基于区块链的毕业设计Ethical-hacking – 道德黑客

本文提供基于区块链的毕业设计国外最新区块链项目源码下载,包括solidity,eth,fabric等blockchain区块链,基于区块链的毕业设计Ethical-hacking – 道德黑客 是一篇很好的国外资料

Ethical-hacking

This is the start of my Ethical-hacking for-fun side prosjekt(s). I want to get a better understanding about nettwork and a more hands-on approach to learning security by writing my own tools instead of using build-in tools in kali. This repo should not be used outside of educational purposes. Any malicouse use of my code is strictly prohibited. This is purely a fun and educational side project and should only be used internally against your own machines or machines that you have permission to test on.

Before you start:

Make sure you have scapy installed. pip install scapy. Make sure you have netfilterqueue installed. pip install netfilterqueue

Usefull commands:

  • echo 1 > /proc/sys/net/ipv4/ip_forward – This will turn on ip_forwarding, allowing you to be MiTM
  • iptables -I FORWARD -j NFQUEUE –queue-num 0 – Puts all forwarding packages into a que so that they can be modified or sniffed. I If you are testing this locally, change the chain from FORWARD to output and input. NB: remember to flush your iptables when you are done. iptables –flush

SSLstrip

A lot of these tools are based on being MiTM. MiTM are not very effective if the connection is encryped. For now, using SSLstrip (prebuild tool in kali) is the easiste fix. I will write my own SSLstriping tool at a later date. Here are some notes about how to use SSLstriping with the given MiTM tools.

  1. Run the MiTM tool of your choice. In this github repo, the ARP spoofer is easy to use if you are on the same nettwork as your target.
  2. Start SSLstriping with the command sslstrip
  3. Change your IPtables so that the data from your target goes through port 10000 (the default port sslstrip is listening to)

iptables -t nat -A PREROUTING -p tcp --destion-port 80 -j REDIRECT --to-port 10000 4. Run whatever program you want to use on the unecrypted connection


Network Scanner

Does an ARP Request to scan the nettwork for potensital targets. Fetches IP and MAC addr

How To Use It

  • Run the code and add the -t or –target flag, followed by the IP range that you want to scan. For example: python3 nettwork_scanner.py -t 10.0.2.1/24

Mac Addr Spoofer

Changes the MAC addr of the computer


ARP Spoofer

Spoofs the ARP table

Function

This program poisions the ARP table by abusing the ARP protocol. Given the IP of a target and the IP of the gateway we will send an ARP response poisioning their ARP tables by doing the following:

  • The target will overwrite their ARP table swiching the gateways MAC addr, with out MAC addrs. Routing all traffic to the gateway, to us.

  • The gateway will overwrite their ARP table switching the targets MAC addr, with out MAC addrs. Routing all traffic intedned to the target, to us.

    How To Use It

  • To be able to be Man in the middle, we need to allow data to flow through our system with port forwarding(Linux). echo 1 > /proc/sys/net/ipv4/ip_forward

  • To run the code use the main() function. This takes two inputs, a target_ip and spoof_ip. The target IP is the IP of our target. The spoof IP is the IP of the gateway that we are pretending to be.

    TO-DO

  • Target IP and spoof IP needs to be inputs not hardcoded.


Packet Sniffer

Analyses packages from a target (use ARP Spoofing tool). Scans for potential username and password and fetches the URL of the website the login info is typed into. Does not work on a secure connection (obv…)

How To Use

Run the program and it will start sniffing incoming packages on port 80 (http). It checks for potensial username/password/email field.  

DNS Spoofer

Spoofs the DNS record of the target (attackneeds to be MiTM. Use ARP spoofer). If the target goes to a defined webiste, he will be redirected to the kali machines local host)


File Interceptor

Detects when the target is downloading a file. Currently only detects .exe. It allows the attacker to replace the file that the target wants to download with a file from another website.

TO-DO:

- Add a filter that changes multipal file types with  - Swap the file (redirect) from winrar download to my own local webserver that hosts a molicious file - Add packages to the iptable by default instead of running the command manualy 

NOTES:

  This tool uses iptables to put the packages in a que. The code looks at the que and modifies the packages.    When you are forwarding packages (f.eks MITM) use the following command:   iptables -I FORWARD -j NFQUEUE --queue-num 0   To test locally. Change the chain from FORWARD to OUTPUT and INPUT.   NB: remember to flush your iptables when you are done. iptables --flush      User of the program needs to install netfilterqueue (pip install netfilterqueue) to run the program. 

creat


开始之前:

这是我的道德黑客有趣的一面prosjekt(s)的开始。我想通过编写自己的工具而不是使用kali中的内置工具来更好地理解network,并获得学习安全性的更实际的方法。本回购协议不得用于教育目的之外。严禁恶意使用我的代码。这是一个纯粹的乐趣和教育方面的项目,应该只用于内部对您自己的机器或机器,您有权测试

使用命令:

确保已安装scapy。pip安装scapy。确保已安装netfilterqueue。pip安装netfilterqueue

  • echo 1&gt/proc/sys/net/ipv4/ipu forward-这将打开ipu转发,允许您成为MiTM
  • iptables-I forward-j NFQUEUE-queue num 0-将所有转发包放入一个que中,以便可以修改或嗅探它们。如果您在本地测试这个,请将链从FORWARD更改为output and input。注意:完成后记得刷新iptables。iptables—flush运行您选择的MiTM工具。在这个github repo中,如果你和你的目标在同一个网络上,ARP欺骗程序很容易使用

网络扫描程序

许多这些工具都是基于MiTM的。如果连接是加密的,MiTM不是很有效。目前,使用SSLstrip(kali中的预构建工具)是easiste解决方案。我将在以后编写自己的SSLstriping工具。下面是一些关于如何在给定的MiTM工具中使用SSLstriping的注释

