Hey guys, hacker world here back again with another tutorial.
So a lot of you guys have been asking me to elaborate more with the man in the
middle attacks and more specifically to show you how to use a tool called
ettercap. Alright so for those of you don't know what ettercap is at the
ettercap is a fantastic security tool that allows you to perform and in the
middle attacks on LAN and on your local network.
Alright, so it comes pre-install and pre-configured in Kali Linux, which is you know, fantastic so you don't have to download or set anything up. The only thing you need to do is you if you haven't logged into kali Linux for a while, just update your packages and make sure you're running the latest version. Alright, so in the previous tutorial, and we were looking at ARP spoofing with ARP spoof. Some of you actually noticed in the comments that I did not forward the packets in the sense that I did not allow the flow of packets through my computer being the man in the middle, allowing it to flow to and back, you know, through the router and back to the client or our target for this matter. Okay, so hopefully I can explain how to do that right now. I actually did it before the video assuming that many people know how to do it. And a lot of people are saying that their connection isn't working. And I actually remembered that yes that is an essential step. So I'm going to show you how to do it now, Alright so
Alright, so it comes pre-install and pre-configured in Kali Linux, which is you know, fantastic so you don't have to download or set anything up. The only thing you need to do is you if you haven't logged into kali Linux for a while, just update your packages and make sure you're running the latest version. Alright, so in the previous tutorial, and we were looking at ARP spoofing with ARP spoof. Some of you actually noticed in the comments that I did not forward the packets in the sense that I did not allow the flow of packets through my computer being the man in the middle, allowing it to flow to and back, you know, through the router and back to the client or our target for this matter. Okay, so hopefully I can explain how to do that right now. I actually did it before the video assuming that many people know how to do it. And a lot of people are saying that their connection isn't working. And I actually remembered that yes that is an essential step. So I'm going to show you how to do it now, Alright so
Just open up your terminal and obviously make sure you're in
rooted always helps and now we're going to use the system a control command. So
system control, and we know want to select the option to write. So type rootkali: ~# sysctl -w
net.ipv4.ip_forward=1 .
Alright, so that is the command that will allow the flow of packets through your computer, as you're
acting between the router and the client, so just hit Enter, and it should give
you the result saying yes, the show IP will, the value should be one. Alright,
so once you've done we're done with that we can get started with ettercap.
Alright, so ettercap is pre-installed with Kali Linux, so you can just search
for it. And you can just go into your search menu and just go into Ettercap and
you make sure you select ettercap graphically because that's what I'm going to be
elaborating in this tutorial. So just click on it. Now before we get started
with actually, you know, performing any man in the middle attacks, you need to
have a target. So in this case, I have a target here. Alright, so I have a
target there and this is a Windows seven operating system that is going to act
as our target. So we're going to try and intercept the package being sent between
the windows seven operating system and my router. Alright, so once you've
opened up at the gap what you need to do the first thing you need to do is you
need to select your sniffing option. So usually if you're connected physically
to the Ethernet, so what I mean when I say physically is you're actually
connected to an Ethernet Adapter or to a switch or to a hub, and then I would
recommend that you use bridge sniffing. So what this means is if you're in a
situation like you're in an organization where you have, you know, your
computer is connected to a switch that is also connected to other computers in
the organization, I would recommend that you use the bridge sniffing.
Otherwise, in my case, I'm just going to use unified sniffing because I only
want I'm only using one adapter there's no bridge connection. Okay, so now it's
going to ask you to select your network interface.
