This demo is a follow-on to the ARP Poisoning Presentation. It uses the program ettercap to acheive an ARP poisoning attack.
Skip straight to the videos
To start with, here's a written description of the process.
- Start Wireshark on the attacker.
- Open the telnet session on one of the victims. Nothing of that telnet session should be visible.
- In order to do a Man in the Middle (MitM) attack, first set up IP forwarding with
sysctl -w net.ipv4.ip_forward=1
- Edit /etc/etter.conf to uncomment the lines allowing iptables to forward.
- Start up ettercap:
ettercap -G (the -G gives a GUI)
- Start sniffing (unified)
- Scan for hosts
- Add targets
- Start MitM -> ARP Poisoning
- Start Sniffing
- Now go back to the victim and start another telnet session
- On the attacker, Wireshark should now see everything
- Don't forgot to explicitly stop the MitM so that it can re-ARP the network