White Hat Institute

Spoof and sniff with Ettercap

One of the most captivating projects introduced as a matter of course in Kali Linux is Ettercap. Unlike many of the programs that are command-line only, Ettercap highlights a graphical interface that is very beginner-friendly. While the outcomes may now and again differ, Ettercap is an extraordinary device for novices to get the hang of system assaults like ARP spoofing. The general work process of an Ettercap ARP spoofing assault is to join a system you need to assault, find hosts on the network, allot focuses to an objectives’ document, and after that execute the assault on the targets. 

Once we do the majority of that, we can metaphorically lookout for the objective’s shoulder as they peruse the web, and we can even kill the connection from sites we need to direct them away from. We can likewise run different payloads, such as segregating a host from the remainder of the system, denying the service by dropping all packets sent to them, or running contents to endeavor to minimize the security of the connection.

To start the tool, go to the “Applications” menu, then from the “Sniffing & Spoofing” option, click on the “ettercap-graphical.” Alternatively, you can run “Ettercap” from the search bar.

ettercap 1

Before start sniffing, make sure to enable port forwarding so that the traffic can be redirected through your computer without any issues.

Ex: (root@kali:~# sysctl -w net.ipv4.ip_forward=1).

Click on the “Sniff” menu tab, and afterward select the “Unified sniffing” option. Another window will open up, requesting you to choose the network interface. You need to select the network interface that is at present associated with the network you’re assaulting and then click on the “ok” button.

ettercap 2

Now, you’ll see some content affirming that sniffing has begun, and you’ll have the option to get to further developed menu choices, for example, Targets, Hosts, Mitm, Plugins, and so forth. Before we begin utilizing any of them, we’ll have to identify our objective on the network. Click on the “Targets” menu tab and select the “Current targets” option to specify the target IP address and the gateway IP address.

ettercap 3

Next, go to the “Mitm” menu tab and select the “ARP poisoning” option to start the attack on this target.

ettercap 4

From the popup window, choose “Sniff remote connections” to start the sniffing assault.

ettercap 5

If you want to view dynamic intercepted traffic, then you can use a “tcpdump” tool.

Ex: (root@kali:~# tcpdump -i eth0 -n port 80 and host 10.10.10.6)

ettercap 6

When the assault starts, you’ll have the option to intercept login credentials, if the client you’re focusing on enters them into a site that doesn’t utilize HTTPS. It could be a switch, router, or a gadget on the system, or even a website that uses poor security.

ettercap 7

The major evident constraint of ARP spoofing is that it possibly works when you’re associated with a Wi-Fi network. It implies it takes a shot at open systems yet may not function admirably against networks that have progressively refined monitoring or firewalls that may distinguish this kind of conduct.

Spoofing is simple by means of Ettercap and it is an awesome tool to use. After this article, I’m certain you are contemplating sniffing the traffic in your local LAN, and on the off chance that you are a network manager, you will do some research and find some tools for hardening your devices.