1
00:00:00,080 --> 00:00:00,930
In this lesson,

2
00:00:00,930 --> 00:00:03,690
we're going to cover the concept of an on-path attack.

3
00:00:03,690 --> 00:00:04,770
Now, an on-path attack

4
00:00:04,770 --> 00:00:06,420
is an attack where the penetration tester

5
00:00:06,420 --> 00:00:08,490
is able to put their workstation logically

6
00:00:08,490 --> 00:00:10,650
between two hosts during the communication

7
00:00:10,650 --> 00:00:12,750
in order to transparently capture, mod,

8
00:00:12,750 --> 00:00:15,600
and relay the communications between those hosts.

9
00:00:15,600 --> 00:00:17,010
By placing themselves in the path

10
00:00:17,010 --> 00:00:18,630
between the server and the client,

11
00:00:18,630 --> 00:00:20,760
the attacker can intercept the authorization packets

12
00:00:20,760 --> 00:00:21,960
being sent and received,

13
00:00:21,960 --> 00:00:24,270
and then use those to take over the authorized session

14
00:00:24,270 --> 00:00:26,400
between that client and the server.

15
00:00:26,400 --> 00:00:28,740
Now, there are many different ways of conducting an on-path

16
00:00:28,740 --> 00:00:30,450
or interception type of attack,

17
00:00:30,450 --> 00:00:32,820
including ARP poisoning, DNS poisoning,

18
00:00:32,820 --> 00:00:34,740
introducing a rogue wireless access point,

19
00:00:34,740 --> 00:00:37,140
or introducing a rogue hub or switch.

20
00:00:37,140 --> 00:00:38,610
From the attacker's perspective,

21
00:00:38,610 --> 00:00:41,160
once an on-path or interception attack has begun,

22
00:00:41,160 --> 00:00:43,200
they can really decide to either use a replay

23
00:00:43,200 --> 00:00:45,120
or relay type of attack.

24
00:00:45,120 --> 00:00:46,500
Now, a replay of the data

25
00:00:46,500 --> 00:00:48,900
occurs when valid data is captured by the attacker

26
00:00:48,900 --> 00:00:50,280
and then is repeated immediately

27
00:00:50,280 --> 00:00:52,620
or is delayed and then repeated.

28
00:00:52,620 --> 00:00:55,560
A replay is a common technique in wireless network attacks,

29
00:00:55,560 --> 00:00:57,900
but it can also be used in wired networks, too.

30
00:00:57,900 --> 00:01:00,360
For example, if we capture an authentication handshake

31
00:01:00,360 --> 00:01:01,410
between two hosts,

32
00:01:01,410 --> 00:01:03,600
we can then replay it to the authentication server,

33
00:01:03,600 --> 00:01:05,880
so it thinks that we are the authenticated client too,

34
00:01:05,880 --> 00:01:08,730
and it'll give us access to the network or its resources.

35
00:01:08,730 --> 00:01:10,290
A relay attack, on the other hand,

36
00:01:10,290 --> 00:01:11,490
will occur when the attacker able

37
00:01:11,490 --> 00:01:13,080
to become part of the conversation

38
00:01:13,080 --> 00:01:15,120
by inserting themselves in between two hosts

39
00:01:15,120 --> 00:01:16,290
that are communicating.

40
00:01:16,290 --> 00:01:18,720
In this case, the attacker essentially becomes a proxy

41
00:01:18,720 --> 00:01:19,860
between the two hosts,

42
00:01:19,860 --> 00:01:21,870
and they can read or modify any communications

43
00:01:21,870 --> 00:01:23,250
going between them.

44
00:01:23,250 --> 00:01:24,330
When this occurs,

45
00:01:24,330 --> 00:01:26,280
anytime the client tries to get to the server,

46
00:01:26,280 --> 00:01:28,200
it's first going to go over to the attacker,

47
00:01:28,200 --> 00:01:30,630
and then, from the attacker to the server.

48
00:01:30,630 --> 00:01:33,090
From this position in the middle, we can capture everything

49
00:01:33,090 --> 00:01:34,770
that's being sent between the two hosts,

50
00:01:34,770 --> 00:01:36,780
including things like usernames, passwords,

51
00:01:36,780 --> 00:01:38,370
and even bank balances.

52
00:01:38,370 --> 00:01:41,070
We can even change the data if we desire to, as well.

