Ettercap With ARP Poisoning

Assuming you have a clean install of BT4 with no edits:

Ettercap:

Ettercap is a tool for network protocol analysis and security auditing. It has the ability to intercept traffic on a network, capture passwords, and conduct active eavesdropping against common protocols.

For this exercise I will be using ARP Poisoning to sniff the LAN for passwords that use SSL (Hotmail, Gmail, Etc.)

ARP:

“Address Resolution Protocol”: As defined by Wikipedia: ARP is a computer networking protocol for determining a network host’s link layer or hardware address when only its Internet Layer (IP) or Network Layer address is known. This function is critical in local area networking as well as for routing internetworking traffic across gateways (routers) based on IP addresses when the next-hop router must be determined.

So in normal terms ARP is the way that we get a MAC address of a Host or Node from the IP address.

ARP Spoofing:

This is the technique we will use to attack a wired or a wireless network. ARP Spoofing allows the attacker to sniff data frames from the LAN, then gives you the ability to modify the traffic (good for redirecting to your own computer to download an exploit to victim), or stop the traffic from entering the network, or a specific computer (good for local DOS Attacks on a Local Area Network).

The idea behind the attack is to send a fake (AKA “Spoofed”) ARP message to the LAN. Any traffic on the network meant for that IP address that you attacked (whole network if you want) will be sent to the attacker. The attacker (you) can choose to forward the traffic to the actual gateway (Passive Sniffing) or modify the data before forwarding it (Man in the Middle).

How we will do it for this exercise:

Read more @ backtrack-linux.org/forums/showthread.php?t=1057

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s