WOW! FRIDAY Network Club was RAD!
Minds blow by Friday Network Club. we’re learning all about some sweet networking tools and tricks. Thanks Samy!
“so many insecurities. and, so many people haven’t thought of. you should think about this.” —Samy
next time:
fuzzing
transparent mitm
start here:
http://www.charlesproxy.com/
airport -s is sweet for osx. find it here:
sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport
oui database for mac addresses to vendor
xss bugs in routers
cross site scripting via iframes
to find you without location check
google can still find you without the street view cars
androids might be sniffing locations
enter ssl man-in-the-middle (mitm)
tcpdump
understand this: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
fire sheep came out to force everyone to start using ssl and browsers started making things trickier. enter charles. charles will create a cert.
CAs in your phone keep you from mitm. you can install your own charles cert:
http://samy.pl/x.crt
great public dns 8.8.8.8
sudo tcpdump -i en0 -n port 53
nslookup chase2.com
hub we see everything
arp spoofing will allow you to see other wireless traffics
arp -na
apple is tracking your ass every time you are on a network:
http://apple.com/library/test/success.html
starbucks is always att-wifi
setup your pc to act like ssid: att-wifi with a second wifi card and sharing
nothing is secure. just assume it.
ngrep is network grep
ngrep -d en1 crashspace
-x hex
be mindful of the datatype / encoding
and regex! cr.shsp[aei]\w
nslookup blog.crashspace.org
http://samy.pl/3.pl to convert to 3
arpspoof via dsniff
perl imll of cross platform networking and injection:
http://samy.pl/packet
checkout arp requests
sudo tcpdump -i en0 arp
nmap as port scanner. ping everyone:
nmap -sn 172.16.16.0/24
view raps
arp -na|grep -v incomplete
send arp to spoof router
use ipfw (available on all os)
http://samy.pl/tools/ipfwd
find other super cool stuff for this and productivity
http://samy.pl/tools
learn a shit load from TCPIP illustrated volume 1
arm frame and dive into rfcs with google
arpspoof -i en -t 172.16.16.143 172.16.16.1
prevent with static arp routes
pcap files record packets. the ngrep can read em later. or you can replay them.
homework: redsocks