LinuxNetworkPenetration Testing

Xerosploit – Man in The Middle Attack Tool Full Tutorial

Medium Medium Attack (MITM) is an attack in which an attacker secretly transmits and may alter communication between two groups that believe they are communicating directly. There are many open tools available online for this attack like Ettercap, MITMF, Xerosploit, e.t.c

Networking is an important testing platform for Ethical Hacker, most of the threat may come from an internal network such as network sniffing, Arp Spoofing, MITM etc. , password theft etc.

Also Read: What Is The Surface Web, Deep Web & Dark Web?

Requirement Package


  • nmap
  • hping3
  • build-essential
  • ruby-dev
  • libpcap-dev
  • libgmp3-dev
  • tabulate
  • terminal tables


Features –

  • Port scanning
  • Network mapping
  • Dos attack
  • Html code injection
  • Javascript code injection
  • Download interception and replacement
  • Sniffing
  • DNS spoofing
  • Background audio reproduction
  • Images replacement
  • Drifnet
  • Webpage defacement and more 


Tested on
Operating systemVersion 
Ubuntu16.04 / 15.10 
Kali linuxRolling / Sana
Parrot OS3.1 


Also Read: What Is The Surface Web, Deep Web & Dark Web?

💥 Xerosploit Installation 💥

Xerosploit is an attack tool for MITM which can run only on Linux OS to do so follow the simple steps:-

Open up the terminal and type: 

sudo apt-get install libpcap-dev

sudo apt-get install libgmp3-dev

git clone

cd xerosploit


It will ask you to select your application, here we press 1 Kali Linux.

This will show your network configuration including IP address, MAC address, gateway, interface and hostname. Now use the following command on the xerosploit console to know the first commands:




In this grid, we have a list of our attack commands and we will go to the person who is attacked in the middle, so I will select a scan command in my next step to scan the entire network.

scan :

This command will scan the entire network and you will find all the devices in your network.


As you can see it scans all active festivals. There are too many managers in this network; you must select your target from the given result. I will select for the man in the middle attack.


In the next comment, it will ask for the module you want to load the man into a moderate attack. Go through this comment and type help.




💥 Xerosploit MITM Using 💥



1.  pscan (Port Scanner)

Let’s start with pscan, which is a port scanner, it will show you all the open ports on the network computer and retrieve the version of the programs running on the detected ports. Type run to run pscan and it will show you all the open ports of the victim’s network.



2.  DOS (Denial of service)

Type “dos” to load the module, and it will send a sequence of TCP-SYN request packets to the target system to make the machine stop responding to legitimate traffic, which means it is doing an SYN Flood attack.



Press ctrl + c to stop If you are familiar with the HPING tool, you may notice that this module initially uses the HPING command to send countless SYN request packets.


3.  Inject HTML (HTML Injection)

HTML injection is a vulnerability inside any web page that occurs when user input is not properly sanitized or output is not encoded and an attacker is able to inject valid HTML code into a vulnerable web page. There are so many techniques that could use elements and attributes to submit HTML content.


So here we replace the victim’s HTML page with ours. Select any page and you will notice that I have written “You have been hacked” in my index.html page, which I will replace with the victim’s HTML page. Whatever page the victim tries to open, they will only see the replaced one. First, create a page as I did and save it to your desktop, named INDEX.html

Now run the inject HTML command to load the inject HTML module. And then type run to run inject HTML and type the path where you saved the file. Bravo! We have successfully replaced the page, as seen in the image below. Press Ctrl+c to stop the attack.

4.  Sniff

Now run the following module to sniff all the traffic of the victim with the command:



Now it will ask you if you want to use SSLTRIP to strip the HTTPS URL’s to HTTP so that we can catch the login credentials in clear text. So enter y.
When the victim enters the username and password it will spray and take all the data.

It will now open a separate terminal where we can see all the details in clear text. As you can see it has successfully taken the login details. Hit ctrl+c to stop the attack.

5.  dspoof


It load dspoof module which will supply false DNS information to all target browsed hosts Redirect all the http traffic to the specified one IP. Now type run command to execute module and then it will ask the IP address where you want to redirect the traffic, here we have given our Kali Linux IP.



Hello, I'm SUMAN from India. I’m currently working on Cyber Ethical Hacking. I’m currently learning more about Hacking, Web Design, Android ROM, Mod Hacking App
Notify of
Inline Feedbacks
View all comments
Back to top button
Would love your thoughts, please comment.x