Project: Man-in-the-middle attack
This is our final project for Introduction to System Security course (CT222). In this project, we created a fake public access point to attract naive users. When they connect to our WLAN, we use DNS spoofing and Proxy hijacking technique to monitor their HTTP and HTTPS request. Both of them use DHCP.
1. DNS spoofing
DNS spoofing topology diagram (see dns.pkt in the attachments)
We configured a DHCP server, may be a wireless router or a computer. This server assign dynamic IP for victims' devices, included IPv4 address, netmask, default gateway and DNS server (attacker's server which has been configured DNS to redirect victims' connection to fake web server).
2. Proxy hijacking
Proxy hijacking topology diagram (see proxy.pkt in the attachments)
Instead of configure a DNS server, we configured a proxy server (which was run mitmproxy service and forward feature was enabled in iptables). DHCP server assign IP for victims, the default gateway is not the wireless router, it is attacker's proxy server.
Conclusion
We need to be careful when using public Wi-Fi for important transactions such as signing in our accounts, banking,...