Learn to use AI like a Pro. Learn More

ARP Spoofing With arpspoof - MITM

Estimated read time: 1:20

    Learn to use AI like a Pro

    Get the latest AI workflows to boost your productivity and business performance, delivered weekly by expert consultants. Enjoy step-by-step guides, weekly Q&A sessions, and full access to our AI workflow archive.

    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo
    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo

    Summary

    In this video, HackerSploit introduces the concept of ARP spoofing, also known as ARP poisoning, which is a method to redirect traffic on a local network through an attacker's device, essentially setting up a man-in-the-middle attack. Using the tool "arpspoof" on Kali Linux, HackerSploit demonstrates how to trick both a target client and the network's router into sending traffic through the attacker's device by exploiting the trust-based nature of the ARP protocol. The video provides a step-by-step guide on setting up the attack and using tools like Wireshark to analyze the redirected traffic.

      Highlights

      • HackerSploit reveals his face on camera for the first time. πŸ“Έ
      • Introduction to ARP spoofing and its purpose in network penetration. 🌐
      • Demonstration using Kali Linux's terminal for ARP spoofing with arpspoof. πŸ–₯️
      • Explanation of using netdiscover to find network devices and choose targets. πŸ”
      • Details on setting up arpspoof to trick both the client and the router. πŸ•΅οΈβ€β™‚οΈ
      • Using Wireshark and dsniff for analyzing redirected network traffic. πŸ“Š
      • Encouragement for community involvement by submitting tutorials for the HackerSploit website. 🌟

      Key Takeaways

      • ARP spoofing can be used to redirect network traffic through your device, setting up potential man-in-the-middle attacks. 😈
      • The ARP protocol is inherently trusting, making it susceptible to spoofing techniques. πŸ“‘
      • Tools like arpspoof and Wireshark on Kali Linux can facilitate network traffic analysis and sniffing. πŸ•΅οΈβ€β™‚οΈ
      • Dual terminal setup is used to simultaneously spoof the router and the client. πŸ–₯️
      • Knowledge of the network's IP addresses is crucial to performing ARP attacks effectively. 🌐

      Overview

      Hey there, tech enthusiasts and cyber warriors! Ever thought about what happens when you flip the network's expectations on its head? Today, HackerSploit dives into the intriguing world of ARP spoofing using the powerful Kali Linux tool, arpspoof. The episode kicks off with a warm facecam greeting, setting the tone for a tech-deep dive you don't want to miss.

        ARP spoofing, or ARP poisoning, is the art of redirecting packets on a local network, posing as the trusted mediator between the client and the router. This man-in-the-middle technique taps into the protocol's inherent trust vulnerability. HackerSploit smoothly walks us through using arpspoof to intercept traffic, using dual terminals to simultaneously spoof the client and the router. The excitement unfolds as each terminal command brings us closer to mastering the spoof.

          As packets start flowing through the attacker's Kali Linux setup, the potential for analysis and exploration is boundless. From netdiscover to pinpoint network devices, to Wireshark for deciphering the intercepted data, the toolkit at hand is powerful. HackerSploit's invite to contribute to his growing tutorial library adds a collaborative twist, encouraging viewers to share and sharpen their hacking prowess.

