1
00:00:00,270 --> 00:00:07,230
Hello everybody and welcome back and let us explain a theory what the attack this will be performing

2
00:00:07,470 --> 00:00:12,180
is actually so we covered in the previous video what our protocol is.

3
00:00:12,180 --> 00:00:17,450
And I also said that the our protocol is the fundamental of the man in the middle attack.

4
00:00:17,520 --> 00:00:24,140
Now the man in the middle attack basically starts off with something called the ARP spoofing.

5
00:00:24,150 --> 00:00:31,740
Now the ARP spoofing is basically the same if you want to look at it for example the MAC address spoofing

6
00:00:31,800 --> 00:00:36,380
is us changing our mac address to someone else's MAC address.

7
00:00:36,390 --> 00:00:42,210
The ARB spoofing would be us pretending to be to be someone we are not.

8
00:00:42,210 --> 00:00:51,940
So let me just open up a patent right here and let us draw our simple victim P.C. right here.

9
00:00:51,980 --> 00:00:54,300
So this is a victim P.C.

10
00:00:57,810 --> 00:01:07,360
let's say this right here is our router and this is our Kelly Linux machine.

11
00:01:07,380 --> 00:01:11,330
So we are the attacker and now we know.

12
00:01:11,330 --> 00:01:14,830
Let me just finish this screen right here.

13
00:01:14,900 --> 00:01:19,360
I will select it with a so you know that this is the attacker machine.

14
00:01:19,400 --> 00:01:21,870
And now we know what the ARP uh protocol is.

15
00:01:21,920 --> 00:01:27,570
So in order for this fix to proceed P.C. to communicate with the rotor it has to know its MAC address.

16
00:01:27,680 --> 00:01:30,530
So that's how they communicate.

17
00:01:30,530 --> 00:01:38,230
So basically the SPC knows to who to send the packet for the Internet user once it finds out the routers

18
00:01:38,240 --> 00:01:43,700
MAC address so it knows then that it should send the packet to be water in order for it to continue

19
00:01:43,700 --> 00:01:44,770
to the Internet.

20
00:01:44,840 --> 00:01:47,770
So the packets go or something like this.

21
00:01:47,810 --> 00:01:54,440
And then the router once it uh once it receives the packet from the victim it forwards it to the Web

22
00:01:54,440 --> 00:01:57,310
site or to other machine wherever the packet.

23
00:01:57,320 --> 00:02:03,590
This is going to once the other machine or the other packet from the Internet receiver sends the answer

24
00:02:03,830 --> 00:02:10,130
The writer then says Oh this is the answer for or basically this is the answer for this big time machine

25
00:02:10,130 --> 00:02:10,660
right here.

26
00:02:10,670 --> 00:02:13,490
And it sends the response back.

27
00:02:13,490 --> 00:02:16,130
So this is your normal connection works.

28
00:02:16,350 --> 00:02:22,160
Basically the the basic connection between DB and P.C. and the water and then between the router and

29
00:02:22,220 --> 00:02:29,310
a certain Web site and then they are sent back and forth the responses and requests.

30
00:02:29,330 --> 00:02:33,150
Now let me just how can I undo this.

31
00:02:34,170 --> 00:02:37,170
So that was a normal connection.

32
00:02:37,170 --> 00:02:43,290
Now once you run the arms poor thing it means that you actually pretend to be someone who you're not.

33
00:02:43,620 --> 00:02:52,720
So we modify the art packets and we send to the router that the basically D MAC address of the victim

34
00:02:52,730 --> 00:03:01,690
b c is our mac address and we send to the victim that the MAC address over alter is our mac address.

35
00:03:01,690 --> 00:03:02,900
Now what I mean by that.

36
00:03:02,910 --> 00:03:03,490
Once the.

37
00:03:03,510 --> 00:03:09,590
For example this P.C. sends a not request for to find out where the water is.

38
00:03:09,630 --> 00:03:16,980
We basically send that victim b c and r reply and we say the router is at my mac address and then this

39
00:03:16,980 --> 00:03:23,160
victim P C will think that we are defaulter and therefore all of its packets it will send to us from

40
00:03:23,160 --> 00:03:29,850
then and then we can filter these packets or we can see these packets we can basically see what the

41
00:03:30,240 --> 00:03:38,160
victim has sent and also if you were to only do this if you were to only spoof the victim or basically

42
00:03:38,160 --> 00:03:43,380
first it all is the router you wouldn't be able to forward the packets so you need to pull both the

43
00:03:43,380 --> 00:03:45,470
victim and both voter.

