The Implementing Network-level Session Hijacking module provides you with the instructions and devices to develop your hands-on skills in the following topic:
Performing man-in-the-middle (MITM) attack
Lab time: It will take approximately 1 hour to complete this lab.
The following objective is covered in this lab:
- Session hijacking
Exercise 1 - Performing Man-in-the-Middle (MITM) Attack
Session hijacking is an attack on the user sessions in a network by the attackers or data hijackers. An attacker can employ various session hijacking techniques and gain easy access to critical and sensitive session data. Session hijacking can happen at two levels. These are as follows:
Application level: To hijack the data, the attackers can steal the valid session IDs of the existing user sessions or create new unauthorized sessions. Network level: The attackers intercept and tamper the data packets transmitted between the client and the server in a network. There are various techniques of session hijacking at the network level such as Transmission Control Protocol (TCP) hijacking, User Datagram Protocol (UDP) hijacking, Man-in-the-Middle (MITM) attack, and so on. In MITM attack, the attacker sits in between the victim and the server in the network. The attacker runs a packet sniffing application to sniff all the data packets flowing between the victim and the server. Thus, the attacker can gain unauthorized access to sensitive data such as user credentials. One of the techniques to perform MITM attack is through Address Resolution Protocol (ARP) spoofing.
In this exercise, you will perform MITM attack using ARP spoofing to implement network-level session hijacking. For the purpose of this demonstration, PLABSA01 is the server, PLABWIN10 is the victim, and PLABKALI01 is the attacker. You will use Ettercap as the packet sniffing application on PLABKALI01.