            Chapters

            • 00:00 - 00:30: Introduction and Personal Update The video begins with an introduction by the creator, Hackersplat, who addresses their audience and shares a personal update. For the first time, the creator is using a face cam, something they have contemplated for a long time. They invite feedback from viewers on whether they prefer videos with the face cam or the traditional full-screen tutorial format.
            • 00:30 - 01:00: Overview of ARP Spoofing The chapter titled 'Overview of ARP Spoofing' introduces the concept of ARP spoofing or ARP poisoning. The video aims to explain the mechanism behind ARP spoofing and its function in network traffic redirection, allowing interception of data as a form of a man-in-the-middle attack. It emphasizes mainly on the functionality of ARP and the techniques involved in ARP poisoning. The speaker poses questions to the audience, particularly 'What is ARP?' and acknowledges that it may be a new concept for some. ARP is defined as a fundamental network protocol.
            • 01:00 - 02:00: Explanation of ARP Protocol and Spoofing Concept The chapter explains the Address Resolution Protocol (ARP) and its place in the OSI model, specifically in Layer 2. It clarifies that ARP's main function is to map MAC addresses to IP addresses. The text also introduces the concept of ARP spoofing, describing it as the process of sending an ARP response to a client, which is a typical technique used for man-in-the-middle attacks.
            • 02:00 - 02:30: Exploiting ARP Protocol and Introduction to Arpspoof Tool The chapter titled 'Exploiting ARP Protocol and Introduction to Arpspoof Tool' explains a hacking technique where an attacker impersonates the router on a local network. The attacker tells the client that the device with the router’s IP address actually has the attacker's MAC address. This allows the attacker, operating on a local network, to intercept communications intended for the legitimate router.
            • 02:30 - 03:30: Setting Up the Environment in Kali Linux This chapter discusses how to set up the environment in Kali Linux by connecting to a client using the router's IP address, which is typically the default gateway address. The method described involves tricking the client into passing traffic through an intermediary device by spoofing your MAC address as the router's. This exploits the Address Resolution Protocol (ARP) to intercept and manipulate network traffic between the client and the actual router.
            • 03:30 - 04:30: Using Netdiscover to Identify Target This chapter discusses how the ARP protocol can be exploited due to its inherent trust in any ARP response, making it vulnerable to attacks. The chapter introduces the tool Arp Spoof, which is used to redirect client traffic to an attacker's device, enabling man-in-the-middle attacks and traffic sniffing. The emphasis is on the power and effectiveness of ARP spoofing in network exploitation.
            • 04:30 - 07:00: Initiating ARP Spoof Attack with Arpspoof The chapter begins with the narrator setting up their environment using Kali Linux. They discuss the tools they plan on using, specifically choosing the terminal over Terminator for clarity and visibility. The setting up of the terminal is emphasized as the initial step before proceeding with the practical demonstration of an ARP spoof attack using arpspoof.
            • 07:00 - 09:00: Utilizing Dsniff and Wireshark for Traffic Analysis In this chapter, the focus is on using 'netdiscover' to identify devices on a network. This is a preparatory step for performing a man-in-the-middle (MITM) attack. The chapter demonstrates targeting a host operating system by checking its local IP configuration.
            • 09:00 - 10:00: Conclusion and Community Engagement The chapter focuses on concluding thoughts and highlights the importance of community engagement. It explains how to perform ARP spoofing on a target machine using Kali Linux. The process involves using two terminals to initialize ARP spoof, with details on setting up the network environment and identifying target IP addresses to execute the spoofing effectively. Emphasis is placed on the security implications and the educational context for applying such techniques.

