BetterCAP ICMP redirection Method for Penetration Testing

In this knowledge base article we’ll discuss BetterCAP ICMP redirection method in Kali Linux. ICMP redirection is a feature of the internet protocol suite; however, ICMP packets are interesting in that they are themselves IP packets. They are, thus, interesting little nuggets seen on IP networks, and RFC 792 is fascinating reading, a true nail-biter. While just about anyone worthy of the title of techie is familiar with ICMP via the famous ping utility (ICMP ECHO), the protocol has additional power that is understood more by network administrators than the average user.
One of those features is redirect: a message that advertises a better route to a destination based on a set of criteria. In our case, we spoof a message intended to poison a dynamically updated routing table. Whereas with ARP spoofing we created messages designed to trick devices into sending their data to a particular link layer address, with ICMP we're spoofing at the network layer and suggesting a better route for traffic. Naturally, that route passes through our attacking interface. It's like telling the driver of an armored truck, Highway 75 is closed due to an accident, so take this shady back alley instead - it's faster. Meanwhile, our goons are waiting to steal some money from the truck.
I'm willing to take the time and break down this sophisticated attack for you, but again, one of BetterCAP's strengths is allowing us to get straight to work. A single-line command is all we need:
# bettercap -S ICMP --full-duplex --sniffer-output BetterCapICMP

-S ICMP specifies that we're using ICMP to conduct the man-in-the-middle spoofing attack.
• --full-duplex tells BetterCAP to spoof in both directions; generally, you'll want to select this option.
• --sniffer-output [file name] defines our .pcap output for our analysis in Wireshark. (Don't forget to use display filters to clean up that ICMP noise!) The sniffer isn't enabled by default, but defining a .pcap output file enables it automatically.
I know what the hacker in you is thinking: what about target selection? Great point. By default, BetterCAP targets everyone. On our cozy lab LAN, this is desired to see just what this gem of a tool can do. On just about any real-world pen testing engagement, where part of your job is to demonstrate to the client what you can get away with before being caught, this is a great way to get slapped on the wrist on your first day.
For your study, it's nice to pull up the capture in Wireshark to see what's happening under the hood. Note, this is no less obnoxiously noisy than ARP spoofing, as you can see. Of course, just as ARP spoofing can be defended aga inst, ICMP redirection attacks can be defended against – and it's a little easier to stop. For example, routers using static routes will render useless our little sleight-of-hand.

BetterCAP ICMP redirection

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordpress website using WPSeku from My Hack Stuff.

COMMENTS

Name

AC Milan,4,Arsenal,9,Atalanta,5,Atletico Madrid,6,Barcelona,15,Bayern München,5,Bundesliga,9,Business,1,Chelsea,13,Coronavirus,2,Cristiano Ronaldo,13,Dortmund,1,Ethical Hacking,46,Exploitation,35,FA Cup,2,Featured,206,Football,219,Footprinting,29,Google Adsense,2,Inter Milan,5,Juventus,15,Kali Linux,39,Kali NetHunter,3,LaLiga,39,Lazio,4,Leicester City,7,Ligue 1,26,Liverpool,12,Lyon,5,Make Money,3,Manchester City,15,Manchester United,14,Messi,2,Metasploit,1,Napoli,4,Offensive Security,17,Penetration Testing,15,Politics,2,Post Exploitation,19,Premier League,68,PSG,6,Real Madrid,13,Roma,3,Search Engine Optimization,4,Serie A,32,Sevilla,1,Sports,190,Technology,36,Tips,16,Tottenham Hotspur,10,Trending,434,UEFA Champions League,10,UEFA Europa League,11,United States,1,Windows,7,World News,7,
ltr
item
My Hack Stuff: BetterCAP ICMP redirection Method for Penetration Testing
BetterCAP ICMP redirection Method for Penetration Testing
https://myhackstuff.com/wp-content/uploads/2018/11/2.png
My Hack Stuff
https://www.myhackstuff.com/2018/11/bettercap-icmp-redirection-method-for.html
https://www.myhackstuff.com/
https://www.myhackstuff.com/
https://www.myhackstuff.com/2018/11/bettercap-icmp-redirection-method-for.html
true
1336489415246004999
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content