Monday, October 17, 2016

WI-FI PT / 4 - ATTACKS MAN-IN-THE-MIDDLE / 4.5 - Stealing username/passwords with Ettercap MITM attack

4.5 - Stealing username / passwords with Ettercap MITM attack

- This attack is similar to the previous one, in that ARP spoofing is also used. However, now the tool Ettercap will be used in its command shell version. Options used are:

      - T = text only interface
      - q = quiet mode, nor printing packet content
      - M = MITM attack
      - ARP / = ARP replies sent to "roch"

- Once the attack is launched, "kali" waits for a client to connect to Outlook. Again, there are neither padlock, nor HTTPS and green URL bar, because "kali "Ettercap is intercepting messages between "roch" and the Outook email server:

- Shortly, both test account name ( and password (passwordPFM) are captured by Ettercap:

- At the victim "roch", it can be checked that not only the legitimate AP 192.168.01 has got the fake MAC address attached, but also all the devices connected to the network segment, either wired or wirelessly: