OSiUX · @osiux
153 followers · 143 posts · Server rebel.ar
Entendiendo la red: topologĂas, protocolos y comandos de ejemplo para diagnosticar problemas básicos
#ARP #Blog #Consola #DHCP #DNS #dsniff #ICMP #IP #namp #Network #ssh #SysAdmin #TCP #tcpdump #Terminal #traceroute #tshark #tty #UDP
#arp #blog #consola #dhcp #dns #dsniff #icmp #ip #namp #network #ssh #sysadmin #tcp #tcpdump #terminal #traceroute #tshark #tty #udp
Jasey DePriest (she / her) :donor: · @jrdepriest
60 followers · 475 posts · Server infosec.exchange@reswob
I'm going to summarize.
This really good write up on how to use simple, readily available tools to perform good security research. And it is written in such a way that even a beginner could follow it.
They used #kalilinux, specifically #wireshark, #scapy, and an arpspoof #python script (there are tools in Kali that can do this for you like #dsniff or #ettercap, but they probably did not need something that full featured).
They debugged the protocol to figure out where the PSI values were stored and then built a MiTM script, also in python, that could manipulate embedded data in either direction or both directions.
Simplest fix is "encrypt your protocol".
#kalilinux #wireshark #scapy #python #dsniff #ettercap