Kali Linux | ARP Spoofing | Ettercap

Описание

ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an authentic IP address, the attacker will begin receiving any data that is intended for that IP address. ARP spoofing can enable malicious parties to intercept, modify or even stop data in-transit. ARP spoofing attacks can only occur on local area networks that utilise the Address Resolution Protocol.

1. ARP SPOOFING

Step1: Open Ettercap in graphical mode

In Terminal : #ettercap -G

Step2: Select the sniff mode

Sniff -: Unified sniffing

Step3: Scan for host inside your subnet

Hosts -: Scan for hosts
The network range scanned will be determined by the IP settings of the interface you have just chosen in the previous step.


See the MAC & IP addresses of the hosts inside your subnet.

Select the machines to poison

We chose to ARP poison only the windows machine 192.168.239.129 and the router 192.168.239.2

Step4: Add router address to "target 1".

Step5: Add windows address to "target 2" .

Check your targets

Step6: Go to Mitm select Arp poisoning and then select "sniff remote connections" to not let other connections be sniffed.

Step7: Start the ARP poisoning



Start -: Start sniffing