“ARP spoofing using MITMf” This section will cover MITMf (man-in-the-middle framework), a versatile tool that enables various MITM attacks. Specifically, we will demonstrate how to carry out a basic ARP poisoning attack similar to the one we discussed in the previous section, using a Wi-Fi card. However, it is worth noting that it is possible to substitute the Wi-Fi card with an Ethernet virtual card for these attacks.
When we run the ‘ifconfig‘ command to view our network interface, we will observe that the wlan0 card is linked to the internet network and assigned the IP address 10.0.0.11.
To view the MAC address of the Windows machine, we can execute the command ‘arp -a’ on it. By examining the subsequent screenshot, we can confirm that the gateway is located at 10.0.0.1 and that its MAC address ends with 49-df.
Our next step is to carry out an ARP poisoning attack to determine whether we can intercept traffic as a man-in-the-middle and whether the MAC address changes accordingly.
To leverage the MTTMf tool, we need to enter the command and specify the options for ARP poisoning, which involves providing the IP address of the router (i.e., the gateway), the IP address of the target, and the interface. The full command is as follows:
If we omit specifying a target, the tool will assume the entire subnet as the target. Additionally, the interface parameter refers to our wireless card. Therefore, by pressing the ENTER key, we can launch the tool and begin running it.
We can now switch to the Windows machine and execute the command ‘arp -a’ to verify whether we have successfully intercepted the connection. As shown in the screenshot, we can observe that the MAC addresses have been altered from 49-df to 19-32, which corresponds to the MAC address of our Kali interface, thereby confirming our success.
Our successful ARP poisoning indicates that we are now acting as the man-in-the-middle, and the MTTMf tool has automatically initiated a sniffer to capture the data transmitted by devices on our network. It is worth noting that unlike arpspoof, which merely places us in the middle, this tool incorporates a sniffer that enables us to intercept and analyze the network traffic.
Our next step involves visiting an HTTP website and intercepting the login credentials to demonstrate how the tool captures username and password data.
Our next step is to demonstrate how the tool captures login credentials on an HTTP website. On a Windows machine, we will navigate to carzone.ie and log in to an account while the MITM attack is running. We will the email address and the password. By returning to the MITMf console, we will confirm that we have successfully intercepted and captured the email address and password.
With our current setup, we can intercept and obtain any login credentials entered by the computers that we are ARP spoofing. Additionally, we can access all the URLs requested by the user, such as sell.carzone.ie, as well as the URLs requested by carzone.ie, which includes the links to the ads displayed on the website.
We hope that this article has provided valuable insights into ARP spoofing with MITMf. For more information about ethical hacking, we encourage you to follow us @ tutorials.freshersnow.com.