Jump to content
Sign in to follow this  
Followers 0
Raywando

Script to detect data capture e.g.( Wire shark & MITM attack ) - (Moved)

By Raywando, in AutoIt General Help and Support

Recommended Posts

Raywando    0

Raywando
Posted

Hello,

This is my first post. So I’ve worked on a script for a while and I’m planning to publish it but the problem is that it connects to an FTP server at some point, and as you probably know FTP credentials are easily captured by a MITM attack or Wireshark (not sure if Wireshark does). So I thought if i can detect data capturing in the user’s network the script would stop. Any idea?.

If there’s another workaround I’m happy to hear it. 

Share this post

Link to post
Share on other sites

Jos    2,164

Jos
Posted

Moved to the appropriate forum, as the Developer General Discussion forum very clearly states:

Quote

General development and scripting discussions. If it's super geeky and you don't know where to put it - it's probably here.

Do not create AutoIt-related topics here, use the AutoIt General Help and Support or AutoIt Technical Discussion forums.

Moderation Team

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Share this post

Link to post
Share on other sites

Raywando    0

Raywando
Posted
12 minutes ago, Jos said:

Never use a clear text protocol when the traffic can be captured. Use ftps or sftp instead.

Jos

Sorry for using the wrong forum.

I found an SFTP script in the forum but some functions didn’t actually work.

What I’m asking is that is there a workaround if I’m using FTP? i had the data capture detector idea but i couldn’t code it.

Share this post

Link to post
Share on other sites

Jos    2,164

Jos
Posted

How would you know /detect that data is captured by somebody? 
You are talking about a user network, but I have no idea what you mean? 
Is this connection using just a LAN with a private IP space or also public Internet?

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Share this post

Link to post
Share on other sites

water    2,359

water
Posted

Wikipedia describes how to detect MITM. Don't think this would be easy to implement using AutoIt.
Only means to prevent MITM sems to be encryption/authentication.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2020-10-10 - Version 1.5.2.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2020-12-15 - Version 1.6.3.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2020-06-27 - Version 1.3.2.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki, WebDriver - Wiki

 

Share this post

Link to post
Share on other sites

Earthshine    510

Earthshine
Posted (edited)

I think you need to wait for quantum computing in order to figure out if somebody’s messed with some thing

 

Do as advised above and use encryption

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Share this post

Link to post
Share on other sites

Raywando    0

Raywando
Posted
11 hours ago, Jos said:

How would you know /detect that data is captured by somebody? 
You are talking about a user network, but I have no idea what you mean? 
Is this connection using just a LAN with a private IP space or also public Internet?

Jos

No I meant just in the private IP space.

To explain the idea of what i need i had an idea but it doesn’t really work, but logically, I wanted to get the Gateway IP and see if its 192.168.0.1 or 192.168.1.1 then it means that there is no MITM attack. Because some MITM tools tell the router to pass the traffic to the attacker IP e.g. 192.168.1.107 instead of the real gateway IP so when some user execute “ipconfig” the gateway IP would be othen than the IP’s above, in this case the gateway IP would be 192.168.1.107

this idea should be similar to what i need. I don’t really need an advanced script to detect that.

thanks.

 

Share this post

Link to post
Share on other sites

Jos    2,164

Jos
Posted (edited)

You really lost me here....  so you are seriously worried about a MITM problem in your private LAN?
How would that work assuming you have proper control over the environment? 

Anyways, all of this is not really important: When you need to transfer sensitive data you need to use an encrypted transmission protocol!
.. all the rest of the detection options is Too little   Too late.

Jos  

 

Edited by Jos
Earthshine reacted to this

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Share this post

Link to post
Share on other sites

Raywando    0

Raywando
Posted (edited)
2 hours ago, Jos said:

You really lost me here....  so you are seriously worried about a MITM problem in your private LAN?
How would that work assuming you have proper control over the environment? 

Anyways, all of this is not really important: When you need to transfer sensitive data you need to use an encrypted transmission protocol!
.. all the rest of the detection options is Too little   Too late.

Jos  

 

let me explain a bit more what is it I want. I'm worried if someone ran my script that they can steal my FTP credentials using a MITM attack in their network. So I started this thread hoping to find a way that when my script runs, it first checks if there is a MITM attack before connecting to the FTP server, making sure its safe to connect.

Anyway, it looks like its a long shot. What do you think I should use as an alternative for transferring data using Autoit?

another thing might help to solve this. I'm using the FTP for licensing purposes. the script connects to the FTP server to check if the user's (serial number - passcode) is valid and for downloading updates. any other idea?

Edited by Raywando

Share this post

Link to post
Share on other sites

Jos    2,164

Jos
Posted

I fully understood what you are asking and still stand behind the comments I made. 

1 hour ago, Raywando said:

another thing might help to solve this. I'm using the FTP for licensing purposes. the script connects to the FTP server to check if the user's (serial number - passcode) is valid and for downloading updates. any other idea?

I would simply make a HTTPS call to a local webserver to validate the license usage and return an OK/KO. ;)

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Share this post

Link to post
Share on other sites

Raywando    0

Raywando
Posted (edited)
28 minutes ago, Jos said:

I fully understood what you are asking and still stand behind the comments I made. 

