Local Tech Repair: Network security auditing - Subterfuge

Sunday, June 23, 2013

Network security auditing - Subterfuge

For a long time there has been problems with security flaws in consumer grade routers for middle man attacks.  
A middle man attack is an attack that a hacker or auditor will perform on a local network to gain router status. All the clients connect to the attacker computer because the trusting nature of the network table protocol.  This allows the attacker to strip ssl sessions,  capture plain text passwords,  block content,  and inject code into your browser. Since
 consumer grade routers are not equipped with defensive policies to protect their customers this attack becomes very easy to do.  

Recently a group of researchers put together a tool that automates the whole attack for you so that you do not even need to know how to start the specialized tools like sslstrip and others.  This allows anyone who can install the software to go to a coffee shop and exploit the users on the network be it customers or business computers.  

This tool is called Subterfuge.  Subterfuge is a framework that allows for others to add to it and help others automate attacks.  The software comes with automating credential harvesting.  This allows the sslstrip to strip any https session and grab the username and password without the victim being the wiser. 

Customers need to protect them selves and demand protection against these type of attacks from router makers. These attacks are not new and have been around for years.
I have been able to give this software a try and it does work and is very simple to use.

"Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in. Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation…"

-Local Tech Repair Admin