MAN-IN-THE-MIDDLE_ATTACK USING KALI LINUX

The “MAN-IN-THE-MIDDLE_ATTACK” is one of the most famous attack into the hacking world. As we know that there are a lot of ways to perform “MAN-IN-THE-MIDDLE_ATTACK”. Today we will perform this by using KALI Linux.
In simple words  “MAN-IN-THE-MIDDLE_ATTACK”  can be explained as attacker or a hacker have the access to all the information sent in between the client and the server .To prevent these kind of attacks Email providers started using Hypertext Transfer Protocol Secure (HTTPS). It is a combination of the Hypertext Transfer Protocol(HTTP) with SSL (Secure socket layer )protocol to provide encryption between the client and the server connection. For more definitions/info about “MAN-IN-THE-MIDDLE_ATTACK” you can switch to the Wikipedia HERE.

So let’s move on our way to perform “MAN-IN-THE-MIDDLE_ATTACK” successfully.
Requirements:-

• KALI Linux
• Arpspoof
• Driftnet
• Urlsnarf

Before starting the step by step tutorial we have some assumptions for your convenience: –

Victim IP address : 192.168.43.90 Attacker network interface : eth0  with IP address : 192.168.43.93 Router IP address : 192.168.43.83

Now you need to follow these steps carefully: –

• Open the terminal of your kali Linux by pressing CTRL+ALT+T simultaneously.
• Now configure you kali to allow port forwarding.

Let us introduce you in brief about the port forwarding and how to turn it on: – Basically, Port forwarding is used when we want our computer to act like a router. Our computer receive the packet that come inside and then forward it into another destination. for allowing the port forwarding into: – LINUX You need to change the value in your  /proc/sys/net/ipv4/ip_forward from 0 to 1 or you can go through echo ‘1’ > /proc/sys/net/ipv4/ip_forward WINDOWS In Windows, the default value for port forwarding is disabled, you can enable it by: – Open RUN(WINDOW+R) Type “services.msc” and hit on ‘ok’ In services windows, scroll down and find “Routing and Remote Access” services. You will find out that this service is disabled by default, you need to enable it. Then, just Right Click in “Routing and Remote Access” and click on Properties and Choose automatic to enable this service. And at last you need to start the service or you can right click and then choose start.

• The step ahead is to setting up arpspoof between victim and router.by using the following command

       arpspoof -i eth0 -t 192.168.43.90 192.168.43.83

• Then you need to set up arpspoof to capture all packet from router to victim by the command

       arpspoof -i eth0 192.168.8.8 192.168.8.90

• Now all the packet sent or received by victim should be going through the attacker’s (your) system.
• Then you can use driftnet to monitor all victim image traffic. Basically Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes.
• To Run driftnet just follow the command “driftnet -i eth0” (without quotes).Now, when the victim browse  a website with image, driftnet will capture all image traffic. you can simply type CTRL+C in the terminal to close the driftnet.
• For the next step we will try to capture the website information/data by using urlsnarf. To use

urlsnarf, just run this code urlsnarf -i eth0 and urlsnarf will start capturing all website address visited by victim’s system.

• And When the victim browse any website, you will know the address that the victim visited.