4.1 - Man-In-The-Middle (MITM) wireless setup
The basic idea of a MITM attack consists of an attacker taking a position between the legitimates users of a network, so that the attacker can eavesdrop the communication, having access to connections of the victims, and relaying messages between them. The victims believe that the communications are being legitimate, although the truth is that the attacker has got actually the control of the process.
There are a lot of different architectures or layouts in a MITM attack, depending on the topology, characteristics and technologies available at the network. In this chapter, the used setup will consist of the victim "roch" trying to communicate with the legitimate AP, and the attacker "kali" intercepting and relaying packets between them.
In this setup, the attacker "kali" is connected to the Internet through a wired LAN with its Ethernet interface eth0. At the same time, "kali" creates a fake AP, broadcasting an ESSID equal to the legitimate's one. The victim "roch" would get connected to this fake AP, believing that he is connected to the legitimate AP.
For that purpose "kali" creates a bridge between its wired and virtual wireless interface, forwarding all the packets through the bridge towards and from the Internet.
The attacker "kali" has got access to analyze all the packets sent and received by the victim "roch", not only eavesdropping all the traffic over wireless, but also being able to modify it with malicious intentions, as it will be seen later. For instance, hijacking web sessions, creating denial of service attacks, redirecting to sites intentionally created for the attack, stealing cookies or passwords, redirectioning to ports, spoofing DNS requests and responses, etc ...