Implemented-ARP-cache-manipulation-to-identify-and-analyze-network-vulnerabilities.

Description

The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link layer address, such as the MAC address, given an IP address. The ARP protocol is a very simple protocol, and it does not implement any security measure. The ARP cache poisoning attack is a common attack against the ARP protocol. Using such an attack, attackers can fool the victim into accepting forged IP-to-MAC mappings. This can cause the victim’s packets to be redirected to the computer with the forged MAC address, leading to potential man-in-the-middle attacks.

Languages and Utilities Used

• Python
• Ununtu 20.04 VM

Environments Used

• Windows 10 (21H2)

Lab topics covered

• ARP Cache Poisoning
• MITM Attack on Telnet using ARP Cache Poisoning
• MITM Attack on Netcat using ARP Cache Poisoning

Shell scripts commands

• ./dc-build.sh - Build the docker images, it can take one additional parameter to be used in the build process, e.g. ./dc-build.sh --no-cache.
• ./dc-up.sh - Start the docker containers in the foreground.
• ./dc-up-d.sh - Start the docker containers in the background.
• ./dc-stop.sh - Stop the docker containers, it can take one additional parameter to be used in the stop process.
• ./dc-down.sh - Stop and remove the docker containers, it can take one additional parameter to be used in the stop and remove process.
• ./dc-unittest.sh - Utility script to aid in running a specific unit test class.

Program walk-through:

• Using Scapy for Sniffing and Spoofing:

  1. Launching an ARP cache poisoning attack on a target machine
     
  2. Launching MITM attack on Telnet.
     
  3. Launching MITM atatck on netcat