How To Perform A Man-In-The-middle (MITM) Attack With Kali Linux

12/20/22, 10:48 PM How to perform a Man-in-the-middle (MITM) attack with Kali Linux | Our Code World
with Advertise with us About Contact us
Enter your search here...
Kali Linux
How to perform a Man-in-the-middle (MITM)

attack with Kali Linux
Carlos Delgado
March 25, 2017 252.4K views
Learn how to perform a Man in the middle attack with arpspoof, driftnet and urlsnarf in Kali
Linux
LIGHT
DARK
In this article, you will learn how to perform a MITM attack to a device that's connected in the same Wi-Fi networks as
yours.
https://ourcodeworld.com/articles/read/422/how-to-perform-a-man-in-the-middle-mitm-attack-with-kali-linux 1/11
Requirements
This article assumes that you know what is a network interface and you know to how to work with Kali Linux and the
command line. Before starting, you will need to know the name of the Network interface (installed on your machine) and
the IP of the router that provides Wi-Fi access.
Attacker Required information Example value (you need to replace these values)
Network Interface Name wlan0
Router IP 192.000.000.1
The Network Interface Name can be easily obtained as running the ifconfig command on a terminal, then from the list
copy the name of the interface that you want to use. The IP of the router can be obtained executing ip route show on a
terminal and a message like "default via [This is the router IP]".
From the victim, you will only need the IP (the user needs to be connected to the network provided by the router). The
process of obtaining the device IP of the victim is totally up to you, there are many ways to know it, for example there are
routers/gatefays user interface programs that lists all the connected devices (with IPs on the list) or just use a Network
Monitoring Software Tool.
Victim Required Information Example value (you need to replace these values)
Victim device IP 192.000.000.52
LIGHT
As we're hacking ourselves in this article, we can obtain easily this information directly from our device:
DARK
We are going to perform a MITM attack to a Samsung Galaxy S7 (connected to the router (router ip 192.000.000.1) with IP
192.000.000.52) that uses Google Chrome and will navigate through different websites to show if the attack really works or
not. Once you have collected all the required information, let's get started !
1. Enable packet forwarding in Linux

The first thing you need to do is to forward all the IPv4 network packages. In this way your machine will act as a router.
Execute the following command in a new terminal:
sysctl -w net.ipv4.ip_forward=1
Note
If your machine isn't forwarding the packets, the internet connection of the user will freeze and therefore the attack will
be useless.
2. Intercept packages from victim with arpspoof

arpspoof is a command line utility that allows you to intercept packets on a switched LAN. It redirects too packets from a
target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies. This is an extremely
effective way of sniffing traffic on a switch. The structure of the command to start intercepting packets from the victim to
the router is the following:
arpspoof -i [Network Interface Name] -t [Victim IP] [Router IP]
So with our values, the command should look like:
Important
LIGHT
Run your command in a new terminal and let it running (don't close it until you want to stop the attack).
DARK
arpspoof -i wlan0 -t 192.000.000.52 192.000.000.1
This process will monitor the packet flow from the Victim to the Router.
3. Intercept packets from router with arpspoof

Now that you're intercepting packets from the victim to the router (running on a terminal), you need now to intercept the
packets from the victim to the router with arpspoof. The structure of the command to start intercepting packets from the
router to the victim is the following:
arpspoof -i [Network Interface Name] -t [Router IP] [Victim IP]
So with our values, the command should look like:
Important
Run your command in a new terminal and let it running (don't close it until you want to stop the attack).
arpspoof -i wlan0 -t 192.000.000.1 192.000.000.52
As you can see, it's the same command of the previous step but we switched the possition of the arguments. Till this
point you're already infiltrated to the connection between your victim and the router. Now you just need to learn how to
read those packets using driftnet and urlsnarf.
4. Sniff images from victim navigation

To see the images from websites that our victim visits, you need to use driftnet. Driftnet is a program which listens to
network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.
The strucure of the command to start driftnet and see the images that the user see on the websites is the following:
driftnet -i [Network Interface Name]
Note
be useless.
With the information we have, our command should look like:
driftnet -i wlan0
5. Sniff URLs information from victim navigation

