Today testing the app in Android Intercepter-ng in the laboratory of my wifi network I had many connection problems from my victim.
So with the mess he had, I’ve come to the conclusion And as I release the MITM attack?
How do I know if I’m being a victim of a MITM?
The answer is very simple this method of attack is based on getting in the way of the connection, in this case between the PC and the router, so doing a tracert on Windows you can know where my traffic goes. Open cmd and type tracert <url>
We can clearly see that the first hop gives it to 192.168.1.39 (ip of the attacker).
So we will look at the ARP table if have been due to a “arp spoofing,” which it does is when the victim says: Who is the gateway, the attacker said: “I am”, and puts it in his arp table, so that ALL traffic victim passed by the attacker.
* The Arp tables can imagine them as a phone book, you should be listening to requests, as it had new equipment in the network in order to communicate with X team when needed.
To view the ARP tables do: arp-a
192.168.1.1 and 192.168.1.39 is the same MAC.
First thing we do is to clear the ARP table to be built again. Netsh interface IP arpchache delete and return to consult with arp-a
This method will pay you when the attacker is gone from our network, if not return to poison us.
So we have to leave without Connection as if whatever. The most viable options are:
1 Turn off wifi and re-do the previous step.
2nd Access the IP router and add in blocking IP or MAC.
Use 3rd applications to detect changes in the ARP cache.
I will use the method 3 specifically be installing two masterpieces that are Patriot-NG Security-Projects and Marmite Informatica-64
Now when I restart Intercepter poison, jumped the two programs.
This shows that we are protected against these attacks, Marmite indeed impressed me and it provides great functionality as far as having a history, card configuration, information tables and many others.