Shulou(Shulou.com)06/01 Report--

This article is a recent study of some notes.

Now there are free wifi everywhere and friends bowing their heads to play with mobile phones. What would happen if you sniffed it with ettercap? Here are the results of the test on your own computer. Find an opportunity to go to shopping malls and cafes for field testing.

In fact, it is to use ettercap's arp spoofing function to achieve the simplest MITM (middleman) *. Of course, MITM*** has many other methods, such as sniffing about the ssl protocol and cheating based on DNS, which has not been covered in this article, so let's write about it later.

The basic grammar and usage of ettercap can be found in http://www.2cto.com/Article/201301/183322.html Magi Google search, so I won't repeat it here. My test environment is that the address of a mobile phone (Samsung, Android 4.1.2) is 192.168.1.103, the gateway (wireless AP) is 192.168.1.1, and my ip is 192.168.1.106 (actually not important). What I want to achieve is to break the connection between Samsung phone and AP, so that their packets are forwarded locally and sniffed as follows:

Ettercap-I eth0-Tq-M arp:remote / 192.168.1.103 / / 192.168.1.1 /

The meanings of the main parameters are as follows:

-T: text mode (- G is the graphical interface)

-Q: quiet mode. You don't have to display the data of each packet. If you smell the password, you will OK.

-M: method, arp:remote (another option is bridging, so I won't try it here)

/ /: it is written to represent the destination, MAC address / ip/ port

Enter the sniffing mode after running, as follows:

Then, I used my phone to do a series of network operations. When I ran the e-mail program that comes with my Android phone, I successfully sniffed the clear text of the user name and password of mailbox 126 (this vulnerability is scary):

What other programs will be sniffed for interesting data? OK, followed by a famous stock speculation software, also uses get when logging in, sniffing the result: the user name is plaintext, the password is MD5, and you can log in directly to the official website with the restored user name and password.

When the Android client is running on Taobao, you can also sniff out the user name, the password does not appear in clear text, and the meaning of the token value has not been studied in depth:

After a simple test, only the above interesting results were found. Of course, another interesting thing is to use driftnet-I wlan0 to sniff. You can see Wechat moments and images sent to friends. It is said that some students use them to sniff MM photos.

In fact, the MITM principle can achieve many interesting functions, so try something else next time.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.