The Art of Sniffing
Before we embark on a MitM attack, we need to address a few concepts. First, sniffing is the act of grabbing all of the traffic that passes you over the wired or wireless communication. There are a number of tools that will enable you to do this. Most famously, Wireshark, but also tcpdump, dsniff, and a handful of others.
Switches & Spoofing
Switches are designed to reduce network traffic and congestion by isolating traffic and only sending packets to a particular IP address or MAC address that's the destination, unlike hubs that send all traffic to all NICs. This means that my NIC only sees traffic intended for it, if the switch is doing its job. This makes it harder, but not impossible to sniff and thereby conduct a MiTM attack.
step-1 Open Three Terminals
To conduct this MitM attack, we're going to need three (3) terminals, so go ahead and open those now. Our goal here is to get a client on our network to believe we are the server and the server to believe we are the client.
arpspoof can do this for us by replacing the MAC address of the client and the server with our MAC address in the ARP table.
step-2 Arpspoof Client to Server
Let's start with the client. We want to replace the MAC address of the server with our MAC address.
- arpspoof 192.168.1.101 192.168.1.105
Where:
- 192.168.1.101 is the IP of the client
- 192.168.1.105 is the IP of the server
In this step, we're telling the client that we are the server.
step-3Arpspoof Server to Client
Now we want to replace the MAC address of the client with our address, so we simply reverse the order of the IP addresses in the previous command.
- arpspoof 192.168.1.105 192.168.1.101
Here, we are telling the server that we are the client.
Now execute both of these commands. When we do this, the client will think we are the server and the server will think we are the client!
step-4Pass Packets with Ipforward
Now that we are impersonating both the client and server, we need to be able to pass or forward the packets to the other machine. In other words, we want the packets coming from the server to be forwarded to the client and those coming from the client forwarded to the server.
We do this in Linux by using the ip_forward. Linux has a built-in functionality to forward packets it receives. By default, it's turned off, but we can turn it on by changing its value to 1(ON).
We simply echo a 1 and direct (>) it to /proc/sys/net/ipv4/ip_forward, thereby turning on ipforwarding.
- echo 1 > /proc/sys/net/ipv4/ip_forward
- sysctl -w net.ipv4.ip_forward=1
Commands
- arpspoof -i[Network Interface] -t [victim ip] [Router Ip]
Interchange :
- arpspoof -i[Network interface] -t [Router ip] [victim ip]
Sniff image from victim
- driftnet -I [Network InterfaceName]
Sniff URL's Information from victim navigation
- urlsniff -I [Network interface name ]
0 comments: