MITM with Ettercap

June 17, 2012, by | Start Discussion


Hello readers, we are back with our tutorials on Matriux, due to some unwanted circumstances we weren’t able to be a part of last month’s issue. However we promise to provide our continued support and help to the users. This month we are going to cover a basic tutorial of Man-In-The-Middle (MITM) attack using Ettercap by ARP spoofing technique.

Ettercap

Ettercap is a great tool especially for Man-In-The-Middle Attacks. Very simple and easy to use tool intercept data over LAN and systems connected over switched routers and execute MITM attacks.

Ettercap is a great tool especially for Man-In-The-Middle Attacks. Very simple and easy to use tool intercept data over LAN and systems connected over switched routers and execute MITM attacks.

MITM with Ettercap by ARP poisoning:

Requirement:

Target system to be in the same network as our attacker – Matriux (can be used over systems communicating over routers too). But let’s make it easy 😉

Ettercap can be found in Matriux under Arsenal > Scanning > Ettercap.

I prefer we use the console mode for better understanding of the attack procedure.

Attack Setup:

1)    Enable IP Forwarding by typing the following in terminal.

2)    Edit the file /etc/etter.conf (may be present at different location in different version try “locate etter.conf “). Uncomment the following lines by removing “#” they are present

3)    Open another terminal and type “driftnet –i <<interface>>” use the interface by which you are able to communicate with the target system. (in my case it was eth1). You will be able to see a black window coming up

Initiating the Attack:

Open the terminal as root and start the attack by typing:

~#ettercap –Tq –M arp:remote /<<IPof target>>/

IP of target can be a group of IP addresses.

Now you can see the data, passwords and everything being browsed or passed over internet from the target in the window of fig4 and also the images the target is browsing in the driftnet window we opened up earlier

Now you have successfully performed a MITM attack using Ettercap by ARP spoofing. You can also try changing the data the target system is communicating with the internet.

Corrupting the data packets

To corrupt the data you need to create a ettercap filter. The data corruption and manipulation depends on how you want the target to see the data. Here we discuss the data corruption by creating a simple image filter. Which shows a particular image that we want to show instead of all the images the user browses over TCP/UDP.

1)Create a file named filter and paste the following code:

2)Now create the ettercap filter from the file by typing:

~#etterfilter filter -o filter.ef

3)Now start ettercap again by applying the filter we just created by typing

~# ettercap -T -q -F filter.ef -M arp:remote /target ipaddress/

Now you see that the target browsing the internet will see the images that we have included in the filter instead of the actual images.

Happy Hacking 🙂

Author bio not avialable

Leave a Reply