept is on”.
Продолжайте пользоваться веб-страницей (сайтом) на которой вы хотите найти параметр для проверки на наличие уязвимостей.
В данном случае это хост с metasploit’ом с IP 192.168.1.102
Перейдите в раздел “HTTP History”. На следующем снимке экрана строка (отмеченная красной стрелкой) показывает последний запрос. В закладке Raw (исходный код) видны скрытые параметры: идентификатор сеанса, имя пользователя и пароль (подчеркнуты красным цветом).
Mitmproxy
mitmproxy с поддерживает SSL атаку MITM (человек-в-середине) с помощью прокси-сервера http. Утилита предоставляет собой консольный интерфейс, позволяющий сканировать потоки трафика и редактировать их на лету.
Для запуска, запустите терминал и напишите
Для получения доступных команд напишите
Для запуска MITM-прокси, напишите
И на порту 80 у нас будет слушать наш прокси.
Wireshark
Wireshark является одним из лучших анализаторов пакетов данных. Он анализирует пакеты на уровне кадра. Вы можете получить дополнительную информацию о Wireshark на официальном сайте: https://www.wireshark.org/.
В Kali Linux она находится в Applications → Sniffing & Spoofing → wireshark.
После запуска wireshark, перед нами появляется GUI.
Жмем “Start” и начинается захват пакетов на интерфейсе (показано ниже на скриншоте)
sslstrip
sslstrip это инструмент для MITM атаки это заставляет браузер жертвы общаться plain текстом по HTTP, и прокси изменяет содержимое, которое получено с сервера HTTPS.
https://адрес_сайта подменяется на http://адрес_сайта
Для открытия, перейдем в Applications → 09-Sniffing & Spoofing → Spoofing and MITM → sslstrip.
Настроим заворачивание трафика так, чтобы переслать все соединения с порта 80 на 8080.
Затем запустим sslstrip на том порту, который нам необходим (8080)
# sslstrip