Man in the Middle - Kali

Hi, everyone!

I want to update you on what we are working on and the next update. As you saw in the patch notes, we have rolled out the backend for the man in the middle module. First, let me brief you on how a man in the middle (MITM) attack works.


ABOUT MITM >
Basically, in Kali, there are two MITM tools, ARP Spoofing and Ettercap. Once you are connected to an internal network, you can scan for active and assigned IPs. Similar to the WMI Scanner, this process takes a couple of seconds and returns all the active IPs on a network.



The next step is to configure your attack variables. You'll need to input the victim's IP and the router IP.

There are various types of MITM attacks. ARP Poisoning, ICMP redirects, DHCP spoofing, etc... In NITE Team 4, you will be able to use ARP Poisoning, and I am still evaluating if DHCP spoofing will be used as a game mechanic.



"ARP" means Address Resolution Protocol. In short, you send false information to the victim's host that makes the computer believe that you are the legitimate routers (gateway) on the network and that traffic to the internet should be sent to you.

You then send that traffic to the real router. This process goes both ways, meaning that from the router's perspective, you are the one browsing the web, the traffic is sent back to you so you can spy on it then send it to the victim's computer.

Ettercap comes with a Certificate server. When you access a secure HTTPS site, it will create a certificate making the victim's browser believe that the connection between the website and the host is secure. (And the fact is, it is! Between you and the victim, there is a real SSL certificate that you just generated)


MITM IN NT4>
In the next mission of NT4, MITM attacks are going to be possible. It's an interesting game mechanic since there are two main parts to achieve it.

The first requires you to break into a network (using Foxacid). The second part is a passive process where you launch the MITM attack but then have to wait for the victim to use their computer and access sensitive information that can be used for your mission. This second part is the interesting one.

We can use a real life timeline so the MITM attacks yield results either after a specific amount of time or on a defined schedule. (Ex: between 9 to 5 every day in the victim's time zone.)

Another strategy is to find a way to 'force' the victim to connect to the internet. The raid team triggers an office alarm so we can track who is remotely connecting to respond to the alarm, what are their locations, etc...

Finally, it is possible to do a MITM attack on a server to spy on various inbound and outbound traffic; security camera feeds, etc...


REAL LIFE BROWSING>
One problem we have is the creation of fake content. Let say we want to simulate a 10 minute browsing session to hide the actual intel you need to intercept; we have to create a lot of fake content that is used only for the immersion experience. (Making all the MITM attacks more real)

It lacks realism if every time you launch a MITM attack, the user happens to navigate ONLY to the content we need for our mission.

So we are working on a streamer that can use real world websites mixed with our fake content. This way, you will be able to see the victim searching on Google, reading the news on CNN, etc...




Thanks for reading and stay tuned for our next update!

 

Hi, Jason!

You are not the first one to raise that question. I see two to CND in NT4.

1) The notion that the target being attack has some defensive mechanism that you need to tackle.

2) The notion that you are under attack and have to defend yourself.

We have planned for number 2, and it's already tested now in the backend. You may have seen a mission in your inventory called 'Under attack by FSB.'

I am unsure how I can implement number 1 for now, but it's something I plan to add at some point.

 

Tomorrow's new update...

 

Currently uploading the patch!