1. Backtrack 4 (i recommend it but not compulsory)
2.If you donot have backtrack then you can download and run ettercap from google ..
3. Common sense
Lets start
Question comes whats ettercap ?
Ettercap is a suite for man in the middle attacks on LAN.,DNS spoofing etc..
What we are gonna do ?
We are going to perform man in the middle attacks using a basic method called arp poisoning..
Now if you donot know what is arp poisioning then i suggest you google it :) before moving forward
So now we know what the hell is arp poisoning now we gonna see what actually happens when we do arp poisoning
What actually happens.. ?
Before ARP poisoning
![[Image: 1zxwf2x.jpg]](http://i42.tinypic.com/1zxwf2x.jpg)
After poisoning
![[Image: s63qsl.jpg]](http://i44.tinypic.com/s63qsl.jpg)
now the Method USING BACKTRACK 4 :
First open Ettercap in graphical mode using :
In konsole
# ettercap -G
![[Image: b5id5i.jpg]](http://i44.tinypic.com/b5id5i.jpg)
Select the sniff mode to sniff all the host connected on a LAN
Sniff → Unified sniffing
and
Scan for host inside your network using
Hosts → Scan
After scan is complete we go and check the host list we got.
![[Image: nbdkpy.jpg]](http://i39.tinypic.com/nbdkpy.jpg)
Now we see the MAC and IP addresses of the hosts inside the window
( Hosts → Hosts List)
These are the machines which are connected in a LAN .
From this list we need to select the machines we need to poison.
Now we choose to ARP poison the machine 192.168.1.2 (in my case) ..you can use other machines from your host list whom you want to poison and remember that the IP of the router will always be 192.168.1.1.
Next
Highlight the line containing 192.168.1.1 and click on the "target 1" button.
(It means this entry will be poisoned in the victim’s arp table so that all that victim uses on internet will first go through us.)
Highlight the line containing 192.168.1.2(in my case) it’s the victims IP address and click on the "target 2" button.
![[Image: f0cg1v.jpg]](http://i42.tinypic.com/f0cg1v.jpg)
To start the ARP poisoning:
Go to
Mitm → Arp poisoning
![[Image: 11s1co9.jpg]](http://i42.tinypic.com/11s1co9.jpg)
and start the sniffer to see the activities and its done ! whatever address victim will visit you will be able to see it :)
Method using Windows :
Download ettercap for windows and rest of the steps are same.
Note : ettercap in BT is not in GUI mode you may need to install GUI mode if you don't know how to use non GUI one.
Use "apt -get install ettercap-gtk"
If you have prblems seeing the images then see them here
http://img121.imageshack.us/gal.php?g=54830965.jpg
No comments:
Post a Comment