53
00:01:41,070 --> 00:01:42,870
For example, if there's a client device

54
00:01:42,870 --> 00:01:44,850
trying to log into an online bank's website

55
00:01:44,850 --> 00:01:46,290
to conduct a transaction,

56
00:01:46,290 --> 00:01:48,390
you may be able to put yourself between the client device

57
00:01:48,390 --> 00:01:50,400
and the server using a relay attack

58
00:01:50,400 --> 00:01:53,280
if you're a penetration tester or a malicious hacker.

59
00:01:53,280 --> 00:01:55,050
Then, you could modify the transaction

60
00:01:55,050 --> 00:01:56,310
that's being requested.

61
00:01:56,310 --> 00:01:58,230
Let's pretend the client logs into the website

62
00:01:58,230 --> 00:02:00,630
and they initiate a transaction to transfer $50

63
00:02:00,630 --> 00:02:03,540
to their account numbered 12345.

64
00:02:03,540 --> 00:02:04,530
Now, if the attacker is able

65
00:02:04,530 --> 00:02:06,690
to get in between that communication session,

66
00:02:06,690 --> 00:02:09,090
they could modify the data being sent in those packets,

67
00:02:09,090 --> 00:02:11,550
so it now says to transfer $5,000

68
00:02:11,550 --> 00:02:13,890
to the account number 67890,

69
00:02:13,890 --> 00:02:16,320
which may be an account that they own themselves.

70
00:02:16,320 --> 00:02:18,180
Now, when the bank receives the request,

71
00:02:18,180 --> 00:02:20,310
they believe it came from the authorized client,

72
00:02:20,310 --> 00:02:21,840
and so the money's going to be moved

73
00:02:21,840 --> 00:02:23,250
into that attacker's account,

74
00:02:23,250 --> 00:02:25,230
and not going into your own account.

75
00:02:25,230 --> 00:02:27,240
By conducting this kind of a relay attack,

76
00:02:27,240 --> 00:02:29,640
the attacker will be able to breach both the confidentiality

77
00:02:29,640 --> 00:02:31,590
and the integrity of this transaction

78
00:02:31,590 --> 00:02:33,900
because they can now see the transaction being requested

79
00:02:33,900 --> 00:02:35,640
that violated the confidentiality,

80
00:02:35,640 --> 00:02:36,720
and they're able to change

81
00:02:36,720 --> 00:02:39,090
or modify the requested amounts and account numbers,

82
00:02:39,090 --> 00:02:41,940
which is a violation of the transaction's integrity.

83
00:02:41,940 --> 00:02:43,590
Remember, an on-path attack

84
00:02:43,590 --> 00:02:45,150
can involve getting the information

85
00:02:45,150 --> 00:02:46,620
and then either passing it on directly

86
00:02:46,620 --> 00:02:48,090
using a replay attack,

87
00:02:48,090 --> 00:02:50,400
or the attack can intercept it, change it,

88
00:02:50,400 --> 00:02:53,040
and then pass it on using a relay attack.

89
00:02:53,040 --> 00:02:55,380
The big challenge though, with replay and relay,

90
00:02:55,380 --> 00:02:58,170
occurs when encryption is being enforced by your hosts.

91
00:02:58,170 --> 00:02:59,070
For example,

92
00:02:59,070 --> 00:03:01,050
if the server is running strong encryption schemes

93
00:03:01,050 --> 00:03:04,020
like TLS 1.3, it's going to be pretty difficult

94
00:03:04,020 --> 00:03:05,820
or even impossible for us to intercept

95
00:03:05,820 --> 00:03:08,580
and crack the communication between the two hosts.

96
00:03:08,580 --> 00:03:10,560
So to try and overcome this encryption,

97
00:03:10,560 --> 00:03:13,740
a technique known as SSL stripping was created by attackers.

98
00:03:13,740 --> 00:03:15,810
Because a lot of websites used SSL,

99
00:03:15,810 --> 00:03:17,280
and its replacement, TLS,

100
00:03:17,280 --> 00:03:19,680
as a way to encrypt data between the client and the server,

101
00:03:19,680 --> 00:03:20,820
the attackers might attempt

102
00:03:20,820 --> 00:03:22,410
to trick the encryption application

103
00:03:22,410 --> 00:03:24,990
into presenting the user with an HTTP connection

104
00:03:24,990 --> 00:03:27,330
instead of an HTTPS connection,

105
00:03:27,330 --> 00:03:29,970
essentially stripping out the encryption layer.

