You guys rock! This channel has seriously helped my fundamental knowledge as I prepare for higher certs. I love the perspective you guys attack each subject with.
Like I said, you guys are amazing! F**** Bombal that guy is drilling my brains just in vain. That is what I call explanation I mean yours of course! great job guys!
I come to you guys any time I do not understand a networking concept, and every time you guys make it easier and visible for me to understand. Content goes crazy thank you!
I know HTTPS protects against this very effectively, but is there any way to make sure that I'm connecting to the right DHCP server when, say, I connect to public Wi-Fi? Let's say I didn't connect to some hacker's Wi-Fi network and I really am on some legitimate coffee shop's Wi-Fi network. How do I make sure I'm getting DHCP from the coffee shop's router?
I think you can't as DHCP is broadcast based and there's no reason to assume the DHCP would be on the router. In my own lan, the router's DHCP is for static configuration only and unknown clients are issued IPs by my Pihole
Great question! It's now common for phishing sites to use HTTPS. Because the bad guys own the websites, they are able to see what credentials are being inputed by the victim.
A rogue DHCP server doesn't even have to be a MITM attack to be a headache..... Things like wireless AP's and some NAS devices can be misconfigured to run DHCP to an internet connection they don't have and cause all kinds of weird headaches. It's especially annoying if the Flash memory it uses for booting is starting to go out and it resets itself to default on occasion, when the default is DHCP to be on, and it's not connected in a manor to handle WAN traffic. Suddenly people get Duplicate IP messages, or can access the LAN but not the internet, or some people can't access anything but others are fine..... And then it goes away when you show up to fix it.... To only come back in a day or two..... The duplicate IP thing is kind of a dead give away, but beyond that it can be a big headache to troubleshoot since like mentioned in the video it's pretty random when your computer will decide it'll take a new IP address.
I assume you mean ARP Poisoning. The outcome is very similar but the way we achieve it is different. Rogue DHCP / DHCP spoofing requires the attacker to assign malicious IP address information by taking the role of a DHCP server. ARP poisoning requires the attacker to send false information to the network and pretend to be someone he is not.
Great video! Thanks for practical demonstration of how it looks and how it works! I do have a question. When I connect to http (and maybe even https) through the hacker's PC, do I leave such things as cookies, and similiar stuff, that can be used instead of login credintials? Thanks for the video!
Webserver tells your computer to set a cookie.... Your computer can then potentially send the data in the cookie instead of the using a user name and password. On a non-encrypted connection the hackers PC would see that information (either the instruction from the server to set the cookie, or your computer saying Hey use this cookie) and be able to record the cookies used. I assume there's a tool a hacker could use, but worse case Wireshark would show the raw data. So you wouldn't "Leave" the cookies, but you'd allow the hacker to scan the cookie and recreate it. Like mentioned in the video encryption (Https, or a vpn) would stop this.
. this is nothing but great video though , keep uploading videos like these so that you will not only help to educate but i will also help to spread out the word to prevent cyber hacking
So is it possible that i connect to unknown/free wifi in a cafe , so now it is my default gateway? If yes then if i login to http site then the free wifi guy can see my credential using wireshark?
Ussually you would see two wifi networks , like amm, Starbucks and Starbucks_official, being the first one the real wifi and the second one the wifi that the attacker created so people connects to that and spy traffic with wireshark.
Is it possible that planting malware on a device could then force all traffic to http so it can be intercepted? I'm dealing with a network attack and I've come to the conclusion that mitm is what I'm dealing with. Unfortunately the devices contain some kind of code that reconnects to some kind of server out there when I've rebooted the router. I think everything will need a clean install once I've figured out how to fix the mess I'm in . Got a new router but due to devices not being clean it's started all over again. Antivirus has found and cleaned heuristic Trojans but I can't figure out how to fix the TV 🫤
You guys rock! This channel has seriously helped my fundamental knowledge as I prepare for higher certs. I love the perspective you guys attack each subject with.
Wow thanks! Really appreciate it!
It saddens me that such an amazing content has such a little views. Deserves way more than that.
Like I said, you guys are amazing! F**** Bombal that guy is drilling my brains just in vain. That is what I call explanation I mean yours of course! great job guys!
Very Good!! Brazil!
Thank you! I would love to visit Brazil one day!
I come to you guys any time I do not understand a networking concept, and every time you guys make it easier and visible for me to understand. Content goes crazy thank you!
Thank you Ishmael! Really great to hear the videos are helping. Hope to have more for you very soon!
Very nice for learning❤but i think i'ts better to say: IF WEBSITE HAVE (HTTPS) AND SSL OR TSL VERIFICATION, WE CAN'T USE MITM ATTACK. Thanks
You need more than 300 likes...
Thanks! I'll give you a like for the comment 😀
I know HTTPS protects against this very effectively, but is there any way to make sure that I'm connecting to the right DHCP server when, say, I connect to public Wi-Fi? Let's say I didn't connect to some hacker's Wi-Fi network and I really am on some legitimate coffee shop's Wi-Fi network. How do I make sure I'm getting DHCP from the coffee shop's router?
I think you can't as DHCP is broadcast based and there's no reason to assume the DHCP would be on the router.
In my own lan, the router's DHCP is for static configuration only and unknown clients are issued IPs by my Pihole
Hi how can you stop rogue dhcp server from a network? How do you configure the router to stop it?
Now don't trust router....and get fcking Cellular connection..
Brilliant content. Thank you
Thank you Sadeesh!
Actually very good video. Subbed
Thanks
You're welcome Vasya!