To get information about the websites that our victim visits, you can use urlsnarf for it. It is a command line tool that sniffs
HTTP requests in Common Log Format. It outputs all requested URLs sniffed from HTTP traffic in CLF (Common Log
Format, used by almost all web servers), suitable for offline post-processing with your favorite web log analysis tool
(analog, wwwstat, etc.). The structure of the command to sniff the URLs that your victim visits, is the following:
LIGHT
urlsnarf -i [Network interface name]
In this case, with the information we have, the command to execute will look like:
DARK
Note
be useless.
urlsnarf -i wlan0
Congratulations, if you have followed all the steps carefully, you should be now sniffing information about the target
you've chosen with a MITM attack. Once your victim visits a website, you should be able to read information about his
actions on the internet. To stop the attack, press CTRL + C on every terminal where any process that you've opened is
running.
6. Disable packet forwarding (only when your attack has

finished)
Once you are done with your attack (you don't want to sniff anymore), remember to disable the packet forwarding in the
system again executing the following command on a terminal:
Summary
If you have already followed the tutorial, you did everything right and it worked as expected, then follow the summary of
the process the next time that you want to do this:
# Enable port forwarding

# Spoof connection between Victim and Router

# Note: Run this command in a new terminal and let it running
arpspoof -i [Network Interface Name] -t [Victim IP] [Router IP]
# Same step but inverted (nope, it's not the same ...)
arpspoof -i [Network Interface Name] -t [Router IP] [Victim IP]
# Execute driftnet to sniff images

driftnet -i [Network Interface Name]
# Sniff URL traffic of the victim

urlsnarf -i [Network Interface Name]
# Disable port forwarding once you're done with the attack

# Examples for values
LIGHT
# [Network Interface Name] = wlan0
# [Victim IP] = 192.000.xx
# [Router IP] = 192.000.1
DARK
Happy hacking !
kali linux wifi man-in-the-middle mim attack security
Share this article
Carlos Delgado
Author
Senior Software Engineer at EPAM Anywhere. Interested in programming since he was 14 years
old, Carlos is a self-taught programmer and founder and author of most of the articles at Our
Code World.
5 Comments Add Your Comment
Become a more social person

Read in English
Leer en español
Search
Search
Search
Related Articles
How to hack a Wi-Fi Network (WPA/WPA2) through a Dictionary attack with Kali Linux
How to perform a Man-in-the-middle (MITM) attack with Kali Linux

How to perform a DoS attack "Slow HTTP" with SlowHTTPTest (test your server Slowloris protection) in Kali
Linux
May 19, 2019 62.9K views
How to crack a PDF password with Brute Force using John the Ripper in Kali Linux
May 05, 2019 151K views
LIGHT
DARK
Advertising
Advertising
Follow Us
LIGHT
DARK
Advertising
LIGHT
DARK
LIGHT
DARK
LIGHT
DARK
Sponsors
Follow Us
Contact us Advertise with us About
All Rights Reserved © 2015 - 2022
LIGHT
DARK

How To Perform A Man-In-The-middle (MITM) Attack With Kali Linux - Our Code World

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

How To Perform A Man-In-The-middle (MITM) Attack With Kali Linux - Our Code World

Uploaded by

Copyright:

Available Formats

12/20/22, 10:48 PM How to perform a Man-in-the-middle (MITM) attack with Kali Linux | Our Code World

with Advertise with us About Contact us

Enter your search here...

How to perform a Man-in-the-middle (MITM)

Network Interface Name wlan0

Victim device IP 192.000.000.52

1. Enable packet forwarding in Linux

2. Intercept packages from victim with arpspoof

arpspoof -i [Network Interface Name] -t [Victim IP] [Router IP]

So with our values, the command should look like:

3. Intercept packets from router with arpspoof

arpspoof -i [Network Interface Name] -t [Router IP] [Victim IP]

So with our values, the command should look like:

arpspoof -i wlan0 -t 192.000.000.1 192.000.000.52

4. Sniff images from victim navigation

driftnet -i [Network Interface Name]

5. Sniff URLs information from victim navigation

6. Disable packet forwarding (only when your attack has

# Enable port forwarding

# Spoof connection between Victim and Router

# Execute driftnet to sniff images

# Sniff URL traffic of the victim

# Disable port forwarding once you're done with the attack

# Examples for values

kali linux wifi man-in-the-middle mim attack security

Share this article

5 Comments Add Your Comment

Become a more social person

Contact us Advertise with us About

All Rights Reserved © 2015 - 2022

You might also like