106
00:03:29,970 --> 00:03:32,490
For example, let's say you try to go to facebook.com

107
00:03:32,490 --> 00:03:35,730
using HTTPS, but with SSL stripping,

108
00:03:35,730 --> 00:03:38,550
the attacker will try to redirect or downgrade that request

109
00:03:38,550 --> 00:03:41,910
to use the regular HTTP version of the website instead.

110
00:03:41,910 --> 00:03:43,860
This would be considered SSL stripping,

111
00:03:43,860 --> 00:03:45,300
because now there is no encryption

112
00:03:45,300 --> 00:03:46,590
being used in that connection,

113
00:03:46,590 --> 00:03:49,170
and we can then capture all the data and read it.

114
00:03:49,170 --> 00:03:51,120
Now, if an attacker finds that SSL stripping

115
00:03:51,120 --> 00:03:52,920
is not possible on a given system,

116
00:03:52,920 --> 00:03:54,450
they may instead perform what's known

117
00:03:54,450 --> 00:03:56,790
as a downgrade attack instead.

118
00:03:56,790 --> 00:03:58,200
Now, in a downgrade attack,

119
00:03:58,200 --> 00:03:59,940
the attacker attempts to have a client or server

120
00:03:59,940 --> 00:04:01,740
abandon its higher security mode

121
00:04:01,740 --> 00:04:03,840
in favor of a lower security mode.

122
00:04:03,840 --> 00:04:06,330
For example, if the client tries to connect to a server

123
00:04:06,330 --> 00:04:08,100
and negotiate a higher level of encryption,

124
00:04:08,100 --> 00:04:11,310
like TLS 1.3 or TLS 1.2,

125
00:04:11,310 --> 00:04:13,530
but they're connected through an intermediary attacker

126
00:04:13,530 --> 00:04:15,210
who's in an on-path position,

127
00:04:15,210 --> 00:04:17,610
that attacker may allow the encryption to occur

128
00:04:17,610 --> 00:04:19,890
so that you'll see that little lock in your web browser,

129
00:04:19,890 --> 00:04:22,140
but they'll only allow it at a lower level,

130
00:04:22,140 --> 00:04:24,780
such as using something like SSL 2.0,

131
00:04:24,780 --> 00:04:28,020
which is much easier for the attacker to crack in real time.

132
00:04:28,020 --> 00:04:29,640
This way, the attacker can remain

133
00:04:29,640 --> 00:04:31,320
in the middle of the communication stream

134
00:04:31,320 --> 00:04:32,700
between that client and the server,

135
00:04:32,700 --> 00:04:34,710
and they'll still be able to see everything that's going on,

136
00:04:34,710 --> 00:04:36,990
but the client thinks it's an encrypted session

137
00:04:36,990 --> 00:04:38,880
because it is, but it's encrypted at a lower level

138
00:04:38,880 --> 00:04:40,800
that can be cracked by the attacker.

139
00:04:40,800 --> 00:04:41,790
Now, it's important to mention

140
00:04:41,790 --> 00:04:43,530
that when I talk about a downgrade attack,

141
00:04:43,530 --> 00:04:46,290
it's not only focused on SSL and TLS,

142
00:04:46,290 --> 00:04:48,180
but it can actually be used with any kind of encryption

143
00:04:48,180 --> 00:04:51,990
or protection, such as Wi-Fi, VPNs, and many others.

144
00:04:51,990 --> 00:04:52,890
Anytime we have a client

145
00:04:52,890 --> 00:04:55,320
that tries to negotiate to a lower level of security

146
00:04:55,320 --> 00:04:56,820
that is technically backwards compatible

147
00:04:56,820 --> 00:04:57,960
at that higher level,

148
00:04:57,960 --> 00:05:00,360
this would be considered a downgrade attack.

149
00:05:00,360 --> 00:05:02,220
So remember, an on-path attack occurs

150
00:05:02,220 --> 00:05:04,080
when an attacker is able to put their workstation

151
00:05:04,080 --> 00:05:06,900
logically between two hosts during the communication

152
00:05:06,900 --> 00:05:09,000
in order to transparently capture, monitor,

153
00:05:09,000 --> 00:05:11,670
and relay the communications between those hosts.

154
00:05:11,670 --> 00:05:12,900
By placing themself in the path

155
00:05:12,900 --> 00:05:14,340
between the client and the server,

156
00:05:14,340 --> 00:05:16,470
the attacker can intercept the authorization packets

157
00:05:16,470 --> 00:05:17,580
being sent and received,

158
00:05:17,580 --> 00:05:19,800
and then use those to take over the authorized session

159
00:05:19,800 --> 00:05:21,550
between that client and the server.