Jumat, 17 Juni 2016

sniffing (xplico and ettercap)

so today i'm going to demonstrate how to do man in the middle attack using xplico and ettercap

before started i going to give a brief description about the tool

xplico is network forensic analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer. from my point of view this tools is actually great because it give GUI and it easy to interact it and the setting is not really that hard.

ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. to all of you who is in hacking must know about the ettercap for my first time use i say this tool also great from doing man in the middle 

 so lets get started

 in this tutorial i use backtrack 5 r3 because all the tools is already there unlike kalilinux you have to install the tool.

 fireup xplico by go to the directory network forensic -> xplico with GUI



and it will automatically load the url where you can use xplico mine was "localhost:9876" copy paste the url and load it

after the main page is show go to case and create new case with live acquisition and inside the case create session is up to you what you are going to name it.
now before doing sniffing fireup the ettercap.
 
by typing "ettercap -G" the param means open with GUI configurations start the configuration by go to sniff section and choose unified sniff
 
 after that go to the "host" toolbar, click scan for host and after that click hosts list and it will show you all host is up inside your network.
 so in this hosts list i have 4 live host one of them is my target system (172.16.139.134) and the other one is the gateway of target system (172.16.139.2).

 set the gateway as the first target and the victim machine as the second target
after setting the target you have to go to the mitm section and select arp poisoning

and start the sniffing by go to start section and click start unified sniffing
 go to xplico and start capturing the traffic
now i change to my windows xp which is the victim now i'm going to just browse anything that in google



now this is the interesting part stop your capturing and go to the web section of the xplico and wala! all traffic that is happen inside the victim machine is recorder and you can go to image to see the website capture

have a nice day ^_^
 
 
 
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)