This week I have been learning about man-in-the-middle attacks. This section of my course started out with learning more about network discovery, including my first hands-on experience with Nmap as an actual user. First impressions of Nmap: it’s amazing how much data you can gather so simply. Just discovering which devices are visible and which ports are open is very powerful information. And then we get into the possibilities for exploiting that information!
Noodling around with MITMF is a lot of fun. With just a few short commands and plugins, I could do cool tricks in no time:
- ARP spoofing for my Kali VM to become the MITM
- DNS spoofing – I get to decide which pages the victim’s browser gets sent to
- Screenshotting – I see what the victim sees
- Keylogging – obfuscated password field? Not to me!
Two things really strike me here. First, once again I’m astounded by how little is done for security or at least security-consciousness. The above tricks were tested out using the MITM to turn HTTPS pages into HTTP. Of course that’s a huge security issue, but the user-facing warnings in the browsers – particularly to people not in IT and not interested in computers, like my parents for example – are easy to ignore. How likely are they to spot the missing padlock icon, how likely are they to even understand Firefox’s warning that the password field they are seeing is not secure?
Second, I’m always amazed by how powerful and excellent free open-source software can be. MITMF, and indeed Linux (and Kali as a subset) are all free and anyone can modify them, yet a simple video guide showing a few simple canned commands allow anyone to potentially access very sensitive data.
I think there will always be a game of cat-and-mouse, with major developers trying to construct more secure software and communication, and the open-source world finding the vulnerabilities and exploits. State actors will continue to try to exploit infosec vulnerabilities for snooping, and the open-source world will find ways to protect their data, for those with the will and know-how to do so. I used to play with VPN setups, and I found that one that I made based on SoftEther circumvented state censorship easily – very cool stuff with a day’s configuration of a spare server. Will the Great Firewall of China ultimately harm information security, or in the long term, will it lead to improving it?