What is Man In The Middle Attack(MITM)?
A man-in-the-middle attack is an attack where the attacker privately relays and possibly makes changes to the communications between two machines who believe that they are directly connected with each other. In order to act a man-in-a-middle attack, we are required to be in the same network as our victim because we have to fool these two machines.
How to initiate the attack by running Bettercap?
To know which network interface is used we can easily type
In this case, it is wlan0, so just type
bettercap -iface wlan0 and press enter.
As you can see now we are already inside the tool, but it’s just a blank space without any details. In order to make our work easier, we can type help and then press enter here is what it shows us.
Now we have some details about this, but our concern here is the module. For more details, we can type help followed by module’s name for example help net. Probe.
So, this module consists of various parameters, but for now, let's just keep it default and turn on the module by typing net. probe on.
Now the module is already executing, what actually happens is the module is scanning all the machines connected to the same network as our pc, including its IP address, mac address and vendor’s name. To make things clearer we can type net. show for further details.
So, Raspberry Pi is the machine used to perform this attack and my IP address is 192.168.1.4. The router IP address is 192.168.1.1 knew it by the Name column that shows the gateway and the rest is the client communicated to this network. Now we can choose an option which one to be our victim.
Just like the previous module, it’s consists of various parameters. First, let’s take a look at
arp. spoof.full-duplex parameter. In order to be the man in the middle, we need to fool both the victim and the router by telling the router that the victim’s mac address is our mac address and telling the victim that the router’s mac address is our mac address. So we need to set this parameter to true by typing set arp. spoof.full-duplex true. Secondly, we need to set arp. spoof.targets parameter by simply giving it the IP address of our victim. So in my case, it will be set arp. Spoof. targets 192.168.1.3.
After setting up these 2 parameters we are ready to fire up this module by typing arp. spoof on. But wait a second let us go to windows 10 and type arp -a.
Like we already know when we enter the net. show command that my router IP’s is 192.168.1.1 and its mac is e4:::::e4 which is the real one. So worst things have not happened. Let’s go back to raspberry pi and fire up arp. spoof by typing arp. spoof on.
Now we are already in the middle of the victim which is windows 10 and my router. To make sure let’s open up cmd on windows 10 and type arp -a. Press type and then I’m gonna move to windows 10. Nothing is worst on the browser everything is just fine. Yeah! we know that our victim is accessing vulnweb.com.
If you have any doubts about this topic or have to get advice and get the best cybersecurity services and consultation about man-in-the-middle- attack. Feel free to contact us. AIR ZERO SEC will be your strong digital solution. Email id: [email protected]
Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/