MITM With Ettercap - ARP Poisoning

Summary

In this video, HackerSploit explores the world of Man In The Middle (MITM) attacks using the tool Ettercap. Delivered on the Kali Linux platform, this tutorial provides a comprehensive guide on setting up and configuring Ettercap, performing ARP poisoning, and intercepting network traffic between a Windows 7 target system and a router. The video aims to enhance understanding by comparing Ettercap's ARP poisoning capabilities with similar tools like arpspoof, ensuring viewers can replicate these techniques in a safe and ethical manner for educational or authorized security testing purposes.

Highlights

• Learn how to setup Ettercap for ARP poisoning in Kali Linux effortlessly! 🎯
• Configure the right network interface for seamless packet interception. 🔗
• Sniff live network traffic like a pro using Wireshark or TCP Dump. 👨‍💻
• Discover the essentials of MITM attack strategies and enhance your hacking skills. ⚔️
• Join the HackerSploit journey to 50k and then 100k subscribers! 🚀

Key Takeaways

• Ettercap allows you to execute MITM attacks by manipulating network traffic on your local network. ⚙️
• Configuring your environment correctly is vital for successfully performing MITM attacks. 🛠️
• Using Ettercap with the correct settings can help you capture and analyze network traffic effectively. 📡
• Staying updated with the latest version of Kali Linux ensures you have the best tools for penetration testing. 🐧
• Ethical hacking requires practice and learning; ensure you're testing in a legal and controlled environment. 🔍

Overview

HackerSploit dives into the workings of Man In The Middle (MITM) attacks using Ettercap, a Hackers' go-to tool for network traffic manipulation available on Kali Linux. The setup is straightforward as long as your Kali Linux system is updated with the latest packages, making the tool ready for demonstrating powerful network interception techniques.

After familiarizing the audience with the necessary system commands to enable IP packet forwarding, the tutorial takes a practical turn. By leveraging a Windows 7 system as the target and configuring the network adapter settings appropriately, viewers learn how to use Ettercap's graphical interface to perform ARP poisoning, thus gaining unauthorized access to the data exchanged between the target and the router.

Concluding with running a traffic sniff test with TCP Dump, the video not only illustrates the methodology behind MITM attacks but also stresses the importance of ethical hacking and legal compliance. Thanks to HackerSploit's clear, engaging tutorial, both novice and intermediate enthusiasts can grasp the essentials of network security testing with confidence.

