Home Did you know ? Setting up Ettercap for Man in the Middle Attacks

Setting up Ettercap for Man in the Middle Attacks

by Unallocated Author

PenTest Magazine describes a cyber-attack as the following:

“In the computer world, an attack is a way to destroy, expose and gain unauthorized access to data and computers. An attacker is a person that steals your data without permission and a feature of some attacks is that they are hidden.”

Man in the middle attacks (or MITMs) are no different. They’re extremely useful in the art of hacking. By inserting themselves in an exchange between another user and application, the attacker can listen in or mimic one of the parties.

The ending outcome is a gateway bridged between the attacker and target; giving them the ability to steal delicate information. This delicate information can include login credentials, account details, and even credit card numbers.

In conclusion, the best way to avoid MITMs is to research and understand them as a whole. Ettercap is a free open source network security tool that can execute MITMs.

Ettercap Set-Up and Execution for Kali Linux Users

  1. echo 1 > /proc/sys/net/ipv4/ip_forward – enable IP forwarding
  2. leafpad /etc/ettercap/etter.conf – open the .conf file
  3. Under [privs] change ec_uid/gid to read 0 – leave the default comment line
  4. Ctrl+F to locate ‘iptables’ and uncomment/remove the # from the bottom two options
  5. Save changes
  6. ettercap -G – start Ettercap
  7. Choose ‘Sniff’ from toolbar and select ‘Unified Sniffing…’
  8. Run ‘ifconfig’ to get a list of connected interfaces and input it into Ettercap
  9. Ettercap is now in attack mode – select ‘hosts’ and then ‘scan for hosts’
  10. After completion, navigate to ‘hosts’ again and select ‘hosts list’
  11. IP address of the router will be Target 1 (add to target 1)
  12. IP address of victim’s machine will be Target 2 (add to target 2)
  13. Select ‘Mitm’ and then ‘Arp poisoning…’
  14. Checkmark ‘Sniff remote connections’ and select OK

Ettercap is now Arp poisoning the targeted victim and router. For maximum effect, utilize tools such as nmap and nikto. It is also recommended to test your attacks on personal devices before executing anything bigger.

See provided screenshots for reference.

You may also like