Combining passive and active attacks - Replay Attacks

Procedure

  1. You have the option to choose a channel that is to be intercepted. Here, the student is the hacker.

  2. Click “Start” to start the simulation.

  3. Observe the connection from the selected channel to server being changed to selected channel to hacker's computer then to the server. Observe the connection message in the terminal at bottom.

  4. Click “Next” to start packet transmission.

  5. Observe the packet being sent from client to hacker. Now that the hacker has intercepted a packet, he can use this to communicate with the server on behalf of the user. The intercepted packet is shown in the terminal.

  6. Click on the corresponding port number under the 'Respond' section on hacker computer, and the simulation begins.

  7. Observe the packet being sent from the hacker to the server on behalf of the user.

  8. Click on 'Next' to send a response back to the user from the server. Note that this packet will not actually reach the user, it will be intercepted by the hacker's computer.

  9. Observe the response message from the server which contains username and password.

  10. Click on the corresponding Port number under the 'Respond' section on the hacker computer after the packet reaches the hacker.

  11. Observe the packet being sent from the hacker to the client on behalf of the server.

  12. Copy the username and password once it has been received and enter it in the input boxes provided on screen.

  13. Click on “Verify”, the experiment is successful if both the username and password that the hacker intercepted are correct.