- This topic has 25 replies, 2 voices, and was last updated 3 years, 9 months ago by
.
- Posts
Hi!
Did you avoid running sslstrip this time and any iptables rule? So it looks like you have internet connection now. So it might happen that your router has some arp spoofing protection, in that case the only thing you can do is disabling such protection or just arp spoof in one direction, as mentioned in the last lecture of Section 9 Post Connection Attacks, in that case you won’t be able to modify any response. So to confirm this is an issue with the router can you run arp -a in windows machine before and during the attack? And show the results here.You have mentioned that it didn’t work in the virtual lab, so how did you test it if you are not able to run 2 virtual machines?
Thanks!
DiegoI was able to run even though that was so hard because it took me one hour to just type a command, I don’t have a powerful laptop.
How can it be a router with Arp spoofing protection when I can spoof it using bettercap ?
Hi!
You have never mentioned before that bettercap works, so I was just pointing out the possible things that could go wrong. Are you able to sniff http data in with bettercap?
Yeah, the arp spoof attack is working so you should be able to sniff data from http://testphp.vulnweb.com/login.php, so clear browser’s cache on victim and try it again.
Also remember to enable ip forwarding every time you want boot kali and want to try this attack, I mean echo 1 > /proc/sys/net/ipv4/ip_forwardLet me know.
DiegoEverything works with bettercap. I can sniff data from http, I can downgrade https to http, dns spoof and so on.
I am not able to sniff data from http://testphp.vulnweb.com/login.php, and in no http webiste.
I always enable port forward.Hi!
I just tested it and it works as expected. The steps I follow:– Check ip from victim machine.
– Run the ettercap attack with all the arguments needed.
– Check on windows machine that the arp table has been modified.
– Clear browser’s cache.
– Visit http://testphp.vulnweb.com/login.php and log in.
– Credentials are displayed in ettercap.So if the arp spoofing attack is working then you should be able to sniff credentials, you can also run wireshark in the background before visiting vulnweb page and capture all the packets, then search among the results and you should be able to find the credentials.
Greetings!
DiegoIt’s working for http, I can see data in wireshark, everything okay, but when I run sslstrip everything goes over https.
Hi!
Ok, now let’s make sslstrip to work first, so just run the arp spoof attack, set the proper ipstables rule, then go to victim machine and check that the arp spoofing attack is working by checking the arp table, if it does then clear the entire browser’s cache and type stackoverflow in the browser’s bar address without prepending https://Let me know how it goes!
Diego
- You must be logged in to reply to this topic.