44
00:03:45,540 --> 00:03:49,390
So after this uh you need to spoof as well.

45
00:03:49,410 --> 00:03:51,480
The Democrat address of the victim.

46
00:03:51,510 --> 00:04:00,480
So once the reporter says who is the at this IP address of this victim to reply with the MAC address

47
00:04:00,480 --> 00:04:02,520
of that IP address is me.

48
00:04:02,580 --> 00:04:09,990
So basically instead of the connection going like this to the router it goes to us and then from us

49
00:04:09,990 --> 00:04:15,450
to the router and then router sends it to some web website and receives the packet back.

50
00:04:15,450 --> 00:04:20,130
And since it is spoofed with our protocol now router things we are the victim.

51
00:04:20,130 --> 00:04:21,890
P.S. And it you send a packet loss.

52
00:04:21,930 --> 00:04:28,020
So it again sends it back to us and forward the request back to the reply back to the victim.

53
00:04:28,030 --> 00:04:31,690
P.S. so the victim P C doesn't notice anything.

54
00:04:31,890 --> 00:04:37,620
Only maybe a little bit slower connection and we can read all of the packet that are flowing between

55
00:04:37,620 --> 00:04:38,570
these two.

56
00:04:38,700 --> 00:04:47,220
So for example if the SBC was to logging on to an ATP website with a log in user name and password we

57
00:04:47,220 --> 00:04:50,220
would be able to see that in plain text

58
00:04:53,010 --> 00:04:56,550
so that is the basic idea of the man in the middle attack.

59
00:04:56,550 --> 00:04:59,520
Now you can do a lot of things which we will cover.

60
00:04:59,520 --> 00:05:04,970
For example you can switch the downloading files in the process of downloading them.

61
00:05:05,040 --> 00:05:06,410
You can also do the show.

62
00:05:06,420 --> 00:05:08,580
You can also catch a screenshot from the victims.

63
00:05:08,580 --> 00:05:10,280
P.S. your mobile phone.

64
00:05:10,440 --> 00:05:16,080
You can also do all sorts of things for example with their images or basically switch their images or

65
00:05:16,140 --> 00:05:22,080
redirect them to a certain websites to some evil websites that you hosted or basically anything you

66
00:05:22,080 --> 00:05:22,970
want.

67
00:05:23,070 --> 00:05:29,610
You can also try to run some of the script attacks the feed to sends it to the website to some kind

68
00:05:29,610 --> 00:05:31,390
of a website.

69
00:05:32,310 --> 00:05:38,940
You can also just inspect the packets and not do anything and hope that the victim will log in on some

70
00:05:38,940 --> 00:05:44,870
page that you can inspect packets in know the.

71
00:05:45,110 --> 00:05:49,760
There is one thing that we need to also know that there is in NC DP s website.

72
00:05:49,770 --> 00:05:57,890
So for example if the victim right here wanted to visit an agent CPS Web sites while it while being

73
00:05:57,950 --> 00:06:03,550
Arps post the HDP s back it would go to us and then to the voter.

74
00:06:03,690 --> 00:06:04,740
But since then.

75
00:06:04,940 --> 00:06:10,760
But because of the design of the CPS we will not be able to read the packet in plain text.

76
00:06:10,760 --> 00:06:18,080
Now if the CPS is running on as a cell we can perform the SSL strip and if the entity PSC is running

77
00:06:18,080 --> 00:06:24,980
on DL s or basically lets say this victim wanted to connect to be Facebook and type in username and

78
00:06:24,980 --> 00:06:31,820
password we would not be able to see that username and password in plain text since Facebook is running

79
00:06:32,420 --> 00:06:40,850
on the MLS and we cannot decrypt the MLS so we will only be able to do this on as TTP websites and see

80
00:06:40,850 --> 00:06:48,340
the passwords in plain text and on some HDP s websites that we can perform as the s trip on so that

81
00:06:48,340 --> 00:06:51,660
will be about data for the theory behind this attack.

82
00:06:51,760 --> 00:06:58,150
So we will cover some of the basics later on and will also perform some of this with it and try to do

83
00:06:58,150 --> 00:07:05,350
a bunch of other things such as switching pictures on the website redirecting capturing of usernames

84
00:07:05,350 --> 00:07:07,270
and passwords and so on and so on.

85
00:07:08,080 --> 00:07:12,540
Now that would be about it for this lecture.

86
00:07:12,930 --> 00:07:17,760
We will continue with demanding terminal attack in the next one and I hope I see you there.

87
00:07:17,980 --> 00:07:18,170
By.