Aegis: ARP spoofing protection for Mac

Aegis vs MITM

blueEagle256MITM (Man-In-The-Middle) is one of the first exciting attacks aspiring cybersecurity students learn about during their studies. We definitely had a lot of fun bettercaping our roommates around the house and sniffing their traffic (everything was consensual of course).

Evil hackers also know how to MITM. MITM attacks are scary easy and can compromise every bit of info not protected by HTTPS (and sometimes even info protected by it).  This is includes visited website addresses, usernames, passwords and so on.

MITM attacks in local networks are based on ARP spoofing. So, we developed Aegis, a macOS app (yes, we are Mac fanboys) that detects ARP spoofing by monitoring the state of your Mac’s ARP table.

Get it on Githubhttps://github.com/windBlaze/Aegis/releases 

Dropbox link: Aegis.dmg

SHA256: fc79cd90bbf0fdb35337ace01eb0b0c6e21a168fde78a14a748b6dfa90de714a

How it works

Loading
Activated

Three easy steps:

  1. Open the application (surprise). After some seconds, it will display the IP and MAC address of the Wi-Fi access point you are connected to.
  2. Click on the switch to activate the protection for that Wi-Fi AP (be sure that its MAC address checks out first!).
  3. To have Aegis automatically turn on when you are connected to that AP, click on the “Auto” checkbox.

That’s all! The Aegis icon will turn red if you are under attack. We’ll be adding countermeasures to stop attacks in the coming weeks.

Let us know if you’re using Aegis, we’ll be really excited! Definitely let us know if you find a bug, we’ll be less excited but you’d be of great help 😛

FAQ

  1. How to know if the MAC address of an AP is legitimate: if it’s your home network , the router’s MAC address is probably printed on a sticker. Then again, if you are in need of MITM protection in your own house, you should rethink your choice of roommates. Sometimes security-aware café owners print the MAC address of their APs along with the name and password. At work, you can ask your net admin.
  2. Source code: the app is written is Swift. We may  (or not) release the code on GitHub in the near future 😉

Download link (in case you missed it): Aegis.dmg

Leave a comment