En qoraalkeygii ugu dambeeyay ee ku saabsan ArpSpoofing dhowr ka mid ah ayaa xumaan muujiyay, qaarkood xitaa waxay badaleen furayaashooda Wi-Fi iyo e-maylkooda.
Laakiin waxaan kuu hayaa xal ka fiican. Waa codsi kuu oggolaanaya inaad ka hortagto noocan ah weerarka miiska ARP,
Waxaan idiin soo bandhigayaa ArpON.
Barnaamijkani wuxuu kuu oggolaanayaa inaad joojiso weerarrada nooca MTIM Iyada oo ARPS kufoofinta. Haddii aad rabto inaad soo dejiso:
Si loogu rakibo Debian waa inaad kaliya isticmaashaa:
apt-get install arpon
Hirgeli algorithms-yada soo socda:
- SARPI - Kormeer joogto ah oo ARP ah: Shabakado aan DHCP lahayn. Waxay isticmaashaa liistada soo-galka oo ma oggola in wax laga beddelo.
- DARPI - Kormeerka ARP ee Dynamic: Shabakadaha leh DHCP. Waxay maamushaa codsiyada soo galaya iyo kuwa baxaya ee ARP, waxay kaydisaa kuwa tagaya waxayna dejisaa wakhti loogu talagalay jawaabta soo socota.
- HARPI - Kormeerka ARP isku dhafan: Shabakadaha leh ama aan lahayn DHCP. Isticmaal laba liis isku mar.
Ka dib markii la rakibo, qaabeynta runtii waa mid aad u fudud.
Waxaan wax ka bedelnaa faylka ( / iwm / default / arpon )
nano /etc/default/arpon
Halkaas ayaan ku saxeynaa waxyaabaha soo socda:
Ikhtiyaarka dhigaya (RUN = »maya») Waxaan dhigay (RUN = »haa»)
Markaa waxaad kaxeeysaa khadka sheegaya (DAEMON_OPTS = »- q -f /var/log/arpon/arpon.log -g -s» )
Ku haray wax sida:
# Defaults for arpon initscript
sourced by /etc/init.d/arpon
installed at /etc/default/arpon by the maintainer scripts
You must choose between static ARP inspection (SARPI) and
dynamic ARP inspection (DARPI)
#
For SARPI uncomment the following line (please edit also /etc/arpon.sarpi)
DAEMON_OPTS="-q -f /var/log/arpon/arpon.log -g -s"
For DARPI uncomment the following line
DAEMON_OPTS="-q -f /var/log/arpon/arpon.log -g -d"
Modify to RUN="yes" when you are ready
RUN="yes"
Adiguna dib ayaad u bilaabi doontaa adeegga:
sudo /etc/init.d/arpon restart
Xiiso leh, laakiin waan jeclaan lahaa haddii aad wax yar sii socon lahayd si aad u sheegto sida barnaamijku u shaqeeyo, sida looga hortago weerarada. Waad ku mahadsantahay wadaagista Salaan ka timid Venezuela.
Waan taageersanahay mooshinka.
Marka labaad waan taageersanahay »
Waan taageersanahay taageerada.
hahaha, waan ku taageersanahay !!!
Waxaan rajeynayaa in mid kale imaan doonin !!
XD
Muy Bueno
Haddii shabakaddaydu tahay DHCP, miyaan ka murugoonayaa khadka DARPI?
Tan kale waxay tahay haddii PC-ga uu gaabis yahay, miyuu gaabiyaa haddii aan isticmaalo barnaamijkan?
gracias
Haa iyo maya. Waxaan isticmaalaa iskuxirka Wi-Fi, waxba igama taabto.
Mahadsanid, markaa ha isticmaalin ilo dheeri ah.
Aad u fiican, in runta la sheego.
Heer sare Sharaxaadda dhammaan hawlgallada waxyaalahan waa mid aad u dhib badan hal gelitaan ... Waxaan haystaa mid aasaasi ah oo aan sugayo ettercap, aan aragno haddii aan boodo 😀
Su'aal, waxaan hayaa wifi routerkeyga oo leh wps password, dhib badan ma qaadan doontaa?
Wps password? wps maahan meel lagu xirto, kaliya waa hab fudud oo login oo aan laheyn furayaal. Xaqiiqdii waa mid nugul.
Waxaan kugula talinayaa inaad curyaamiso wps-ka router-kaaga.
Miyaan amarka arp -s ip mac ee router-ka uusan sahlaneyn?
Haa dabcan, iyo haddii aad isticmaasho "arp -a" oo aad hubiso MAC marka aad aadeyso gelitaanka ...
Waxa layaabka leh ayaa ah inaad kuxirantay Gmail-ka casharka Spoofing-ka oo leh maamuuska http proto Ku soo dhawow dunida nabdoon, SSL waxaa lagu sameeyay borotokoolka bogga!
