MyBrainRunsLinux.com

  This article is for demonstration purposes only. If you decide to follow these instructions you should only do so on a network that you own.

  This is a method I somtimes use to demonstrate the ease of a man in the middle attack. There are many tools to use to accomplish this but I prefer Ettercap-GTK. It has a nice user interface and it works quite well. This application is available for windows, mac and linux. Throughout this article I will be refering to my wireless card which is 'wlan0'. Change this to match your connected interface.

  The first thing you want to do is install ettercap-gtk. This will install everything you need. Install it through your package manager, or if you are using a debian based system just type into a terminal

sudo apt-get install ettercap-gtk

You will want to launch it from a terminal with this command

Code:

sudo ettercap-gtk -i wlan0 -G 

  The capital G option will give you the gtk interface. Now you can select 'Unified Sniffing' from the 'Sniff' menu. Next you will be asked for your ethernet interface.

  Click on 'Hosts' and select 'Scan for hosts'. This will scan your network for ip addresses. Now you can click on 'Mitm' and select 'Arp Poisoning'. Check the box that says 'Sniff remote connections'. Now click on 'Hosts' and select 'Hosts list'. Highlight the ip address that you want to poison and click on 'Add to Target 1'. Now highlight the ipaddress of your router and click on the 'Add to Target 2' button. Click on 'Start' and select 'Start Sniffing'. Now you are poisoning the target machine and all of their network traffic will be routed through your network interface card. Now click on 'Veiw' 'Connections'. This will give you a list of all of the current connections of the target computer.

  If you see any interesting connections on the target computer you can just double click on the connection and you will see a split screen with a bunch of information in them. Most of it may look like garbage but you may just find something interesting in there. If you click on an msn messenger connection you will be supprised what you can see. Also pay close attention to the bottom of the Ettercap screen. If logon credentials are used in clear text they will be displayed on the bottom of your screen.