  1. 使用sslstrip命令启动sslstrip
  2. 更改IPtables,以便来自目标的数据通过端口10000(sslstrip正在侦听的默认端口)
  3. 运行代码并添加-t或–target标志,然后是要扫描的IP范围。例如:python3 nettworku scanner.py-t 10.0.2.1/24

iptables-t nat-A PREROUTING-p tcp-destinon port 80-j REDIRECT-to port 10000 4.运行您想在未加密连接上使用的任何程序


如何使用它

执行ARP请求以扫描网络中潜在的目标。获取IP和MAC地址

Mac Addr Spoofer

  • 目标将覆盖他们的ARP表,通过网关MAC addr,而不使用MAC addr。将所有流量路由到网关,路由到我们

ARP Spoofer

更改计算机的MAC地址


函数

欺骗ARP表

如何使用它

此程序通过滥用ARP协议来放置ARP表。给定一个目标的IP和网关的IP,我们将发送一个ARP响应,通过执行以下操作来放置他们的ARP表:

  • 网关将覆盖其ARP表,切换目标MAC addr,而不切换MAC addr。把所有的信息传送到目标,传送给我们。如何使用它 > LI>能够成为中间人,我们需要允许数据通过端口转发(Linux)通过我们的系统流动。回声1&gt/proc/sys/net/ipv4/ip_forward要运行代码,请使用main()函数。这需要两个输入,一个目标ip和欺骗ip。目标IP是我们目标的IP。欺骗IP是我们假装的网关的IP。待办事项
  • 目标IP和欺骗IP需要不是硬编码的输入
  • 目标IP和欺骗IP需要输入而不是硬编码

  • 分析来自目标的包(使用ARP欺骗工具)。扫描可能的用户名和密码,获取登录信息输入到的网站的URL。不适用于安全连接(obv…)

    数据包嗅探器

  • 欺骗目标的DNS记录(攻击需要是MiTM)。使用ARP欺骗)。如果目标转到定义的webiste,他将被重定向到kali machines(本地主机)


如何使用

检测目标何时下载文件。当前仅检测.exe。它允许攻击者用另一个网站的文件替换目标想要下载的文件

DNS欺骗

Run the program and it will start sniffing incoming packages on port 80 (http). It checks for potensial username/password/email field.  

文件拦截器

创建道德黑客攻击

开始之前:

使用命令:

网络扫描程序

如何使用它

Mac Addr Spoofer

ARP Spoofer

函数

如何使用它

待办事项

数据包嗅探器

如何使用

DNS欺骗

文件拦截器

待办事项:

备注:

  • echo 1&gt/proc/sys/net/ipv4/ipu forward-这将打开ipu转发,允许您成为MiTM
  • iptables-I forward-j NFQUEUE-queue num 0-将所有转发包放入一个que中,以便可以修改或嗅探它们。如果您在本地测试这个,请将链从FORWARD更改为output and input。注意:完成后记得刷新iptables。iptables—flush运行您选择的MiTM工具。在这个github repo中,如果你和你的目标在同一个网络上,ARP欺骗程序很容易使用
  • 使用sslstrip命令启动sslstrip
  • 更改IPtables,以便来自目标的数据通过端口10000(sslstrip正在侦听的默认端口)
  • 运行代码并添加-t或–target标志,然后是要扫描的IP范围。例如:python3 nettworku scanner.py-t 10.0.2.1/24
  • 目标将覆盖他们的ARP表,通过网关MAC addr,而不使用MAC addr。将所有流量路由到网关,路由到我们
  • 网关将覆盖其ARP表,切换目标MAC addr,而不切换MAC addr。把所有的信息传送到目标,传送给我们。如何使用它 > LI>能够成为中间人,我们需要允许数据通过端口转发(Linux)通过我们的系统流动。回声1&gt/proc/sys/net/ipv4/ip_forward要运行代码,请使用main()函数。这需要两个输入,一个目标ip和欺骗ip。目标IP是我们目标的IP。欺骗IP是我们假装的网关的IP。待办事项
  • 目标IP和欺骗IP需要不是硬编码的输入


    待办事项:

    Detects when the target is downloading a file. Currently only detects .exe. It allows the attacker to replace the file that the target wants to download with a file from another website.

    备注:

    - Add a filter that changes multipal file types with  - Swap the file (redirect) from winrar download to my own local webserver that hosts a molicious file - Add packages to the iptable by default instead of running the command manualy 

    NOTES:

      This tool uses iptables to put the packages in a que. The code looks at the que and modifies the packages.    When you are forwarding packages (f.eks MITM) use the following command:   iptables -I FORWARD -j NFQUEUE --queue-num 0   To test locally. Change the chain from FORWARD to OUTPUT and INPUT.   NB: remember to flush your iptables when you are done. iptables --flush      User of the program needs to install netfilterqueue (pip install netfilterqueue) to run the program. 

    creat

  • 部分转自网络,侵权联系删除区块链源码网

    www.interchains.cc

    https://www.interchains.cc/23326.html

    区块链毕设网(www.interchains.cc)全网最靠谱的原创区块链毕设代做网站 部分资料来自网络,侵权联系删除! 最全最大的区块链源码站 ! QQ3039046426
    区块链知识分享网, 以太坊dapp资源网, 区块链教程, fabric教程下载, 区块链书籍下载, 区块链资料下载, 区块链视频教程下载, 区块链基础教程, 区块链入门教程, 区块链资源 » 基于区块链的毕业设计Ethical-hacking – 道德黑客

    提供最优质的资源集合

    立即查看 了解详情