I'm going to select Ethan zero because I'm using Ethernet right now. And by default, you can also select your wireless adapter if that's what you choose to use. So just hit OK. And now as you can see, it's going to tell you that the unified sniffing process is started. And what you have to do now is you need to add a target so you want to go into targets and you want to go into current targets. Now as I said, this is very similar to our spoof where you would simply add your router IP address and your target IP address, similar to what you would do with our spoof. So what you would do with a spoof is you would Firstly, the first step would be to select your day to select the target as the router IP address, and then you use your target IP address as the secondary on. So in this case, all you need to do is just add your target one IP address as your router. So 192.168.1.1 is my route IP address. It is your default gateway address if that's what you're wondering. So you can just type in if config and you can find your default gateway and just get that and put it in here. Now you need to get your target IP address which you can which I'm going to do and I can do using my command prompt here using the IP config command. So IP config. It's been a long time since I've used windows seven but boy it feels good. So there you are 192.168.1.102. And we're just going to go into our target and hit Add. And we're going to say 192.168.1.102, and we hit okay, right. So we've added our target, you know, IP address and our router IP address. Okay, so now we need to actually perform the ARP poisoning attack that will give us the middle access. So to do that is really very simple. Just going to man in the middle and click on ARP poisoning. And now it's going to ask you for optional parameters. Make sure you check sniff remote connections and just hit okay. So once you've done that, the ARP poisoning has begun and it's currently running. So now you can use a traffic or network sniffing tool like wire shark or TCP dump, which is what we're going to be using. So if I just open up TCP dump, I really enjoy using TCP dump sometimes so TCP dump, , and we can say the interface is Ethernet zero, and we specify the port, Port 80 The target or actually the host is 192.168.1.102, or two being our target.
I'm going to select Ethan zero because I'm using Ethernet right now. And by default, you can also select your wireless adapter if that's what you choose to use. So just hit OK. And now as you can see, it's going to tell you that the unified sniffing process is started. And what you have to do now is you need to add a target so you want to go into targets and you want to go into current targets. Now as I said, this is very similar to our spoof where you would simply add your router IP address and your target IP address, similar to what you would do with our spoof. So what you would do with a spoof is you would Firstly, the first step would be to select your day to select the target as the router IP address, and then you use your target IP address as the secondary on. So in this case, all you need to do is just add your target one IP address as your router. So 192.168.1.1 is my route IP address. It is your default gateway address if that's what you're wondering. So you can just type in if config and you can find your default gateway and just get that and put it in here. Now you need to get your target IP address which you can which I'm going to do and I can do using my command prompt here using the IP config command. So IP config. It's been a long time since I've used windows seven but boy it feels good. So there you are 192.168.1.102. And we're just going to go into our target and hit Add. And we're going to say 192.168.1.102, and we hit okay, right. So we've added our target, you know, IP address and our router IP address. Okay, so now we need to actually perform the ARP poisoning attack that will give us the middle access. So to do that is really very simple. Just going to man in the middle and click on ARP poisoning. And now it's going to ask you for optional parameters. Make sure you check sniff remote connections and just hit okay. So once you've done that, the ARP poisoning has begun and it's currently running. So now you can use a traffic or network sniffing tool like wire shark or TCP dump, which is what we're going to be using. So if I just open up TCP dump, I really enjoy using TCP dump sometimes so TCP dump, , and we can say the interface is Ethernet zero, and we specify the port, Port 80 The target or actually the host is 192.168.1.102, or two being our target.
the syntax for TCP dump is quite confusing in the sense that
you have to specify the, you have to specify the interface that you're using,
you then have to specify the port which in this case, we're using the TCP port,
and our host, which is 192.168.1.102, that is the target IP that we want to
sniff the traffic from.
So now if I go into Windows operating system here, and I just let me just open a new window here likes so. And I just ran open a site like reddit.com alright so reddit.com and it is go back to kali Linux and as you can see there we are the traffic is being captured just as though just the way we wanted it now Additionally, you can use wire shark if that is what is comfortable for you but they go that is how to perform a man in the middle attack with a cap it's really very simple. The process is exactly the same as to what you would find with arts and that's because they are both using the ARP poisoning method. Alright, so that's going to be it for this tutorial guys.
So now if I go into Windows operating system here, and I just let me just open a new window here likes so. And I just ran open a site like reddit.com alright so reddit.com and it is go back to kali Linux and as you can see there we are the traffic is being captured just as though just the way we wanted it now Additionally, you can use wire shark if that is what is comfortable for you but they go that is how to perform a man in the middle attack with a cap it's really very simple. The process is exactly the same as to what you would find with arts and that's because they are both using the ARP poisoning method. Alright, so that's going to be it for this tutorial guys.
Comments
Post a Comment