Jump to content

Script to detect data capture e.g.( Wire shark & MITM attack ) - (Moved)


 Share

Recommended Posts

Hello,

This is my first post. So I’ve worked on a script for a while and I’m planning to publish it but the problem is that it connects to an FTP server at some point, and as you probably know FTP credentials are easily captured by a MITM attack or Wireshark (not sure if Wireshark does). So I thought if i can detect data capturing in the user’s network the script would stop. Any idea?.

If there’s another workaround I’m happy to hear it. 

Link to comment
Share on other sites

  • Developers

Never use a clear text protocol when the traffic can be captured. Use ftps or sftp instead.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

  • Developers

Moved to the appropriate forum, as the Developer General Discussion forum very clearly states:

Quote

General development and scripting discussions. If it's super geeky and you don't know where to put it - it's probably here.


Do not create AutoIt-related topics here, use the AutoIt General Help and Support or AutoIt Technical Discussion forums.

Moderation Team

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

12 minutes ago, Jos said:

Never use a clear text protocol when the traffic can be captured. Use ftps or sftp instead.

Jos

Sorry for using the wrong forum.

I found an SFTP script in the forum but some functions didn’t actually work.

What I’m asking is that is there a workaround if I’m using FTP? i had the data capture detector idea but i couldn’t code it.

Link to comment
Share on other sites

  • Developers

How would you know /detect that data is captured by somebody? 
You are talking about a user network, but I have no idea what you mean? 
Is this connection using just a LAN with a private IP space or also public Internet?

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Wikipedia describes how to detect MITM. Don't think this would be easy to implement using AutoIt.
Only means to prevent MITM sems to be encryption/authentication.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

11 hours ago, Jos said:

How would you know /detect that data is captured by somebody? 
You are talking about a user network, but I have no idea what you mean? 
Is this connection using just a LAN with a private IP space or also public Internet?

Jos

No I meant just in the private IP space.

To explain the idea of what i need i had an idea but it doesn’t really work, but logically, I wanted to get the Gateway IP and see if its 192.168.0.1 or 192.168.1.1 then it means that there is no MITM attack. Because some MITM tools tell the router to pass the traffic to the attacker IP e.g. 192.168.1.107 instead of the real gateway IP so when some user execute “ipconfig” the gateway IP would be othen than the IP’s above, in this case the gateway IP would be 192.168.1.107

this idea should be similar to what i need. I don’t really need an advanced script to detect that.

thanks.

 

Link to comment
Share on other sites

  • Developers

You really lost me here....  so you are seriously worried about a MITM problem in your private LAN?
How would that work assuming you have proper control over the environment? 

Anyways, all of this is not really important: When you need to transfer sensitive data you need to use an encrypted transmission protocol!
.. all the rest of the detection options is Too little   Too late.

Jos  

 

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

And re. Wireshark et al., any form of passive packet sniffing is by definition undetectable.

Link to comment
Share on other sites

2 hours ago, Jos said:

You really lost me here....  so you are seriously worried about a MITM problem in your private LAN?
How would that work assuming you have proper control over the environment? 

Anyways, all of this is not really important: When you need to transfer sensitive data you need to use an encrypted transmission protocol!
.. all the rest of the detection options is Too little   Too late.

Jos  

 

let me explain a bit more what is it I want. I'm worried if someone ran my script that they can steal my FTP credentials using a MITM attack in their network. So I started this thread hoping to find a way that when my script runs, it first checks if there is a MITM attack before connecting to the FTP server, making sure its safe to connect.

Anyway, it looks like its a long shot. What do you think I should use as an alternative for transferring data using Autoit?

another thing might help to solve this. I'm using the FTP for licensing purposes. the script connects to the FTP server to check if the user's (serial number - passcode) is valid and for downloading updates. any other idea?

Edited by Raywando
Link to comment
Share on other sites

  • Developers

I fully understood what you are asking and still stand behind the comments I made. 

1 hour ago, Raywando said:

another thing might help to solve this. I'm using the FTP for licensing purposes. the script connects to the FTP server to check if the user's (serial number - passcode) is valid and for downloading updates. any other idea?

I would simply make a HTTPS call to a local webserver to validate the license usage and return an OK/KO. ;)

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

28 minutes ago, Jos said:

I fully understood what you are asking and still stand behind the comments I made. 

I would simply make a HTTPS call to a local webserver to validate the license usage and return an OK/KO. ;)

Jos

Can you please explain briefly how that works with Autoit in steps. Sorry I’m not really experienced in these protocols.

Edited by Raywando
Link to comment
Share on other sites

  • Developers

The AutoIt3 part is easy, but you would have to code a website that takes the information from the GET, check the data and return OK or KO.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...