Skip to main content

MITM using Ettercap

Man In The Middle Attack
The man-in-the-middle attack (also known as a bucket-brigade attack and abbreviated MITM) is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker.
Ettercap
Ettercap is a suite for man in the middle attacks on LAN (local area network). It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. In this tutorial i will explain how to sniff (user names,passwords) in LAN using Ettercap

Configuring Ettercap for the Attack
We will be using Ettercap to perform the MiTM attack, but to do so, we will have to set up Ettercap to use IPTables to forward traffic. To do so, open up a terminal session and type the following (everything after the #)

root@bt:~ # echo 1 > /proc/sys/net/ipv4/ip_forward
This enables IP forwarding. Then, type the following:
root@bt:~ # kedit /usr/local/etc/etter.conf
This will open up a new window within which is a text file that holds all the configuration settings for Ettercap. Look for the following lines in the file, and uncomment them by removing the hashes (except for the one next to ―if‖, then save it and close it:
# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
to this:
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
We are now ready to proceed to the attack stage. There are several kinds man in the middle attacks that we can perform, But in this tutorial we will see attacks based on the ARP protocol
ARP Poisoning

Address Resolution Protocol (ARP) spoofing, also known as ARP flooding, ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP Spoofing may allow an attacker to sniff data frames on a local area network (LAN),
Man in the Middle Attack using Ettercap
1. First start the ettercap: It is located in Backtrack >Privilege Escalation >Sniffers >Network Sniffers > ettercap-gtk

2. After installation open Ettercap, select sniff mode> unified sniffing and select your network interface as shown
3. Now scan for hosts in your sub net by going to Hosts —> scan for hosts


4. Now open host list from hosts tab and select the IP address of the victim as target 1 and IP address of the router as target 2
5. You can see the targets we have selected by going to the Target menu> Current target
6. Now start ARP poisoning by going to mitm —> ARP Poisoning

7. Finally start the sniffer by going to start —> start sniffing . Now if victim logs into gmail , face book yahoo mail…etc .we will get the user name and password
8. You will see the username name and password in the bottom window
9. You can cross check the ARP cache by typing ―arp –a‖ in the terminal/command prompt to confirm whether the ARP cache has been modified or not.





Comments

Popular posts from this blog

NMAP and ZenMAP

NMAP and ZenMAP are useful tools for the scanning phase of Ethical Hacking in Kali Linux. NMAP and ZenMAP are practically the same tool, however NMAP uses command line while ZenMAP has a GUI. NMAP is a free utility tool for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. NMAP uses raw IP packets in novel ways to determine which hosts are available on the network, what services (application name and version) those hosts are offering, which operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, etc. Now, let’s go step by step and learn how to use NMAP and ZenMAP. Step 1 − To open, go to Applications → 01-Information Gathering → nmap or zenmap. Step 2 − The next step is to detect the OS type/version of the target host. Based on the help indicat...

Internet Of Things -IOT

Hey there! Have you heard of IoT? Yes the most popular thing in industry. If not, it is Internet of Things. Do you use smart watches or have you heard about smart city, smart house, these are the practical application of IoT. Didn’t get it?If you just Google “what is IoT?”, you will get a technical answer: “The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.”  Simply, The Internet of Things, or IoT, refers to the billions of physical devices around the world that are now connected to the internet, collecting and sharing data. Now you’ll ask me “Okay, but why is it so much important?”. Today majority of devices works on sensors but sensors will not live forever. In other words, cheap sensors are not going to be 100% reliable, 100% of the time. Ph...

Kali Linux - Installation and Configuration

Kali Linux is one of the best security packages of an ethical hacker, containing a set of tools divided by the categories. It is an open source and its official webpage is https://www.kali.org. Generally, Kali Linux can be installed in a machine as an Operating System, as a virtual machine . Installing Kali Linux is a practical option as it provides more options to work and combine the tools. You can also create a live boot CD or USB. All this can be found in the following link: https://www.kali.org/downloads/ BackTrack was the old version of Kali Linux distribution. The latest release is Kali 2018.1 and it is updated very often. To install Kali Linux − First, we will download the Virtual box  or Vmware workstation and install it. Later, we will download and install Kali Linux distribution. Instead of downloading  the images file you all can download that ova file extension . The benefits of it is that you do not have to install it. What you have to do is to just ...