Skip to content

Functional Overview

Jump to bottom Edit New page
drraid edited this page Sep 13, 2010 · 2 revisions

Project Brief

  • Linux-centric
  • Provide a set of functions useful for staging MITM attacks
  • Provide a set of functions for managing MITM attacks

The general goal of libpoison is be a unified library for both the packet injection as well as connection and routing management
for MITM attacks. This stems from a desire to write applications which can perform MITM and update routing/firewall rules of the
attacker’s system without calling external programs via system(), execve(), etc.

Staging Attacks

  • Manipulation of ARP to gain MITM
    • Poisoning ARP tables – various methods
    • Race condition (for lack of better term) to ARP requests
    • Flooding out switch CAM tables; sniffing capacity
  • Manipulation DHCP
    • Offering a DHCP server where none is present
    • Race condition (for lack of better term) to DHCP requests
    • Brute force DHCP lease exhaustion (eliminates the “race condition”)
  • Manipulation of DNS
    • Offering DNS to owned victims (this also fits into “MITM Management” below)
    • Race condition response to sniffed DNS requests (not exactly MITM)

MITM Management

  • Routing table manipulation
  • Netfilter manipulation
    • Manage IP forwarding of victims
    • Allow the attacker to maintain existing netfilter rules (not lose their firewall rules)
  • DNS server for owned victims
  • Socket descriptors for MITM connections
  • Network state reset (resume network state prior to MITM)
Add a custom footer
Add a custom sidebar
Clone this wiki locally