Thanks for your hard work! Awesome video!!!
Thanks! Happy to hear you liked it. These comments make the work worth it 👌
so wifi connection or lan vpn or pppoe logon would eliminate this?
What's a rooter
🤷♂️
off topic. what about phishing websites that are using https? how the scammer obtain users' credential?
Great question! It's now common for phishing sites to use HTTPS. Because the bad guys own the websites, they are able to see what credentials are being inputed by the victim.
so how do i stop this please??
A rogue DHCP server doesn't even have to be a MITM attack to be a headache..... Things like wireless AP's and some NAS devices can be misconfigured to run DHCP to an internet connection they don't have and cause all kinds of weird headaches. It's especially annoying if the Flash memory it uses for booting is starting to go out and it resets itself to default on occasion, when the default is DHCP to be on, and it's not connected in a manor to handle WAN traffic. Suddenly people get Duplicate IP messages, or can access the LAN but not the internet, or some people can't access anything but others are fine..... And then it goes away when you show up to fix it.... To only come back in a day or two..... The duplicate IP thing is kind of a dead give away, but beyond that it can be a big headache to troubleshoot since like mentioned in the video it's pretty random when your computer will decide it'll take a new IP address.
What is the difference between app poisoning and this?
I assume you mean ARP Poisoning. The outcome is very similar but the way we achieve it is different.
Rogue DHCP / DHCP spoofing requires the attacker to assign malicious IP address information by taking the role of a DHCP server. ARP poisoning requires the attacker to send false information to the network and pretend to be someone he is not.
@@Certbros Thank you for the explanation
No problem Alexander! Happy to help 👍
You missed the word 'snooping' in the description :)
Great spot! Thank you 😁
Great video!
Thanks for practical demonstration of how it looks and how it works!
I do have a question. When I connect to http (and maybe even https) through the hacker's PC, do I leave such things as cookies, and similiar stuff, that can be used instead of login credintials?
Thanks for the video!
Webserver tells your computer to set a cookie.... Your computer can then potentially send the data in the cookie instead of the using a user name and password. On a non-encrypted connection the hackers PC would see that information (either the instruction from the server to set the cookie, or your computer saying Hey use this cookie) and be able to record the cookies used. I assume there's a tool a hacker could use, but worse case Wireshark would show the raw data. So you wouldn't "Leave" the cookies, but you'd allow the hacker to scan the cookie and recreate it. Like mentioned in the video encryption (Https, or a vpn) would stop this.
@@TheGodOfAllThatWas Thanks for the detailed answer!
Awesome video sir.can u uploaded video on icmp redirecting in mitm sir?
Thanks for the suggestion. I've added it to the suggestion list. If I get more requests I will definitely look at making this.
I literally took CEH v11 Course but this small video gave me so much knowledge that I actually got from that class.
many thanks Mate : _
the style and flow of your videos are great. Looking forward to seeing more like these and CCNA material is really helping.
Great to hear! Lots more to come.
. this is nothing but great video though , keep uploading videos like these so that you will not only help to educate but i will also help to spread out the word to prevent cyber hacking
i just hate configuring dhcp snooping in packet tracer, it doesn't work and it could be a lil buggy
Thank you..Wonderfully done! Much appreciated
awesome video! thank you for showing how it actually works! I studied Network+ but never knew how it worked and always wondered.
So is it possible that i connect to unknown/free wifi in a cafe , so now it is my default gateway?
If yes then if i login to http site then the free wifi guy can see my credential using wireshark?
I think they cannot, even though they can see your traffic accessing Facebook. Because Facebook is using https, our credentials are encrypted.
@@M3nt4LC4t if site is http then is it possible?
@@abhik67590 yes it is possible. because http traffic are not encrypted. you can see example as in the video.
Ussually you would see two wifi networks , like amm, Starbucks and Starbucks_official, being the first one the real wifi and the second one the wifi that the attacker created so people connects to that and spy traffic with wireshark.
@@helamanavalos9806 ✌Thanks
thank
nice
Sup man, keep going. Ur vids are very interesting
Nice lesson, thanks! The only little thing is missed. The kali Linux settings that forward hacked user's traffic back to router.
you are correct about https but what if attacker do SSL strip bro ?!!
K , could you show the same in yersinia ? deploy this rogue attack on yersinia plz
Thanks for the suggestion! I'll definitely look to make some Yersinia videos in the future.
@@Certbros cool i'll wait
Please make a video about APIs
Working on it!
Lovely content
Thank you!
Its so sad that so many people are missing out on these awsome videos😥
Good video clip perfectly explained..!!!
This was awesome!!!!!!!
Thank you Joseph!
😍😍😍
Loved it xo
Thank you Jessil!
Real goat video
Thank You !
Sorry, I don't understand what you do at 7:40. How can I open a Cisco router? Can you help me? I really don't know how to do
Great video!!
very nice
Thanks
Great video, already waiting for the next video.
Thank you Abhishek!
A tip... I went to increase the speed of the video only to realize it was at 2.0x already. So the tip, don't talk so very slow
Is it possible that planting malware on a device could then force all traffic to http so it can be intercepted? I'm dealing with a network attack and I've come to the conclusion that mitm is what I'm dealing with. Unfortunately the devices contain some kind of code that reconnects to some kind of server out there when I've rebooted the router. I think everything will need a clean install once I've figured out how to fix the mess I'm in . Got a new router but due to devices not being clean it's started all over again. Antivirus has found and cleaned heuristic Trojans but I can't figure out how to fix the TV 🫤