The man-in-the-middle attack (often abbreviatedMITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.Scenario:This is the simple scenario, and I try to draw it in a picture.Victim IP address :192.168.8.90Attacker network interface :eth0; with IP address :192.168.8.93Router IP address :192.168.8.8Requirements:1. Arpspoof2. Driftnet3. UrlsnarfStep by step Kali Linux Man in the Middle Attack :1. Open your terminal (CTRL + ALT + Tkali shortcut) and configure ourKali Linuxmachine to allow packet forwarding, because act as man in the middle attacker,Kali Linuxmust act as router between "real router" and the victim. Read the tutorial herehow to set up packet forwarding in linux.2. You can change your terminal interface to make the view much more friendly and easy to monitor bysplitting kali linux terminal window.3. The next step is setting up arpspoof between victim and router.arpspoof -i eth0 -t 192.168.8.90 192.168.8.84. And then setting up arpspoof from to capture all packet from router to victim.arpspoof -i eth0 192.168.8.8 192.168.8.905. After step three and four, now all the packet sent or received by victim should be going through attacker machine.6. Now we can try to use driftnet to monitor all victim image traffic. According to itswebsite,Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.7. To run driftnet, we just run thisdriftnet -i eth0When victim browse a website with image, driftnet will capture all image traffic as shown in the screenshot below.To stop driftnet, just close the driftnet window orpress CTRL + C in the terminal8. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this codeurlsnarf -i eth0and urlsnarf will start capturing all website address visited by victim machine.9. When victim browse a website, attacker will know the address victim visited.Here is the video in case you can't get the text explanations above.Conclusion:1. To change or spoof the attacker MAC address,you can view the tutorial abouthow to change kali linux MAC address.2. Driftnet or Urlsnarf was hard to detect, but youcan try to find the device in your network with promiscious mode which have possibliity to sniff the network traffic.Hope you found it usefulShare this article if you found this post was useful:
Thnx