Pppoe sessions are divided into discovery and session phases. We have implemented the pppoe session before the attack in the discovery phase. The problem arises: In the session phase, we impersonate a server and establish a complete discovery phase with the client, in addition, suitable NCP negotiation in the session phase is provided. When the password is verified, the client sends the plaintext password. Can you obtain the complete client username and password?
I have not done this experiment. I searched for the scapy manual and did not find the data package packaging function in the session phase. So I did not study it, But scapy does. If you are interested, you can study it.
Wireshark captures the plaintext password in the pppoe session phase as follows:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4D/96/wKiom1RUKmfjqKpjAAlyIV_rncU458.jpg "Title =" qq201411020.3311.png "alt =" wkiom1rukmfjqkpjaalyiv_rncu458.jpg "/>
This article is from the "Python applet" blog, please be sure to keep this source http://mdh6789.blog.51cto.com/7270513/1570622
Pppoe attack 6: Session attack ideas