Jump to content

bwfoc20

Members
  • Posts

    1
  • Joined

  • Last visited

Recent Profile Visitors

560 profile views

bwfoc20's Achievements

Newbie

Newbie (1/14)

  1. Hi Everyone, I want to clear my doubts on arp-posioning. Following is the situation described where I tried to perform this attack :- Every Host in the LAN segment uses proxy for accessing internet . Attacker : IP = 10.101.25.100 [running linux mint with all required tools installed] Victim : Virtual m/c running linux mint using proxy to access internet (using bridged mode in virtual box) IP = 10.101.25.200 / can be any other host in the LAN Switch (Gateway) : IP = 10.101.25.2 [Cisco IOS 12.x ] ON ATTACKER M/c: * edited /etc/etter.conf [ ec_uid = 0 ec_gid = 0 port_steal_send_delay = 1 # microseconds remote_browser = "firefox -remote openurl(http://%host%url)" # if you use iptables: redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" ] (read from http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_603839.html) * started ettercap successfully # selected promisc mode then unified sniffing # selected GATEWAY (10.101.25.2) as TARGET1 # selected VICTIME (10.101.25.200) as TARGET2 # started sniffing # selected arp-posioning from the mitm menu # enabled plugins repoison_arp and remote_browser # opened connections tab from view menu ON VICTIM m/c : Before ARP poisoning : ALL fine internet web browsing was working smoothly remember it is using proxy for accessing internet After ARP Poisoning : arp table successfully changed 10.101.25.2 <ATTACKER's MAC ADDR> But no web page is loading now ....whether google.com facebook.com Q: IS IT EVER POSSIBLE TO DO ARP-POISONING CORRECTLY IN THIS KIND OF SITUATUION ? ANY ADVICES/SUGGESTION ARE APPRECIATED ! THANK YOU
×
×
  • Create New...