| home |
| securityTopics |
| examples |
| downloads |
| furtherReading |
| contact |
| Man in the Middle Attacks : Tools |
Using Ettercap we will perform a Man-in-the-Middle attack. Materials Needed: Step 1: Start BackTrack We will be using the security distribution Backtrack from http://www.remote-exploit.org due to it being preconfigured with most of the packages and tools we will be using. Any version of Linux will work for these tutorials, however you will need to install and configure the packages yourself before attempting these scenarios. Boot Backtrack and when you are prompted enter 'root' and the password 'toor' then type 'startx' to start the graphical interface. Step 2: Set up your Network connection If your network is configured with DHCP then issuing these commands from the terminal will usually suffice to set things up.
Step 3: Start Ettercap Click on the BackTrack Menu at the bottom left of the screen, then select 'BackTrack', 'Sniffers' and 'Ettercap' Step 4: Set your Netmask Click 'Options' then 'Set Netmask' This tells Ettercap how large of a network it's on, just copy your netmask into here. In our example we'll be using 255.255.255.0 Step 5: Select Unified Sniffing This option tells Ettercap that you are using a single network interface for the attack. Click 'Sniff' then 'Unified Sniffing' and select your interface, in our example this is eth0. Step 6: Scan for hosts This option scans the selected subnet for hosts on the LAN. It then adds them to the host file. Step 7: Start Sniffing This will start sniffing the LAN for any interesting information. Step 8: Start Poisoning the LAN Now we start our attack, Click 'Mitm' then 'ARP Poisoning', select 'Sniff remote connections' and then click 'OK' Step 9: View Connections Click 'View' then 'Connections' to see the active connections on the LAN. You are now the Man in the Middle of all communications on the LAN. As you can see passwords sent in plaintext are visible to you as is all traffic on the LAN. In later tutorials we'll look at other ways to use this attack. Step 10: Stop the MITM attack Click 'Mitm' then 'Stop mitm attacks' Ettercap has a feature built in to repair all the hosts ARP tables when you're done. It will send out ARP replies to the hosts on the LAN putting them back to the way they were before. |
