Tải bản đầy đủ (.pdf) (13 trang)
  1. Trang chủ
    2. >>
  2. Công nghệ thông tin
    3. >>
  3. Bảo mật

Slide kiểm thử xâm nhập chương 4 1 capturing traffic

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (436.78 KB, 13 trang )

.c
om

cu

u

du
o

ng

th

an

co

ng

Capturing Traffic

CuuDuongThanCong.com

/>

.c
om

Contents


ng

 Networking for Capturing traffic

co

 ARP Cache Poisoning

cu

u

du
o

ng

th

an

 SSL Man-in-the-Middle Attacks

CuuDuongThanCong.com

/>

.c
om


1. Networking for Capturing traffic

co

 Layer one device of the OSI model.

ng

 Hubs Device:

an

 Send frames out on all ports including the port in

 Switches Device:

cu

u

 MAC address table

du
o

ng

th

which the frame was received on


 Switches provide separate collision domains on

each port

CuuDuongThanCong.com

/>

.c
om

Using Wireshark
 Wireshark is a graphical network protocol analyzer that lets us take a deep

co

ng

dive into the individual packets moving around the network.

th

an

 Wireshark can be used to capture Ethernet, wireless, Bluetooth, and many

cu

u


du
o

ng

other kinds of traffic

CuuDuongThanCong.com

/>

.c
om

2. ARP Cache Poisoning
 To capture traffic not intended for the Kali system, we need to find some

co

ng

way to have the relevant data sent to our Kali system.

th

an

 Perform a man-in-the-middle attack: redirect and intercept traffic between


cu

u

du
o

ng

two systems

CuuDuongThanCong.com

/>

.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com

/>


.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com

/>

.c
om

DNS Cache Poisoning
 We can poison Domain Name Service (DNS) cache entries (mappings

co

ng

from domain names to IP addresses) to route traffic intended for another

th

an


website to one we control.

ng

 We send a bunch of bogus DNS resolution replies pointing to the wrong IP

cu

u

du
o

address for a domain name

CuuDuongThanCong.com

/>

.c
om
ng
co
an
th
ng
du
o
u

cu
CuuDuongThanCong.com

/>

.c
om

3. SSL Man-in-the-Middle Attacks
 The goal of SSL is to provide reasonable assurance that any sensitive

co

ng

information transmitted between a user’s browser and a server is secure -

cu

u

du
o

ng

th

an


unable to be read by a malicious entity along the way.

CuuDuongThanCong.com

/>

cu

u

du
o

ng

th

an

co

ng

.c
om

How SSL work

CuuDuongThanCong.com


/>

cu

u

du
o

ng

th

an

co

ng

.c
om

How SSL work

CuuDuongThanCong.com

/>

cu


u

du
o

ng

th

an

co

ng

.c
om

SSL Man-in-the-Middle Attacks

CuuDuongThanCong.com

/>


Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×