Chapters

• 00:00 - 00:30: Introduction to Ettercap In the introduction to Ettercap, the speaker addresses requests from viewers to elaborate on man-in-the-middle attacks, particularly using a tool called Ettercap. The chapter sets the stage by highlighting Ettercap as a robust security tool that facilitates man-in-the-middle attacks on local area networks, making it an essential skill for network security enthusiasts.
• 00:30 - 01:00: Configuring Kali Linux for Ettercap This chapter explains that Ettercap comes pre-installed and pre-configured in Kali Linux, making it easy for users as they don't have to download or set up anything additionally. It suggests updating the packages to ensure you're running the latest version if you haven't logged in to Kali Linux for some time. It refers to a previous video where the instructor demonstrated ARP spoofing but missed forwarding the packets properly, which was pointed out by viewers in the comments.
• 01:00 - 01:30: Packet Forwarding Setup This chapter explains the process of setting up packet forwarding on a computer to act as a man-in-the-middle, allowing packet communication between a router and a client. The speaker acknowledges an oversight in a previous demonstration and proceeds to guide through the setup step-by-step, emphasizing its importance for proper connection. The process begins with opening a terminal as a root user.
• 01:30 - 02:00: Using Ettercap for Sniffing This chapter discusses the use of Ettercap for sniffing in network monitoring. The focus is on enabling IP forwarding using the system control command. The specific command is 'net.ipv4.ip_forward=1', which is necessary for allowing the flow of packets, crucial for the sniffing process. The process of setting this parameter is essential for properly configuring the system to capture network traffic, enabling an effective monitoring strategy.
• 02:00 - 02:30: Selecting Network Interface In this chapter, the process of selecting a network interface is discussed, particularly in the context of acting between the router and the client using a computer. The chapter begins with instructions to ensure that the IPv4 IP value should be set to one. After configuring the network settings, the chapter introduces 'Ettercap', a network security tool that is pre-installed on Kali Linux. The chapter advises the user to search for Ettercap using the search menu and stresses the use of the 'Ettercap Graphical' interface for ease of use.
• 02:30 - 03:30: Adding Targets in Ettercap This chapter discusses the preliminary steps necessary for conducting a man-in-the-middle attack using Ettercap. The focus is on selecting and verifying a target for the attack. In the demonstration, a Windows 7 operating system is used as the target device. The objective is to intercept the data packets being exchanged between the Windows 7 system and the router. The chapter begins with instructions on how to set up the Attacker Application (attack app) for initiating this process.
• 03:30 - 04:30: ARP Poisoning Attack The chapter discusses ARP poisoning attacks and begins by explaining the importance of selecting the correct sniffing option based on network connections. It emphasizes using bridge sniffing when physically connected to an ethernet adapter, switch, or hub, especially in organizational settings where computers are interconnected.
• 04:30 - 05:30: Using TCPDump for Traffic Sniffing In this chapter, the process of using TCPDump for traffic sniffing is discussed, specifically through unified sniffing which is applicable when using one adapter without any bridged connection. The setup involves selecting the correct network interface, such as ethernet or a wireless adapter, and then starting the unified sniffing process. The next step includes adding a target by navigating to the current targets section. This foundational setup is crucial for further network traffic analysis.
• 05:30 - 06:30: Conclusion and Channel Goals The chapter discusses techniques for IP address spoofing, drawing parallels between art spoofing and ARP spoofing. It explains the basic steps involved, such as selecting the target and configuring IP addresses accordingly. The focus is on configuring the router IP address and the target IP, emphasizing their roles in the spoofing process.