..markaas waxaa jira bogag sida Tuenti ah oo markii aad gasho, ay kuugu soo diraan macluumaadka adiga oo adeegsanaya http xitaa haddii aad ka soo gasho https, laakiin iyagu waa kuwo gaar ah ... xD
Ii sax haddii aan khaldanahay laakiin uma maleynayo inay lagama maarmaan tahay in la rakibo sofweer gaar ah si looga hortago weerarka noocan ah Waa ku filan tahay in la hubiyo shahaadada dhijitaalka ah ee serverka aan dooneyno inaan ku xirno.
Weerarkan, MIM (ninka dhexda jooga) kumbuyuutarka iska dhigaya adeegaha asalka ah awood uma lahan inuu sidoo kale iska dhigo shahaado dijitaal ah waxa ay qabatana waxay u badalaysaa isku xirnaan aamin ah (https) mid aan amaan aheyn (http). Ama ku beero astaan isku dayaysa inay si muuqaal ah ugu daydo waxa biraawsarkayagu na tusayo ee ku xirnaanta aaminka ah.
Waxaan ku iri: I sax haddii aan khaldanahay, laakiin haddii adeegsaduhu uu xoogaa yar u fiirsado shahaadada, wuu ogaan karaa weerarka noocan ah.
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part4.html
Hadda waxaan ku sameeyaa heerka iptables, kani waa mid ka mid ah sharciyada aan ku haysto darbigeyga.
Meesha $ RED_EXT, ay tahay barta uu kumbuyuutarku kaga xirmayo internetka eh $ IP_EXTER, waa cinwaanka IP-ga ee qalabka ilaalinaya uu leeyahay.
# Is-buufinta kahortaga (faafinta isha ip)
iptables -A INPUT -i $ RED_EXT -s $ IP_EXTER -m faallo –fahfaahin "Anti-MIM" -j DIIWAAN
iptables -GARIGAYLi -i $ RED_EXT -s 10.0.0.0/24 -m faallo –cabiraad "Anti-MIM" -j DIIWAAN
iptables -GARIGAYLi -i $ RED_EXT -s 172.16.0.0/12 -m faallo –cabiraad "Anti-MIM" -j DIIWAAN
iptables -GARIGAYLi -i $ RED_EXT -s 192.168.0.0/24 -m faallo –cabiraad "Anti-MIM" -j DIIWAAN
iptables -A GARGAARKA -i $ RED_EXT -s 224.0.0.0/8 -j DIIWAAN
iptables -A GARGAARKA -i $ RED_EXT -d 127.0.0.0/8 -j DIIWAAN
iptables -A GARGAARKA -i $ RED_EXT -d 255.255.255.255 -j DIIWAAN
Salaan
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part4.html
Oops, qof inuu tirtiro faaladan oo loo diray xD qaldan
Gacaliye wax ku ool ah oo qaali ah, laakiin waxaan hayaa su'aal dhow waxaan rajeynayaa inaad ka jawaabi karto:
Anigu waxaan maareeyaa serverka ipcop 2, sidaa darteed waxaan jeclaan lahaa inaan xakameeyo miisaska arp-yada caanka ah laakiin adeegu ma haysto kantaroolkan (sida mikrotik u sameeyo tusaale ahaan), ereyo kooban waxaan jeclaan lahaa inaan ogaado haddii aan rakibi karo ogaanshaha ayaa waxtar kuu leh u / o cons maadaama aan hadda galayo Linux iyo faa'iidooyinkiisa ... Waxaan rajeynayaa inaad iiga jawaabi karto, mahadsanid iyo salaan ...
Runtu waxay tahay inaanan waligay isku dayin ipcop2. Laakiin aniga oo ku saleysan Linux, waxaan u maleynayaa in aan awood u yeelan karo in aan maareeyo iptables si uun si aan uga fogaado in aan sameeyo weerarka noocan ah.
In kasta oo aad sidoo kale ku dari karto aqoonsi sida Snort si ay kaaga digtoonaadaan weerarradan.
(Jawaabta waan soo diray seddex jeer sababtoo ah ma arko waxa ka muuqda bogga, haddii aan qaldamayna raaligelin maxaa yeelay ma aqaan)
Cashar wanaagsan, laakiin tan ayaan helayaa:
sudo /etc/init.d/arpon dib u bilaw
Dib-u-bilaabida arpon (via systemctl): arpon.serviceJob ee arpon.service wuu fashilmay sababtoo ah nidaamka xakamaynta ayaa ka baxday koodh qalad ah. Eeg "systemctl status arpon.service" iyo "journalctl -xe" wixii faahfaahin ah.
fashilmay!