            ARP Spoofing With arpspoof - MITM Transcription

            • 00:00 - 00:30 [Music] hey guys hackersplat here back again with another video and yes you can finally see my face now this is something i've been thinking about for a long long time and it's finally here so do let me know what you think whether you enjoy the videos like this with um obviously with my face cam or you would like a full screen you know tutorial video uh
            • 00:30 - 01:00 just the way i usually do them all right so let's get to today's video so today's video is going to be about uh arp poisoning or arp spoofing and essentially uh how to allow uh or redirect packets or uh you know traffic to flow through our device essentially uh you know performing in a man-in-the-middle attack but in this video we'll be focusing more on how erp works and how erp's poisoning works all right so you might be asking yourself well what is arp is this the first time you're hearing about it if it is arp is essentially a network
            • 01:00 - 01:30 protocol and i believe it is on in the osi 2 layer so essentially it what it stands for is an address resolution protocol and its purpose is to resolve mac addresses to ip addresses all right so uh when it comes down to erp spoofing what happens is uh what we are going to be doing is and the concept behind erp spoofing is that you're going to send an arp response to a client all right so client
            • 01:30 - 02:00 on the network you being the attacker all right saying i am the router all right and then telling the client uh that the device with the router ip address has my mac address so essentially what's happening is the uh you're the hacker or the uh the attacker and this the router and you have the client that you want to target obviously through the ip address and obviously this is done locally obviously because it's on a network right so you you are essentially telling the client
            • 02:00 - 02:30 you're connecting to the client with the router's ip address right uh so you you're connecting to the client with the router's ip address which is the default gateway address and you're telling um you're essentially telling the client that i am the router and you should pass your traffic through me right so you're standing in between the client and the router and obviously you've tricked the client by telling by obviously using the router's ip address but your but the mac address will be your mac address and you're exploiting the arp protocol
            • 02:30 - 03:00 because the arp protocol uh any erp response will be trusted so that's a very very easy way of exploiting this technology or this protocol so the tool we're going to be using is arp spoof uh or arp spoof as it's commonly known as and it's a very very powerful tool that will allow us to um to actually redirect traffic from clients to our device and you know uh from that point onwards you can perform man in the middle attacks and you know sniff the traffic
            • 03:00 - 03:30 uh so let's get started so uh i'm on kali linux right now and i'm just going to open up my terminator because i find that this is a fantastic tool that is great for this purpose and you'll see why so what i'm going to do is or actually i would actually prefer to use the terminal because i can enlarge the text here and we can have a good idea of what's going on in terms of what's being printed out on the terminal right uh so there we are finally open up the terminal that took a while for some
            • 03:30 - 04:00 reason so i'm just going to zoom in now what we need to do first is we need to use netdiscover i'm going to be using netdiscover and you can use netdiscover to discover uh the devices on your network or computers on a network that you want to perform the man in the middle attack all right so what does this mean so for example i'm going to try and target my host operating system which is right here so i'm just going to check my iep config there we are and my local ip address is
            • 04:00 - 04:30 192.168.1.104 all right so i'm back in cali linux and i've got the uh the windows on my host operating system address and that's what i want to perform the arp spoof on orp poisoning on so since i already know what the ip address is we can get started so to use the rp spoofing it's really really easy what i'm going to do is i'm just going to open up two terminals because we're going to need to initialize arp spoof uh twice okay so let me just open this up for some reason
            • 04:30 - 05:00 that's taking really really long to open i apologize for this freeze up i should have actually opened this prior to this uh but anyway i'll just give it a few seconds oops there we are we have some kind of uh graphical glitch there all right now let me just zoom in okay so we can get started now uh so what i'm going to do is uh to get started it's really very simple so we use the arp spoof command or arp spoof right now the commands are very very simple we use iphone interface
            • 05:00 - 05:30 all right so the i uh now this is depending on you if you're using a wi-fi card you can choose your uh your wi-fi device name which is uh if you're using a wireless adapter it'll be lan 0 or wlan0 and since i'm using ethernet i'm going to be using ethernet 0 so those are the default hardware names given or device names given to the different uh network adapters that you could be using all right the next thing is to use the t command because this allows us to select the comma the
            • 05:30 - 06:00 target now it's very very important that since we're going to be running two instances of this because we are tricking both the router and the client that uh i am the router and i am the client so uh you'll get the gist once you're moving along so now we have to specify the target ip all right so in this instance we're going to specify the target id first so that is going to be 192.168.1.106 okay and then after that i'm going to target the default gateway which is my router's ip address
            • 06:00 - 06:30 all right so essentially what we're doing here is essentially targeting the um the your the the your target or the client in which you're trying to perform the spoof attack on the erp spoof attack on and we're telling uh that client that we are the router because we're using the default gateways ip address right so 168.1.1 all right fantastic uh once we've hit uh once this is good uh so essentially let's look at the syntax again erp spoof uh the your
            • 06:30 - 07:00 your wireless adapter or interface name and the target but in this case we're using the target ip first and then the default gateway iep after that and i'm going to hit enter oops i'm going to hit enter and it's going to start error proof on that and now for the next terminal whoops for some reason we couldn't uh oh yeah i actually made a mistake the target ip is 104 let me just try that again there we are fantastic it's working now
            • 07:00 - 07:30 so again depending on what your target ip address is you can specify that accordingly now the next one arp spoof again uh erp spoof uh the interface line zero oops ethernet zero for me don't worry about what the other terminal is doing that really doesn't matter because again it's just sending the requests to the client saying that i'm the router so we haven't completed the arp spoof uh attack just yet so now we specify the target but in this case now we're telling the
            • 07:30 - 08:00 router that i am that client i am 192.168.1.104 all right so we use the the default gateway or the router's ip 168.1.1 then we specify the target's ip so 192.168.1.104 and once that's done we just hit enter and it's going to complete the arp the erp spoofing and now essentially all the traffic is going to be passing through us and
            • 08:00 - 08:30 now you can start using tools like wireshark to analyze or to sniff the traffic or you can use d-sniff which is part of arp spoof or actually arp spoof is part of the d-sniff package so if i open up a new terminal here let me just see if i can open that up so d sniff uh if i just hit d sniff whoops uh let me just increase the the font size here so d sniff right so if i open up decent if it's going to start listening on ethernet 0
            • 08:30 - 09:00 and it's going to save the files or the sniffed files that it's got from that from the client that you're performing the rp spoof on and it'll save it in the home folder where you can find the log file for dsnif and essentially what you can do now is open up a you know a traffic analyzing tool like wireshark or or whatever tool you choose to use and you can go through the packets that are being sniffed because all the traffic from that device is passing through the attacker machine which is what i'm using now so that's gonna be it for this video guys i hope you enjoyed this video if
            • 09:00 - 09:30 you did please leave a like down below thank you so much for the support i really really appreciate it and uh yeah one more thing on the website i'm accepting articles or tutorials that you guys uh if you want to post a tutorial or a guide just write it up to me uh review it and if it's good enough or it's uh you know it's perf it's giving value to people i'll publish it on the website under your name so yeah i'm hoping to make it a lot more interactive and i'm going to be posting a lot of more tutorials on their guides
            • 09:30 - 10:00 things to help you guys get started and you know things to keep you guys going in terms of learning about hacking and you know anything else so if you have any questions or suggestions leave them in the comment section or you can hit me up on my social networks and yeah i'll be seeing you in the next video peace [Music]
            • 10:00 - 10:30 you