This is a very common type of cyber attack which involves eavesdropping on a network connection. The attackers usually insert themselves between a conversation, usually occurring among a web server and an application. Hackers can have various end goals for launching this attack, they may either silently observe data packets or impersonate a user and modify the data they send or receive.
In brief, malicious users intercept the data flowing on a user’s machine or a server and can listen to every piece of information being passed through the network. Generally speaking, the goal is to steal sensitive information by targeting vulnerable websites or stealing cookies. Other than websites, a Man-in-the-Middle (MITM) attack can happen in any form of online communication such as email, DNS lookups, social media and so on. This security breach exploits real-time transactions and conversations by intercepting data that is meant to be secure and it is usually too late by the time either of the affected party realises what has transpired.
There are various techniques such as IP spoofing and DNS cache poisoning for implementing a MITM attack, but for the scope of this article, we will look at an implementation ARP spoofing attack using Kali Linux OS and Wireshark packet analyzer.
ARP (Address Resolution Protocol) is a stateless protocol which is used to resolve IP addresses to physical MAC (media access control) addresses in a local area network. An attacker’s MAC address is linked with the IP address of a legitimate user on a LAN. This is done by forging a large number of ARP request packets. This results in the ARP cache of the target machine being poisoned by all the fake entries, which will now transfer all the data sent by the user to host IP address to the malicious user instead.
For this exercise, we’ll be using two tools on Kali which are already built in hence there is no need to download anything. The tools are:
Wireshark or Ettercap
We’ll need a client machine as well whose network traffic we will spoof and sniff to get cleartext submission of passwords from certain vulnerable websites.
The IP address of the client machine used over LAN for this demo is: 192.168.1.44
And the Attacker IP is: 192.168.1.1
A basic setup is complete and victim network traffic will now pass through the attacker machine. To listen to these packets, we will use Wireshark (To know about the basics of Wireshark, read our article here)
Disclaimer: This tutorial is purely intended for educational purposes and should not be misused.
MITM is one of the classic hacks and on a LAN connection, ARP spoofing is much preferred. Today there have been various measures to prevent such an attack by use of HTTPS, use of VPN and, strong WEP/WAP encryption on access points.
Join Us for a Real Time Career Guidance…