MITM With Ettercap - ARP Poisoning Transcription

• 00:00 - 00:30 [Music] hey guys hack exploit here back again with another video so a lot of you guys have been asking me to elaborate more with the man in the middle attacks and more specifically uh to show you how to use a tool called eta cap all right so for those of you who don't know what eta cap is attack app is a fantastic security tool that allows you to perform man in the middle attacks on lan or on your on your local network
• 00:30 - 01:00 all right so it comes pre-installed and pre-configured in kali linux which is you know fantastic so you don't have to you download or set anything up uh all the only thing you need to do is you if you haven't logged into kali linux for a while just update your packages and make sure you run and make sure you're running the latest version all right so in the previous video when we were looking at erp spoofing with arp spoof uh some of you actually noticed in the comments that i did not ford the packets uh in the sense that um i did not allow
• 01:00 - 01:30 the the flow of packets through my computer being the man in the middle uh allowing it to flow to and back uh you know to the router and back to the client or our target for this matter okay so hopefully i can explain how to do that right now i actually did it before the video assuming that many people know how to do it and a lot of people were saying that their connection isn't working and i actually remembered that yes that that is an essentials uh step so i'm going to show you how to do it now all right so just open up your terminal and obviously make sure you're in root
• 01:30 - 02:00 it always helps and now we're going to use the system control command so system control and we now want to select the option uh w to write so w to write and net dot um what was it net dot ipv4 yes we want to forward ipv4 packets dot ip forward sorry ipford ip4 uh equals to one so the value should be equal to one all right so that is the command that will allow the flow of uh packets
• 02:00 - 02:30 through your computer uh uh as you're acting uh between the router and the client so just hit enter and it should give you the results saying yes uh the the ipv4 uh ip will will the value should be one all right so once you've done we are done with that we can get started with attack app all right so eta cap as i said is pre installed with calorie linux so you can just search for it and you can just go into your search menu and just go into ethercap and make sure you select ethercat graphical because that's what i'm going to be
• 02:30 - 03:00 elaborating in this video so just click on it now before we get started with actually you know performing any man in the middle attacks uh you need to have a target so in this case i have a target here all right so i have a target there and this is a windows 7 operating system that is going to act as our target so we're going to try and uh intercept the package being sent between the windows 7 operating system and my uh and my router all right so once you've opened up attack app what you need to do the first
• 03:00 - 03:30 thing you need to do is you need to select your sniffing option so usually if you're connected physically to the ethernet so what i mean when i say physically is you're actually connected to an ethernet adapter or to a switch or to a hub then i would recommend that you use bridge sniffing so what this means is if you you're in a situation like you're in an organization where you have you know your computer is connected to a switch that is also connected to other computers in the organization i would recommend that you use the bridged sniffing
• 03:30 - 04:00 otherwise in my case i'm just gonna use unified sniffing because i only want i'm only using one adapter there's no bridged connection okay so now it's going to ask you to select your network interface i'm going to select ethernet 0 because i'm using ethernet right now and by default you can also select your wireless adapter if that's what you choose to use so just hit ok and now as you can see it's going to tell you that the unified sniffing process is started and what you have to do now is you need to add a target so you want to go into targets and you want to go into current targets now as i said this is very
• 04:00 - 04:30 very similar to art spoof where you would simply add your your router ip address and your target ip address uh similar to what you would do with uh with our spoof so uh what you would do with us proof is you would firstly uh the the first step would be to select your to select the target uh as the router ip address and then you use the your target ip address as the secondary on so in this case all you need to do is just add your your target one ip address as your router so
• 04:30 - 05:00 192.168.1.1 that is my router ip address it is your default gateway address if that's what you're wondering so you can just type in ifconfig and you can find your default gateway and just get that and put it in here now you need to get your target ip address which you can which i'm going to do and i can do using my command prompt here using the ipconfig command so ipconfig it's been a long time since i've used windows 7 but boy it feels good uh so there you are 192.168.1.102
• 05:00 - 05:30 and we're just going to go into our target and hit add and we're going to say 192.168.1.102 and uh we hit okay all right so we've added our target in our ip address uh and our router ip address okay so now we need to actually perform the uh the arp poisoning attack that will give us money in the middle access so to do that is really very simple just going to man in the middle and click on arp poisoning and now it's going to ask you for optional parameters make sure you check sniff remote
• 05:30 - 06:00 connections and just hit ok so once you've done that the arp poisoning has begun and it's currently running so now you can use a traffic or network sniffing tool like wireshark or tcp dump which is what we're going to be using so if i just open up tcp dump i really enjoy using tcp dumps sometimes so tcp dump tcp dump and we can say the interface is uh ethernet 0 and we specify the the port port 80
• 06:00 - 06:30 the target or actually the host is 192.168.1.102 being our target and we oops for some reason we're getting an error uh port 80 um or uh sorry about that n n and 18 when we hit uh the port sorry after the port command there it's actually been a while since i've used tcp dump and for some reason i keep on getting this uh syntax error here so we've selected our host uh so n
• 06:30 - 07:00 port 80 host and host so i forgot to add the and and there we are all right so yeah the syntax for tcp dump is quite confusing in the sense that you have to specify the uh you have to specify the interface that you're using you then have to specify the port which in this case we're using the tcp port and our host which is 192.168.1.102 that is the target ip that we want to sniff the traffic from so now if i go into my windows operating system here and i just uh let me just open a new window here
• 07:00 - 07:30 like so and i just try and open a site like reddit.com alright so reddit.com and i just go back to kali linux and as you can see there we are the traffic is being captured uh just as though just the way we wanted it now additionally you can use wireshark if that is what is comfortable for you but there you go that is how to perform a money in the middle attack with etta cap it's really very simple the process is exactly the same as to what you would find with arp spoof and that's because they are both using the rp poisoning method
• 07:30 - 08:00 all right so that's going to be it for this video guys thank you so much for the support on the channel we have really really grown uh this month this year and our target our first target is 50 000 subscribers our second target for the year is 100 000 subscribers and i'm really really pushing forward to it thank you so much for everything you guys uh if you found value in this video please leave a like down below if you have any questions any at all hit me up in the comments section on my social networks or on kik all alright and you can check out my website for the latest hacking news tutorials and guides
• 08:00 - 08:30 so thank you so much for watching guys and i'll be seeing you in the next video peace you