Medium Medium Attack (MITM) is an attack in which an attacker secretly transmits and may alter communication between two groups that believe they are communicating directly. There are many open tools available online for this attack like Ettercap, MITMF, Xerosploit, e.t.c
Networking is an important testing platform for Ethical Hacker, most of the threat may come from an internal network such as network sniffing, Arp Spoofing, MITM etc. , password theft etc.
- terminal tables
- Port scanning
- Network mapping
- Dos attack
- Html code injection
- Download interception and replacement
- DNS spoofing
- Background audio reproduction
- Images replacement
- Webpage defacement and more
Xerosploit is an attack tool for MITM which can run only on Linux OS to do so follow the simple steps:-
Open up the terminal and type:
This will show your network configuration including IP address, MAC address, gateway, interface and hostname. Now use the following command on the xerosploit console to know the first commands:
In this grid, we have a list of our attack commands and we will go to the person who is attacked in the middle, so I will select a scan command in my next step to scan the entire network.
This command will scan the entire network and you will find all the devices in your network.
As you can see it scans all active festivals. There are too many managers in this network; you must select your target from the given result. I will select 192.168.1.100 for the man in the middle attack.
In the next comment, it will ask for the module you want to load the man into a moderate attack. Go through this comment and type help.
Let’s start with pscan, which is a port scanner, it will show you all the open ports on the network computer and retrieve the version of the programs running on the detected ports. Type run to run pscan and it will show you all the open ports of the victim’s network.
Type “dos” to load the module, and it will send a sequence of TCP-SYN request packets to the target system to make the machine stop responding to legitimate traffic, which means it is doing an SYN Flood attack.
Press ctrl + c to stop If you are familiar with the HPING tool, you may notice that this module initially uses the HPING command to send countless SYN request packets.
HTML injection is a vulnerability inside any web page that occurs when user input is not properly sanitized or output is not encoded and an attacker is able to inject valid HTML code into a vulnerable web page. There are so many techniques that could use elements and attributes to submit HTML content.
Now run the inject HTML command to load the inject HTML module. And then type run to run inject HTML and type the path where you saved the file. Bravo! We have successfully replaced the page, as seen in the image below. Press Ctrl+c to stop the attack.
Now run the following module to sniff all the traffic of the victim with the command:
It will now open a separate terminal where we can see all the details in clear text. As you can see it has successfully taken the login details. Hit ctrl+c to stop the attack.
It load dspoof module which will supply false DNS information to all target browsed hosts Redirect all the http traffic to the specified one IP. Now type run command to execute module and then it will ask the IP address where you want to redirect the traffic, here we have given our Kali Linux IP.