Kali Linux Man in the Middle Attack Tutorial, Tools, and Prevention

Kali Linux Man in the Middle Attack Tutorial, Tools, and Prevention

Man in the middle attack is the most popular and dangerous attack in Local Area Network. With the help of this attack, A hacker can capture the data including username and password traveling over the network. He/she is not only captured data from the network he/she can alter data as well.

For example, if you send a letter to your friend the hacker can capture the letter before reaching the destination, and can edit and then send to your friend a modified letter.

But a good thing is this attack only can be performed in a local area network it means one of the victims must be in the same network of the attacker.

May be possible you have heard that using a public Wi-Fi network is not as secure as your home network the only reason is a man in the middle attack.

So my dear friend if you are using public Wi-Fi network or any other public network then please use one of the best VPN Service before access any website.

There are some free VPNs are available in the market so you can use them if you don’t want to spend money on your security. But free VPN is not as trustable as paid.

What is Man in the Middle attack definition?

Man in the middle attack is a type of the cyberattack, which is performed in a local area network, In this attack, the hacker put themselves between the two communication parties and intercept data.

Man in the middle attack allows to the hacker to intercept the data between two parties it may be server and client or client to Client or server to server.

The scenario of Man in The Middle Attack [MITM]: I have set up a virtual lab for the demonstration where one is window machine another is Ubuntu machine and the attacker machine is Kali Linux.

Kali Linux machine attack on the windows machine and told them that I am a window machine, and it trusts on this attack and sends the data to the Kali Linux machine. Attacker machine gets the data from the Windows and forward to the Ubuntu machine and told to ubuntu, I am a Windows machine.

Ubuntu machine thinks data is coming from the window machine and giving reply to the Kali machine. Kali machine forward data to Windows machine and Windows machine thing Kali machine is a Ubuntu machine.

Now You can understand Kali machine is sitting silently and intercept the data between the communication of Windows and Ubuntu machine.

I will show you in the next section how you can perform this attack.

Man in the Middle Attack Techniques

#1 Sniffing

Sniffing is a technique that allows attackers to inspect packets at a low level by using packet capturing tool. Hacker is using a specific wireless device that is allowed to be put into monitoring or promiscuous mode.

By Now hacker can see packets that are not intended for it to see, such as packets addressed to other hosts. arp poisoning and mac spoofing is helpful for this technique.

#2 Packet Injection

Packet injection is a process to forge packet or spoof packet and interfering within pre-established communication connection between two parties. These injected packets look the part of a normal communication stream. It allows an attacker to intercept packets from the communication data to travel over the network.

An attacker can also leverage their device’s monitoring mode to inject malicious packets into data communication streams. Packet injection usually involves first sniffing to determine how and when to craft and send packets.

#3 Session Hijacking

When you log in on any web application, this login mechanism create a temporary session token to use future communication. For Example, Once you log in on facebook, a session token has been generated. This session token is generated for future communication.

If a hacker steals this session token, he is able to get access to your Facebook account.

An attacker can sniff sensitive traffic to identify the session token for a user and use it to make requests as the user. The attacker does not need to spoof once he has a session token.

#4 SSL Stripping

Since using HTTPS is a common safeguard against ARP or DNS spoofing, attackers use SSL stripping to intercept packets and alter their HTTPS-based address requests to go to their HTTP equivalent endpoint, forcing the host to make requests to the server unencrypted. Sensitive information can be leaked in plain text.

What is the Man in the middle attack tools

There are lots of tools are available in the market for Man in the middle attack. Some for windows and some for Linux. Most of the tools are available for Linux. If you are using Kali Linux operating system, you will get all required tools pre-installed.

Some tools are described below.

Tool 1# Ettercap:

Ettercap is a comprehensive suite for Man in the Middle Attack. It preinstalled in most of Cybersecurity operating system including Kali Linux, Parrot OS, Black Arch, Blackbox, etc.

It has all the required feature and attacking tools used in MITM, for example, ARP poisoning, sniffing, capturing data, etc.

So if you are new in cybersecurity or ethical hacking then ettercap is the best tool for performing. I will write man in the middle attack tutorial based on ettercap tool.

Tool 2# BetterCAP

BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials, and much more.

Tool 3# TCP Dump:

TCPdump is a command-line tool and a powerful packet analyzer. It helps an attacker to dump TCP packets during the transmission over the network. But this single tool can not perform the MITM. you must use one of the arp spoofing tools for arp poisoning and other for routing traffic incoming as well as outgoing.

Tool #4 WireShark

Wireshark: It is one of the popular and useful tools for a network security researcher. It has a graphical interface with multiple data filtering capacities. This is one of the best hacker tools. But this single tool can not perform MITM you must use arp poisoning and traffice routing with the help of other tools.

