Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,810 --> 00:00:07,020 Once we get all the IP inside the network we need to know which one is the gateway which is the router 2 00:00:07,590 --> 00:00:15,070 because most probably I'm going to need to intercept the traffic going to the router which will be Zahed 3 00:00:15,080 --> 00:00:18,020 intercept all traffic going to the Internet. 4 00:00:18,180 --> 00:00:23,870 I don't want to intercept think traffic or traffic or any traffic that is useless for me. 5 00:00:24,060 --> 00:00:29,780 I need to intercept the traffic that is going to the Internet because this is the traffic that has credential 6 00:00:29,820 --> 00:00:31,650 or have some information. 7 00:00:31,680 --> 00:00:37,440 Now how can I know which one is the router IP. 8 00:00:37,500 --> 00:00:44,100 Actually it's quite easy if you are not aware or you can check any machine Windows machine and check 9 00:00:44,100 --> 00:00:53,200 what is a gateway or in such case you can open a terminal open a terminal inside Linux and type IP code 10 00:00:53,690 --> 00:00:59,070 and I pollute will show you the gateway of this machine which will be the same gateway for all the machine 11 00:00:59,070 --> 00:00:59,920 in the Senate. 12 00:01:00,360 --> 00:01:08,550 So just by typing IPs based route which means show me the root of any IP it will show you that the route 13 00:01:08,610 --> 00:01:11,320 is 1 and 2 and 6 8 1 4 2 2. 14 00:01:11,340 --> 00:01:13,920 This is the router right. 15 00:01:14,280 --> 00:01:19,840 So I know that this is a router so I'm going to click on this one and then I'm going to click on Add 16 00:01:19,920 --> 00:01:27,060 to target one then I can choose any other computer on the network and I can choose to target two or 17 00:01:27,120 --> 00:01:28,500 I can keep it this way. 18 00:01:28,530 --> 00:01:32,300 And according to that he will intercept all of them. 19 00:01:32,820 --> 00:01:37,350 Once I do that I'm just going through the basics. 20 00:01:37,360 --> 00:01:37,610 OK. 21 00:01:37,620 --> 00:01:43,250 So get to the basics and then we'll do a full attack by just showing you around the menu. 22 00:01:43,250 --> 00:01:48,570 So once I do that and identifies the machine and which one will be the gateway and I signed that way 23 00:01:48,580 --> 00:01:53,940 to target one second step would be going to empty manage the middle attack this menu and choose are 24 00:01:53,940 --> 00:02:01,940 poisoning and choose the first one which is sniffer remote connection and we are set to go then start 25 00:02:02,100 --> 00:02:03,340 and start sniffing. 26 00:02:03,630 --> 00:02:09,040 And now is sniffing any of those any traffic from those computers going to the Internet. 27 00:02:09,060 --> 00:02:11,890 It could be a username and password could be anything. 28 00:02:12,330 --> 00:02:18,030 But this is not the interesting part of the Issaka because actually many many program is doing that 29 00:02:18,090 --> 00:02:19,910 in a much easier way. 30 00:02:20,130 --> 00:02:24,880 And I suggest to check Cain and Abel It's an amazing Windass. 31 00:02:25,250 --> 00:02:31,360 But there are things that exist in in-circuit and very very very few programmer doing that. 32 00:02:31,460 --> 00:02:37,640 Is changing in traffic not just intercepting but changing how can we do that. 33 00:02:37,650 --> 00:02:42,020 So to be able to do that we have a menu here called plug ins. 34 00:02:42,330 --> 00:02:48,930 And when you go there and click on plug ins or Mohnish plug ins you'll see all the plugins that can 35 00:02:48,930 --> 00:02:50,410 be able to fight this stuff. 36 00:02:50,700 --> 00:02:58,610 So you will see for instance DNS poisoning which you're going to do in your next lecture DNS poisoning 37 00:02:58,620 --> 00:03:05,030 main intercept traffic that resolves from name to IP and change it. 38 00:03:05,160 --> 00:03:06,580 And we're going to see an example of that. 39 00:03:06,610 --> 00:03:14,580 I'm going to show you how dangerous it is we can see and strip which is another attack that allows you 40 00:03:14,580 --> 00:03:21,300 to intercept encrypted traffic because usually if you intercept an encrypted traffic you'll be capturing 41 00:03:21,300 --> 00:03:23,180 traffic but unreadable. 42 00:03:23,250 --> 00:03:24,310 So what is use of it. 43 00:03:24,480 --> 00:03:32,010 But if you use a cell strip it will allow you to intercept encrypted traffic and read it. 44 00:03:32,490 --> 00:03:39,120 You can intercept regular traffic and change it so it's from here that you are applying a plug in this 45 00:03:39,120 --> 00:03:44,760 plug in will be applied on the traffic going between the two targets that you specify. 46 00:03:45,240 --> 00:03:50,760 So what we're going to do on the next lecture we're going to repeat this attack but I'm going to choose 47 00:03:50,760 --> 00:03:58,260 one specific traffic or one specific plug in which is a DNS spoofing. 48 00:03:58,530 --> 00:04:05,360 And let's see how we can do a full attack using ease of kept intercepting the traffic and change in 49 00:04:05,370 --> 00:04:06,070 size that are. 5334