Welcome to a tutorial devoted to ARP Poisoning using Ettercap software!
First of all, I would like to point out that this tutorial will present the graphic aspect of Ettercap, and not its form in the console.
First, under Kali-Linux, Launch Ettercap in Applications> Internet> Ettercap, or with the command ettercap -G
Once ettercap is launched, make sure you have your victim’s IP address. For this test, I will take one on my LAN, yes because ARP poisoning does not work on the internet, do not try on someone who is not on your network, it will not work. I invite you to look at how ARP poisoning (or ARP spoofing) works on the internet, I’m just going to give you a brief, very simplified summary:
On your local network, you are identified by an IP address (like on the internet) but also with a MAC address. Let’s set the scene for your local network:
192.168.0.20 -> I am the attacker, I attack the victim 192.168.0.12 -> The victim is the machine I’m going to attack
192.168.0.1 -> My router, it is through him that my information and the victim’s information pass.
the goal here is to make me pass for the router (192.168.0.1) by changing my MAC address by that of this one. Thus, the victim will think he is talking to the router, but in fact, all the information will pass through me! Vicious isn’t it?
As I said, I’m 192.168.0.20. I want to attack 192.168.0.12. First, with Ettercap, do Sniff> Uniffied sniffing, then enter the interface you want to sniff. For me it will be eth0. I am not going to give you a course on network interfaces because this is not the subject, but basically eth0 corresponds to your Ethernet line, and wlan to your wireless network. No panic if you don’t have both! I only have eth0, personally.
Once this is completed, you must scan the hosts connected to the network, and verify that your victim is well connected. Otherwise, we will not be able to snort.
To scan: Hosts> Scan for hosts , then Hosts> Hosts list to see them. Yes otherwise it’s not funny! ^^
Now that we have our hosts connected, we need to create the redirect that I explained above. Luckily ettercap does it for us! Just specify the router in Target 1, and the victim (s) in Target 2!
For that: click on the address of your router, and enter Add to target 1 , then click on the address of your victim, and as you might have guessed, Add to target 2 !
To see your targets: Target> Current Targets
To launch the attack, go to Mitm> ARP Spoofing> Sniff remote connections, because yes, ARP spoofing is part of “Man-in-the-middle” attacks! See here for more information.
Then in Start> Start sniffing.
You will then have the list of POST methods in HTTP which will be displayed in the “console” at the bottom of the window. Who says POST method says passwords!