Tool #5 Dsniff

Dsniff − A suite of tools designed to perform sniffing with different protocols with the intent of intercepting and revealing passwords. Dsniff is designed for Unix and Linux platforms and does not have a full equivalent on the Windows platform. It can’t perform a MITM attack

Kali Linux Man in the Middle Attack Tutorial with Ettercap

In this article, I will cover  Kali Linux man in the middle attack tutorial and discuss every step. I hope you liked my notes on Penetration Testing Tutorial So enjoy this Article and leave a comment on it and don’t forget to help me by sharing this article.

Victim 1:

Hardware: Virtual Machine

Operating System: Window 8.1 / Running Xampp server

IP Address: 192.168.56.1

MAC Address. 08:00:27:00:04:93

Victim Window arp table

 

Victim 2:

Hardware: Virtual Machine

Operating System: Ubuntu 15.04

IP Address: 192.168.56.102

MAC Address: 08:00:27:79:2C:92

arp poisoning victim Ubuntu

 

 

 

Attacker:

Hardware: Virtual Machine

Operating System: Kali Linux 2.0

IP Address: 192.168.56.101

MAC Address 08:00:27:4D: 3A: BA

arp table on Attacker

Step 1: On the Kali Linux ettercap is installed by default, To open it, Go into

Application >  Sniffing & Spoofing > ettercap-graphical

run ettercap on Kali Linux

Step 2: Go Next Sniff > Unified Sniffing OR Pres Shift+U

26 unidifiend 2

Another window will be pop up where you need to select Network interface from the drop-down menu and click next

26 network interface 3

Next, Go to Hosts > Scan for hosts

26 scan for hosts

In this option, Atacker system will scan the whole network and find out, “how many devices are connected to the network?”

Next step, To See the connected hosts in the network

Go Hosts > Host list or Press Key H

26 host and host list

Next tab will appear, In this menu you should select the desired host and click on add to target 1, afterward select another host and click on add to target 2

26 add target

Next, Go into Mitm > Arp poisoning after click on this option new window will be pop up check sniff remote connection and it OK. arp poisoning will start automatic

26 enable arp poisioning

Now you can sniff data by click on Start > Start Sniffing or Ctrl+W

26 start sniffing

When you finished all process, then sniffing will be started. If you want to check arp poisoning is activated or not Go Plugins > Manage the plugins OR Ctrl+P

And click on chk_poison You will see a result like the following image.

26 check poisoningWhen user will access any page and enter the login credential, It will be captured by attacker machine see result.

26 captured data

Note:  It will capture data over HTTP only if you want to capture data use sslstrip for mare detailSecure Socket Layer SSL analysis with sslstrip in Kali Linux

 

How to Prevent from Man in the Middle Attack

So by now you have seen and learn all about man-in-the-middle attack and its impact. If you are using public network so it may be harmful to you.

Even you are using your home wi-fi network then you cannot claim for completely safe from the man in the middle attack because the hacker can hack into your Wi-Fi access point and then perform this attack.

So my dear friend if you want to protect yourself from the man in the middle attack then follow the given instructions:

Protect your Wi-Fi access point

If you are using Wi-Fi access point at your home for accessing internet then it is compulsory to protect them by using a strong password and hiding its SSID. 5 Tips, how to secure wifi from hacking – full guide

Use the strong encryption mechanism WAP/WAP2 which will protect your access point from connecting an unwanted person (hacker) in the network. If you are using the weak encryption then the hacker can perform the brute force attack and other mechanisms to hack your Wi-Fi network.

You may Like: Top 5 Wifi Hacking software for Linux OS

Virtual private network [VPN]

This is the best option to protect yourself from the man in the middle attack no matter where are you? Are you in a private network or a public network?

If you are using a public network then VPN will encrypt communication between you and server. if your communication is routed through the hacker’s computer and he will able to capture the data but he will not read the data due to the strong encryption. Thus your data will be protected from the hacker including username, password and session key.

Some low budget VPNs are:

Force https

The communication over the HTTP protocol, your data will travel in a clear text format over the network. The hacker will capture this data and misused.

In the other hands, when your communication goes over the https protocol then all the data your PC and server will be in encrypted. In this case, if the hacker captures the username and password from the network by using MITM, they will not able to to get it in clear text format.

if a hacker doesn’t have the username and password in the clear text format, then he/she will not able to to use your username and password for accessing service at any rate.

Cracking encryption is another matter but not easy. You can use the following extension which helps you to use https website only.

HTTPS Everywhere for Google Chrome

HTTPS Everywhere for Firefox

Public Key Pair Based Authentication

Man-in-the-middle attacks typically involve spoofing something or another. Public key pair based authentication like RSA can be used in various layers of the stack to help ensure whether the things you are communicating with are actually the things you want to be communicating with. o

Conclusion

Now you have enough information about Man in the middle attack, And I hope you can prevent your self from such type of traps.

If you have any question you can write in the comment

Thanks for Reading!

Cheers!

If Appreciate My Work, You should consider:

Leave a Comment