Difference between revisions of "OpenHAB - Man in the middle attack"
Line 36: | Line 36: | ||
[[File:Cain-Able-Sniffer.png]] | [[File:Cain-Able-Sniffer.png]] | ||
The output is a list of available hosts in the network, in our case including host 192.168.0.38 on which OpenHab is running and 192.168.0.150 which is our Philips Hue bridge. | |||
[[File:Cain-Able-Sniffer_Output.png]] | |||
The next step is to select with which participants we want to perform out attack, for that, we select the ARP menu at the bottom left part of our program and then tap on the big blue Plus symbol. | |||
Revision as of 18:00, 16 July 2019
Summary
The results of our Man in the middle attack on OpenHAB.
Goal
To perform a Man in the Middle attack via arp spoofing between a Hue bridge and a computer and capture the traffic send between OpenHab and the bridge to control a wireless light.
Used Software
- Cain & Able https://www.chip.de/downloads/Cain-Abel_17043501.html
- OpenHAB https://www.openhab.org/
You can find our documentation about installing OpenHAB here Install OpenHAB.
- Wireshark https://www.wireshark.org/
Used Hardware
Philips Hue White and Color Ambiance Single LED-Bulb E27 10W
Philips Hue Bridge 2.0, Frequencies 2400-2483.5 MHz
Capturing traffic before the Attack
Before we performed the Man in the Middle attack, we performed a wireshark capturing directly on the host camputer which was using OpenHab.
As one can see, we can see in plain text the numbers for color, saturation and brightness. And we see every PUT message send whenever we change something.
Using Cain & Able
The first thing to do when using Cain and Able is to use the sniffing function the determine which hosts in the network are available for sniffing and MitM attacks.
To start the process, we click on the second button from the right in the top left corner.
The output is a list of available hosts in the network, in our case including host 192.168.0.38 on which OpenHab is running and 192.168.0.150 which is our Philips Hue bridge.
The next step is to select with which participants we want to perform out attack, for that, we select the ARP menu at the bottom left part of our program and then tap on the big blue Plus symbol.
Make sure to read
- War and Peace
- Lord of the Rings
- The Baroque Cycle