Windows Platform LAN hijacking test tool –evilfoca

Brief introduction

Security testing tools may be offensive, please be careful for safe teaching and learning purposes, prohibit illegal use!

Evilfoca is a lightweight hijacking test tool based on the. NET framework under the Windows environment. Compared to the complex commands under backtrack and Kali_linux, the evilfoca is smaller, lighter and simpler, but its effect is much more efficient.

Preparatory work

Logo:

The logo is a bit cute ...

Official website: http://www.informatica64.com/evilfoca/
Download: http://www.informatica64.com/evilfoca/download.aspx (need to fill in the email, download link will be sent to the mailbox), the NET framework is essential
: http://www.microsoft.com/zh-cn/download/details.aspx?id=21

Begin

According to the official Evil Foca (Alpha version) introduction

1. In the IPV4 environment, the man-in-the-middle attack through ARP spoofing and DHCP ACK injection 2.    In the IPV6 environment, through the neighboring network deception, SLAAC attack, forged DHCPV6 to carry out the man-in-the-middle attack 3.    IPV4, Dos attacks through ARP spoofing 4.    IPV6, the DOS5 is carried out through the SLLAAC attack. DNS Hijacking

Undoubtedly in the IPV6 network environment hijack is the biggest bright spot.
Because of the network environment, we can only demonstrate >_< under IPV4.

Will specifically demonstrate DNS hijacking and cookie hijacking within the LAN.

This is the new version of the Evilfoca interface, the windowing is convenient, concise, followed by IS because of the stupid type was sprayed.

Select the connection type, Ethernet or WLAN via the menu configuration under interface.

This will automatically scan out all the machine IP address and gateway, of course, you can also add IP, here we 10.18.43.209 this machine as a victim.

With 10.18.43.209 as the victim, 10.18.43.208 as the attacker, 10.18.43.254 is the gateway, 10.18.43.204 is the local dangerous Page.

In the MitM iPv4 directory, fill in the Gateway GateWay10.18.43.254 and Target 10.18.43.209 respectively, click Start to determine the arpspoofing is active.

Under the DNS Hijacking menu, fill in the request for hijacking of the domain name baidu.com, and turn to ip10.18.43.204 both dangerous page,wildcard represents hijacking all domain names.

At this time the victim's machine Baidu page has turned to dangerous page,ping point 10.18.43.204.

Also we can only do ARP spoofing, through Wireshark packet analysis, hijacking cookies. The above is hijacked QQ data.

DHCP ack pollution, can forge DNS and gateways to local as the entire LAN gateway, need to turn on IP routing, click Start, will intercept the entire LAN packet, the entire LAN will be within the control.

As for DOS, just choose the IP of the attack, so we can only go through.

About testing under IPV6, the author showed up at the 2013 Defcon Conference

Video: Https://www.youtube.com/watch?v=327mt5igHVQ

Summarize

Evilfoca Although the graphical operation is simple and convenient, compared to the Linux command-style operation, more suitable for beginners, but we are not limited to the use of pure, only with a variety of tools to play its maximum value, such as Sslstrip,wireshark,hamster ...

And for the local Area network defense, how to avoid being hijacked? Careful connection of insecure LAN, pay more attention to SSL certificate, modify the correct hosts can also be avoided.

Windows Platform LAN hijacking test tool –evilfoca