In this scenario we will perform a MitM attack though arp spoofing. The concept basically comes down to ensuring that you can poison the arp table of the target machine and also the arp table of it’s default gateway.

For this example we will use arpspoof with the target’s IP set to 10.10.10.20 and it’s gateway IP 10.10.10.01. Before starting this attack, please ensure that your machine is setup to forward traffic by running the following command:
echo 1 > /proc/sys/net/ipv4/ip_forward  (this will enable IP forwarding)

The first command to run from the kali interface is:
arpspoof -i eth0 -t 10.10.10.20 10.10.10.1

You should now be able to see the poisoned arp table on the target machine – it will have two IPs listed with the same MAC address.

To ensure we complete the full MitM procedure we need to also poison the default gateway’s arp table:
arpspoof -i eth0 -t 10.10.10.1 10.10.10.20

You will now be able to view all the traffic between the target and the default gateway using wireshark or tcpdump.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s