I would simply make a HTTPS call to a local webserver to validate the license usage and return an OK/KO. ;)

Jos

Can you please explain briefly how that works with Autoit in steps. Sorry I’m not really experienced in these protocols.

Edited by Raywando

Share this post

Link to post
Share on other sites

Jos    2,164

Jos
Posted

The AutoIt3 part is easy, but you would have to code a website that takes the information from the GET, check the data and return OK or KO.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • tarretarretarre
      Autoit-Socket-IO
      By tarretarretarre
      Version 2.x.x and 3.x.x has been moved to branch 3.x
      About Autoit-Socket-IO
      Autoit-Socket-IO is a event driven TCP/IP wrapper heavily inspired from Socket.IO with focus on user friendliness and long term sustainability.
      I constantly want to make this UDF faster and better, so if you have any suggestions or questions (beginner and advanced) Do not hesitate to ask them, I will gladly help!
      Key features
      Simple API 99% data-type serialization thanks to Autoit-Serialize Can easily be extended with your own functionality thanks to Autoit-Events "Educational" examples Data encryption thanks to _<Crypt.au3> Limitations
      Speed. This UDF will sacrifice some speed for convenience Read more in the official thread
    • wysocki
      Upload Thunderbird address book TO html for use on smartphone etc.
      By wysocki
      I have a smartphone and I use it to access my email. However, when composing an email on it I have a problem. My list of phone contacts on the phone is very different from my list of email contacts in my Thunderbird desktop app.  I use my Gmail address book to store primarily phone contacts, and I use Thunderbird for my list of email contacts. I wanted a way to get my Thunderbird contact list onto my smartphone to be able to compose emails to addresses in that list. Here's my solution.
      I wrote a script to export my Thunderbird Personal Address Book to a csv file. It then reads that file and re-writes it with html wrappers around the data to make it into a nicely formatted web page. It then uploads the htm file to my website. On my smartphone, I created a shortcut to the file's URL and whenever I click it, I get the list displayed. Each contact shows name and email address along with a COPY button that will put the address into the clipboard. Then in my email client, I can easily paste that address into it. Alternatively, clicking on the actual email link will open a new message dialog in your email client with that address already entered.
      To use the app, all you need to do is use Thunderbird and have a webserver available. You'll need to download the FTPEX.AU3 file from this website and make a few changes to some constants around line 17 for FTP login info, etc.
       
      pab2ftp.au3
    • Dent
      [SOLVED] _FTP_FilePut error / strange behaviour
      By Dent
      The following function successfully connects to and uploads a local text file named user.dat
      I have checked the data being written to the text file when it is created locally using a MsgBox and it appears exactly how it should be written to the file. If I comment out the FileDelete and go and open the file locally it is as expected.
      However when I download the file from the FTP server and open it up the text that should be at the end of the file is missing. With each subsequent run more characters are missing.
      I added the Sleep(5000) in case the function was closing the FTP connection too quickly before the file could be fully written but it makes no difference. The user.dat file is (should be) approximately 100 bytes so it is tiny.
      Any idea why this is happening?
      Func UpdateUserData() ; Upload the modified user.dat file Local $hOpen = _FTP_Open("myftp") Local $hConn = _FTP_Connect($hOpen, "my.ftp.server", "user", "pass", 1, 0, 1, 2) If @error Then MsgBox(16, "Error", "Connection failed" & @CRLF & @CRLF & "Please contact support") _FTP_Close($hConn) _FTP_Close($hOpen) Exit EndIf _FTP_FilePut($hConn, @TempDir & "\user.dat", "user.dat") ; Upload the new user.dat file Sleep(5000) If @error <> 0 Then MsgBox(16, "Error", "Couldn't transmit data" & @CRLF & @CRLF & "Please contact support") _FTP_Close($hConn) _FTP_Close($hOpen) Exit EndIf _FTP_Close($hConn) _FTP_Close($hOpen) FileDelete(@TempDir & "\user.dat") EndFunc  
    • WoodGrain
      Move Mouse while remote access program captures mouse/kb
      By WoodGrain
      Hi guys,
       
      I've written a script that will move my mouse to a location on the screen whenever my remote access software becomes active, the problem I have is that as soon as the remote access software becomes active it appears to capture the mouse and keyboard so nothing happens when I use MouseMove().
       
      Is there any way around this?
       
      Thanks!
    • Carm01
      Pulling a directory listing from a public ftp
      By Carm01
      Hello,
      I am attempting to pull a list of the directory structure from a public FTP where no username or password is required i.e:
      ftp://ftp.adobe.com/pub/adobe/
      Now I have looked all over the place and have failed find anything to accomplish, and if I found some, and the documentation is rather bleak for example;
      it does show something I am looking for, but there is no ftp.au3, and the usage and examples of what i want to do seems to elude me on this and it may not even apply to what I am trying to accomplish?
      I want to avoid using things with Internet explorer , and I have done some google searches. However nothing seems to help
      the documentation surrounding : _FTP_DirGetCurrent  references _FTP_Connect , and then references _FTP_Open , and regardless what I try I cannot get it to pull a list of directorys of files as a list.
       
      Any help is appreciated
       
       
       
×
×
  • Create New...