Man in the middle attack with Kali Linux 2.0

mitm attacker


In a man in the middle attack(MITM) hacker tries to intercept information/data/communication between 2 users. MITM attacks can be performed with both network interfaces ethernet and wireless.

In this article we will be capturing all the image data that is travelling across our target network. Remember you should be connected to the same network as the victim.

Whatever images our victims will browse we will see them in real time.We will be using driftnet and ettercap to perform this attack.

Connect To your target network.

First thing we need to do is configure etter.conf file. So open your terminal and type the following command. Set ec_uid and ec_gid values to 0.

root@seven:~# leafpad /etc/ettercap/etter.conf

set value to 0

Now scroll down and find the below lines.You need to remove the pound sign from both lines.It will enable us to use iptables.just comment out lines.Now save and close the file.

enable iptable

Now it's time to launch ettercap.

root@seven:~# ettercap -G

Once ettercap GUI is launched.Go to the options and select promisc mode

select promis mode

Now go to the sniff and select unified sniff.

enable sniffing

Now this point is important.You need to select interface i am connected to internet with ethernet so i am selecting eth0.If you are connected to internet with wifi then you must select wlan0 interface from dropdown. Make your selection and click ok.

select interface

Go to the hosts and select scan for hosts options.It will find all the devices connected to your network.

scan the hosts

Go to the hosts again and select hosts list.You will see all the devices connected to your network.If you are not satisfied then scan again for hosts.

hots list

Go to the start menu and select start sniffing.

start sniffing

Now go to the MITM and and select arp poisoning.

select arp poising

Now you will be presented with the below prompt select sniff remote connections

slect remote connection

Open another terminal we need to start driftnet.
Use the same interface that you used during configuring ettercap.

root@seven:~# driftnet -i eth0

Now everything is set .When you execute the above command a drifnet window will open up.Now whatever images our victims browse you will see inside drifnet window.