1 00:00:00,330 --> 00:00:08,130 And the previous lecture we learned how to use better cap to run an AARP spoofing attack and place ourselves 2 00:00:08,370 --> 00:00:13,710 in the middle of the connection between a computer and the access point. 3 00:00:13,710 --> 00:00:20,040 And every time I do this I keep saying this means that all the requests and all the responses will flow 4 00:00:20,070 --> 00:00:21,330 through our computer. 5 00:00:21,420 --> 00:00:26,620 Which means that we'll be able to see anything a user does on the Internet. 6 00:00:26,730 --> 00:00:34,350 So we should be able to see the or else the images the videos the passwords they log in with or anything 7 00:00:34,380 --> 00:00:37,410 they sent or receive. 8 00:00:37,410 --> 00:00:43,500 So right now we are already in the middle of the connection and this data is already flowing through 9 00:00:43,500 --> 00:00:44,630 our computer. 10 00:00:44,700 --> 00:00:50,960 So all we have to do is just use a program to capture this data and analyze it. 11 00:00:51,000 --> 00:00:55,760 Now we can use wire shark to do that and I will cover this later on in the course. 12 00:00:55,830 --> 00:01:02,760 But for now I'm going to use a really nice module that comes with better cap that will automatically 13 00:01:02,760 --> 00:01:09,410 capture all of this data analyze it and show me the interesting stuff. 14 00:01:09,780 --> 00:01:17,610 So all we have to do now is to tell better cap to capture all of the data that is flowing through this 15 00:01:17,610 --> 00:01:26,250 computer and analyze it for me and to do this we can use the net dot sniff module so you can do help 16 00:01:26,250 --> 00:01:32,480 followed by net dot sniff to see all of the options that you can set for this module. 17 00:01:32,670 --> 00:01:35,640 What I showed you how to read options and change them. 18 00:01:35,640 --> 00:01:42,300 So for now I actually want to run it without modifying any of the options so I'm just going to do net 19 00:01:42,570 --> 00:01:52,420 dot sniff on so now everything that's going to flow through this computer will be captured and analyzed 20 00:01:52,660 --> 00:02:00,910 by the net dog sniff module so I'm going to close this terminal window and let's go to the target Windows 21 00:02:00,910 --> 00:02:02,320 computer. 22 00:02:02,320 --> 00:02:08,260 I'm going to open my web browser and we're going to generate some traffic and see if that's going to 23 00:02:08,260 --> 00:02:10,870 be captured by better cup. 24 00:02:11,170 --> 00:02:15,330 What we're doing right now will not work against hasty G.P.S.. 25 00:02:15,640 --> 00:02:21,550 But don't worry we'll talk about how to bypass hasty TPA later on and why this won't work. 26 00:02:21,940 --> 00:02:29,620 But for now for testing I'm just going to go to a Web site called Bold web and I'm going to include 27 00:02:29,620 --> 00:02:33,370 its link in the resources of this lecture. 28 00:02:33,370 --> 00:02:39,780 So as you can see this is a normal Web site that doesn't use ETP as it also has a number of links here 29 00:02:39,790 --> 00:02:43,980 so if I click for example on this link everything is loading fine. 30 00:02:43,990 --> 00:02:51,940 As you can see here but if we go to the Kelly machine you'll see that every request that we sent was 31 00:02:51,940 --> 00:02:54,500 actually captured by this computer. 32 00:02:54,550 --> 00:03:01,060 So you can do this to any computer that is connected to the same network as you whether it's a wired 33 00:03:01,090 --> 00:03:06,460 or wireless network so you can see there were requests sent to Google. 34 00:03:06,460 --> 00:03:11,650 If you scroll down you'll see we made the request for this Web site. 35 00:03:11,650 --> 00:03:13,750 One Web dot com. 36 00:03:13,750 --> 00:03:21,280 You can also see all of the other files that this Web site loaded so you can see we have a logo loaded 37 00:03:21,280 --> 00:03:21,940 here. 38 00:03:22,000 --> 00:03:25,600 You can see we have our Stiles file being loaded here. 39 00:03:25,750 --> 00:03:32,240 Again if there were more images you'll actually see links to all of the images that are being loaded. 40 00:03:32,440 --> 00:03:34,380 You can see here we are. 41 00:03:34,380 --> 00:03:39,730 This is the second link that we clicked on the test BHP that one web dot com. 42 00:03:40,090 --> 00:03:44,950 So this is what we have right here here in the top. 43 00:03:44,950 --> 00:03:49,900 Now also let me just go back and maybe click on the first one. 44 00:03:50,260 --> 00:03:53,350 And as you can see this is another Web site. 45 00:03:53,440 --> 00:03:59,830 It has a log in functionality in here and that's try for example log in with a user name. 46 00:03:59,860 --> 00:04:10,580 Let's set the user name to my name Zaid Sabi and that's put the password as 1 2 3 4 5 6 7 8 9 0. 47 00:04:10,600 --> 00:04:20,140 I'm gonna click on log in again as you can see we got logged in no issues at all but if I go back to 48 00:04:20,140 --> 00:04:31,280 the Caylee computer and scroll up as you can see we captured a log in that was sent to this Web site 49 00:04:31,810 --> 00:04:35,210 test hasty AML 5 that volume web dot com. 50 00:04:35,320 --> 00:04:38,920 Again this is exactly the Web site that we have here. 51 00:04:39,010 --> 00:04:46,270 And if you look in here you can see that the user name was a SRB and the password was 1 2 3 all the 52 00:04:46,270 --> 00:04:48,820 way up to 9 0. 53 00:04:48,820 --> 00:04:55,960 So basically the idea that I'm trying to get across right now anything that the target computer sends 54 00:04:56,050 --> 00:05:00,250 or receives right now will be captured by the Kelly machine. 55 00:05:00,250 --> 00:05:07,360 And like I said we can do this to any computer or any phone that is connected to this same network as 56 00:05:07,360 --> 00:05:10,990 us whether it's a Wi-Fi or a wired network.