Article directory
- Preface
- 1. Check the network interface configuration
-
- Step 1: Get the IP configuration from the victim
- Step 2: Turn on packet forwarding in Linux
- Step 3: Use arpspoof to redirect packages to your computer
- Step 4: Intercept packages from your router
- Step 5: Sniff images from the target’s browser history
- Step 6: Sniff URL information from victim navigation
- stop attack
- 2. Practical display
- Summarize
Preface
Man-in-the-middle attacks are one of the most commonly attempted attacks on network routers. They are mainly used to obtain login credentials or personal information, spy on victims, or disrupt communications or corrupt data.
A man-in-the-middle attack is when an attacker intercepts the flow of messages back and forth between two parties to change the message or simply read the message.
In this article, we will learn how to perform a man-in-the-middle attack on devices connected to the same WiFi network as ours and see which websites they visit frequently.
提示:以下是本篇文章正文内容,下面案例可供参考
1. Check the network interface configuration
Run the following command in the terminal to find out the name of the network interface you are using:
ip add
If you are using the router's IP, use:
ip route show
Step 1: Get the IP configuration from the victim
Next, you need to get the victim router’s IP. It's easy and you can find it a few different ways. For example, you can use a network monitoring software tool, or you can download a router user interface program that allows you to list all devices on a specific network and their IPs.
Step 2: Turn on packet forwarding in Linux
This is very important because if your machines are not exchanging packets, the attack will fail because your internet connection will be interrupted. By enabling packet forwarding, you can disguise your local computer as a network router.
To turn on packet forwarding, run the following command in a new terminal:
sysctl -w net.ipv4.ip_forward=1
Step 3: Use arpspoof to redirect packages to your computer
Arpspoof is a pre-installed Kali Linux utility that allows you to commandeer traffic from a switched LAN to a selected machine. This is why Arpspoof is the most accurate way to redirect traffic and actually allows you to sniff traffic on your local network.
Use the following syntax to start intercepting packets from the victim to the router:
arpspoof -i [网络接口名称] -t [受害者 IP] [路由器 IP ]
This only enables monitoring of incoming packets from the victim to the router. Do not close the terminal as it will stop the attack.
Step 4: Intercept packages from your router
What you do here is the same as the previous step, except it's just reversed. Keeping the previous terminal open, open a new terminal to start extracting packets from the router. Type the following command using the network interface name and router IP:
arpspoof -i [网络接口名称] -t [路由器 IP] [受害者 IP ]
At this point you may have realized that we have switched the position of the parameters in the command used in the previous step.
So far you have penetrated the connection between the victim and the router
Step 5: Sniff images from the target’s browser history
Let’s take a look at which websites our target likes to frequent and what images they see there. We can do this using specialized software called flownets.
Driftnet is a program that allows us to monitor network traffic from certain IPs and identify images from the TCP streams in use. The program can display images in JPEG, GIF and other image formats.
To see the image you see on the target machine, use the following command
driftnet -i [网络接口名称]
Step 6: Sniff URL information from victim navigation
You can also sniff out website URLs that our victims frequently visit. The program we are going to use is a command line tool called urlsnarf. It sniffs out and saves HTTPs requests from specified IPs in a common log format. An excellent utility for performing offline post-processing traffic analysis with other network forensic tools.
The syntax you would enter in the command terminal to sniff a URL is:
urlsnarf -i [网络接口名称]
As long as each terminal is running normally and you don't accidentally close one of them, things should go smoothly so far.
stop attack
Once you're satisfied with what you have, you can thwart the attack by closing each terminal. You can do it quickly using the ctrl+C shortcut.
And don't forget to disable packet forwarding that you have enabled for the attack. Type the following command in the terminal:
sysctl -w net.ipv4.ip_forward=0
2. Practical display
1. Find surviving hosts in the LAN
The code is as follows (example):
nmap -sP 你kali ip地址/24
2. Data packet forwarding
The code is as follows (example):
sysctl -w net.ipv4.ip_forward=1
3. Use arp
If the command "arpspoof" cannot be found, please run the following command:
apt install dsniff
arpspoof -i [网络接口名称] -t [路由器 IP] [受害者 IP ]
If you don't know what your routing IP is, please enter
ip route show
Usually the first one is
let's run
4. Use driftnet
driftnet -i eth0
I didn't succeed,
Use urlsnarf
My keyboard is almost broken and it doesn’t show up.
My skills are limited and I can only go here, QAQ
Send a picture
Summarize
I don't know why it failed. It should be that arpspoof made a mistake.