ARP stands for Address Resolution Protocol. We use this network protocol to translate IP addresses to MAC addresses. In this way, We find out which mac address an IP address belongs to.
Let’s look at how ARP works.
I am using Linux and Windows on a virtual machine. And I want to know Windows’ MAC address. So I run arp command on Linux. You can also try this in between two devices connected to the same network.
arp command.
arp -helpARP Poisoning — Man in the Middle Attack
ARP Poisoning is a type of Man-in-the-middle attacks.
I’m telling the router I’m Windows, and I’m telling Windows I’m the router. In this way, The requests sent by the user and the router’s responses are forwarded to the attacker. Both devices communicate with the attacker, instead of directly with each other. The attacker prevents two devices from (Router and the user’s device) communicating with each other. We use arpspoof command for this attack. (arpspoof is one of a module in the bettercap)
As seen above, the router’s MAC address is the same as Kali’s MAC address. Windows thinks that Kali is the router.
After this step, I tried to access the Internet but I couldn’t. We need to activate IP forwarding in order to connect to the Internet. We have to change content of this file(/proc/sys/net/ipv4/ip_forward). If the response is 0, IP forwarding is not enabled. I changed 0 to 1 using nano. Then I could access the internet connection. It is reset every time we shut it down and start again the system.
We will use Wireshark to test whether the attack was successful. I searched http://unicornitems.com/my-account/ address through Firefox on Windows. After I checked on Wireshark, I filter by typing HTTP to be able to find it easily.
I double click to see it in detail.
We can see the websites entered and seize even the usernames and passwords by this method. But website must have HTTP protocol in order to see passwords and usernames.
