Man in the Middle Attack [MITM] using Ettercap, dSniff tools and Wireshark - Cybrary

Hello and welcome to this tutorial,As you can read in the title, we're going to perform a 'Man in the Middle Attack' using Ettercap, dSniff tools and of course, my favorite, Wireshark.

Just to let you know, I've performed this attack on a my Mac. For you guys that are using backbox, Kali or others, load up your terminal and enable monitor mode by typing following: airmon-ng start [interface]

But, only if the interface isn't working when performing this, check the ifconfig for what your interface is. Then, follow these steps to see if it will work. Sometimes, it's required that you have monitor mode enabled.

How it's looks when monitor mode is enabled - IMGUR

Now that you've done that, let's start the actual attack.

In your terminal, you're going to write 'ettercap -G' / The G means graphical and is a GUI for ettercap. Instead of adding a -C, for example, which will load ettercap up inside the terminal. Please pay attention: sometimes ettercap has to be run as 'root', so use 'sudo' for that.


Now that you have ettercap up running, do the following:

  1. Sniff
  2. Unified Sniffing
  3. Your interface ((Make sure to pick the correct interface, else it won't work!))

Once you've picked your interface, let's scan for our host by pressing following:

  1. Hosts
  2. Scan for hosts

You've scanned the host and, in the box, you'll see: ' x hosts added to hosts list.' If something doesn't appear, you did something wrong. Make sure your config in ettercap is properly set up or you picked the correct interface.Press on 'hosts' and hold ctrl down while you're clicking on each of them and 'add to target 1' -  When done, you're going to be pressing on 'MITM' and clicking on 'ARP Poisoning'A box will appear and you'll mark ' Sniff remote connections ' and, of course OK. - Now, head over to Start and hit 'Start Sniffing.'You've actually just performed the Man in the Middle attack.Let's continue. We're going to spy on the users on our network by sniffing what they're browsing. We're going to use urlsnarf. If you're using Kali Linux, it already has this tool. The command for the urlsnarf is following - 'urlsnarf -i interface' and you'll now see information about which machines are browsing and what they're browsing.Inside Wireshark, we want to sniff, for example, usernames/passwords. It's simple and easy! Type following in the filter 'http' and isn't that beautiful? You're seeing all the traffic and you're looking for 'post.' Pay attention, and whenever you're done, just stop Wireshark and go through it all.(Go through different dSniff tools, and try out some others yourself. It doesn't hurt :)) Feel free to PM me with any questions.

Start learning with Cybrary

Create a free account

Related Posts

All Blogs