We attack DHCP part 4. DHCP + ARP + Apple = MiTM

    LOGO


    In this article, I’ll talk about how to implement MiTM of any Apple device on a wired or wireless network. Before reading this article, I strongly recommend that you familiarize yourself with the first , second and third parts.


    There is only one limitation: we must be able to listen to broadcast traffic on the network in order to intercept broadcast DHCP requests.


    If it is a wireless network, then we must be connected to it.


    I have already spoken more than once about identifying a conflict of IPv4 addresses on a local network . For this, the ARP protocol is used and this happens immediately after the host has received an IP address.


    To detect an IP address conflict, the host sends several broadcast ARP requests right after it receives the IP address:


    1. A host with a MAC address of 98: 01: a7: e2: 9a: a9 receives the IP address 192.168.0.4 via DHCP :


    DHCP


    2. The host sends broadcast ARP requests to identify the conflict of IP addresses, while in the Sender MAC address sets its MAC address: 98: 01: a7: e2: 9a: a9 , in the Target IP address field - the received IP address 192.168 .0.4 :


    Address conflict detection


    If there are no hosts on the network with IP address 192.168.0.4 then the answer will not come, but if there is, the answer will come:


    Duplicate IP detected


    As you can see, after this response, the host sends a DHCP failure message - DHCPDECLINE , after which the procedure for obtaining the IP address is repeated from the very beginning.


    Most operating systems do not respond to such ARP answers after they have already received an IP address, but not MacOS and iOS !


    Therefore, in order to initiate the receipt of an IP address on MacOS and iOS operating systems, it is enough to send a couple of such ARP answers. And while receiving the IP address, we can intervene in this process and replace the IP addresses of the gateway and DNS server with our IP!


    MacOS video of an attack:



    Also popular now: