Does Two Factor Authentication (2FA) prevent Phishing and/or Man-in-the-Middle (MITM) attacks?

While 2FA is clearly an improvement over only a single factor, is there anything which prevents an adversary presenting a convincing sign-in page which captures both factors?

I realise that technically a MITM attack is different to a Phishing attack, though at a high level they’re very similar — the user is inputting their credentials into an attacker-controlled page and the attacker can then input the credentials onwards into the real page.

MiTM using ettercap and burp suit and iptables

I’m trying to perform a MiTM attack on a local network connected device. I configured the iptables to route the incoming traffic to port 443 and port 80 so it can be captured by the Burp Suite. However when i’m performing ARP poisoning using ettercap (as arpspoof is not available in KALI 2020) wireshark can capture the packets but burp can’t be able to intercept the packets.

I followed this tutorial… https://www.pentestgeek.com/penetration-testing/credential-harvesting-via-mitm-burp-suite-tutorial

But it’s not helping me anymore as arpspoof is deprecated.

Tor and MITM SSL [duplicate]

In my company they have MITM/SSL in following way. There is a proxy to whom all PCs connect. Now the company installed some trusted certificate authority (e.g. ISSUER-COMPANY-NAME) on our computers. When I go to facebook it shows me that it has certificate signed by the issuer that was installed by our company. I am curious will Tor hide my traffic in such setting? will they see say my facebook password if I use Tor?

Why Man In The Middle (MITM) is not working with my Huawei router?

Man-in-the-Middle is not working with my router (Huawei) on my Windows machine/any device.

But it works with another router on my same Windows machine/any device.

When I doing MITM with Huawei router:

Linux MAC: a0:af:bd:c5:21:87   Router's MAC: 7c-11-cb-1f-ad-85 

My Windows ARP table before doing MITM on it:

c:\Users\acer>arp -a  Interface: 192.168.1.113 --- 0x4  Internet Address        Physical Address      Type  192.168.1.1             7c-11-cb-1f-ad-85     dynamic  192.168.1.255           ff-ff-ff-ff-ff-ff     static  224.0.0.022             01-00-5e-00-00-16     static 

arpspoof script to do MITM:

1st terminal:

arpspoof -i wlan0 -t 192.168.1.113 192.168.1.1 

2nd terminal:

arpspoof -i wlan0 -t 192.168.1.1 192.168.1.113 

Then the Widows machine ARP table is:

c:\Users\acer>arp -a  Interface: 192.168.1.113 --- 0x4  Internet Address        Physical Address      Type  192.168.1.1             7c-11-cb-1f-ad-85     dynamic  192.168.1.112           a0:af:bd:c5:21:87     dynamic  192.168.1.255           ff-ff-ff-ff-ff-ff     static  224.0.0.022             01-00-5e-00-00-16     static 

I tried with bettercap, ettercap, my own python script and I done ‘echo 1 > /proc/sys/net/ipv4/ip_forward’ in Linux. It is still not working! Not capturing anything.

The expected ARP table on Windows:

Interface: 192.168.1.113 --- 0x4  Internet Address        Physical Address      Type  192.168.1.1             a0:af:bd:c5:21:87     dynamic  192.168.1.255           ff-ff-ff-ff-ff-ff     static  224.0.0.022             01-00-5e-00-00-16     static 

Burp Proxy vs MITM

I have recently started using Burp as a proxy for hunting bugs on websites and I see many submissions where people have intercepted and modified requests/responses to exploit certain logic flaws in web applications. However, this is possible only because we have installed Burp’s certificate in our browser that allows it to decrypt the traffic to and from the web application. However, in a realistic scenario, the attacker would have to conduct a MITM attack to intercept/modify traffic. This makes me wonder what the point is of traffic interceptions using Burp.

Is it possible to craft a certificate signing chain that thwarts MITM corporate VPNs?

Some companies install corporate VPNs which also come with a root certificate installed on all employees’ machines. This allows for encrypted traffic to be decrypted by technology installed on the VPN. Some companies even have to do this to meet certain auditing and compliance requirements.

Is it possible for a website to set up a certificate signing chain in a way that if root cert that signed it is replaced by the corporate VPNs root cert, it would either fail to load the website, or prevent it from being overwritten by the root cert entirely in the first place?

Or, if there’s a root cert installed on a machine, is it impossible to prevent TLS intercepting by a MITM party?

DNS spoofing via ssl (https) by mitm with own wlan server

Problem: I have a local machine (IoT, lets call it MCC) which connects via SSL to a website (mcc.com) to get some JSON data. I would like to send modified JSON from my own server.

Idea: Setup a local device (lets call is rasp) which opens a wifi hotspot. The MCC should then connect to the rasp. The rasp answers with a certificate from the public server mcc.com, but sends the modified JSON data.

I am not familiar with DNS, but I expect this to be difficult as we do not own the public key of mcc.com. Does someone know some solution here? The MCC does not use some kind of DNS over https.

MITM Attack on Gmail’s SSL in 2011

I have read these posts: https://www.cnet.com/news/fraudulent-google-certificate-points-to-internet-attack/

https://support.google.com/mail/forum/AAAAK7un8RU3J3r2JqFNTw/?hl=en&gpf=d/category-topic/gmail/share-and-discuss-with-others/3J3r2JqFNTw

As far as I know, a certificate should be installed on a server.

So I don’t quite understand how issuing a fraudulent certificate for *.google.com (the spelling of the common name is correct – it is not phishing) could trigger these browser warnings without installing it on a server.

I understand that a private key is in their hands but how did they manage to throw this certificate from the official Google website to users?

Did they install it on a Gmail server?

Could you explain, please?

Screenshot of certificate error in Chrome