Burpsuite is undeniably one of the best web application penetration testing tools available today. The tool has been built in java and comes with various extension for detecting, testing and confirming various vulnerabilities. Mostly, these extensions are built in jar, python or jython.
What’s an MITM Attack :
Men In The Middle (MITM) attack is carried out by an Intruder in the network whose purpose is to eavesdrop or to impersonate other communication over the network. An MITM attack can be explained in detail by understanding the following image
In the above given example, Peter is the Man who performs this MITM attack. Peter intercepts the network traffic and manipulates the data by his own for his personal gains. Intercepting the network traffics can be done in many ways. Few common methods are listed below :
- ARP Spoofing – Address Resolution Protocol (ARP) spoofing is done by linking the attacker’s MAC address with the Victim’s IP address by fake ARP messages and by forwarding it to the application, the data of the victim is transmitted to the atatcker who had impersonated the Victim’s IP.
- IP spoofing – where the attacker where the attacker impersonated the IP address of either the victim or the application. If he impersonates the Victim’s IP, he can gain the victim’s data by making an forged request to the application with the spoofed IP address of victim and vice versa.
- DNS Spoofing – where a illegitimate DNS is injected into the DNS cache causing the name server to return an incorrect result
- SSL Stripping – when a attacker downgrades the Vicitm’s HTTPS browsing to HTTP
- SSL Beast
- SSL Hijacking
- HTTPS spoofing
How to Perform MITM Attack using Burpsuite to Intercept SSL passwords :
Inorder to intercept SSL credentials using burp suite, we must perform ARP poisoning in our network using Ettercap. In general, ARP poisoning is an attack carried out to spoof ARP messages flowing through the network enabling the attacker to intercept the passing data. To enable routing, open terminal and type
echo 1 > /proc/sys/net/ipv4/ip_forward
To start ARP poisoning attack over your LAN, type
ettercap -i wlan0 -T -q -M ARP ///192.168.1.1///
Alright, ARP poisoning part is over which allows us to intercept the network data. Now, let’s go to configure Burp suite. In burp, Under Proxy>Options>ProxyListerners, click on “Add” button and bind with port 443. Make sure that the “invisible” box is checked.
Now, everything is almost set. All we have to do now is running the DNS spoofing attack over our network. To start DNS spoofing over your interface, type
dnsspoof -i wlan0
After setting up the DNS spoof, get back to Burp Suite and Turn ON “Intercepting”
Boom! That’s it. All the HTTP & HTTPS request made by the victim can be intercepted through the burp suite. All we have to do now is sit back and wait for the victim to make his own dumb move. Whenever he makes a POST or GET reuqest, his request will be captured and displayed in the Burp suite.
To download Burpsuite for windows, Follow the link : http://gestyy.com/wPcYEF