It’s full from is man in the middle attack. It is very dangerous attack that can damage all the machine of a network. In this attack a hacker connects his/her computer with the network of his/her victim and can record anything using on machines running in network of his/her victim.
Hacker can record username, password and anything written by victim his /her machines. It is very powerful attack so we must computer our network regularly.
Many tools used for MTIM as owasp zap, Ettercap and burp suite etc. burp suite and owasp zap are used mostly for website information gathering and attack and these are used for limited MITM attack. But mostly Ettercap is used for MITM attack and very best tool.
a) ETTERCAP:
It is a tool of kali Linux that works in graphical user interface mode and used in man in the middle attack. It supports every type of network connection as (Ethernet), (WiFi) etc. for man in middle attack. It is very best tool and easy to use for man in the middle attack so a hacker should learn it for easy MITM attack.
Now to perform MITM hack should connect his/her computer with the (WiFi) router or (Ethernet device) with which victim computer is connected. Then open the Ettercap graphical from (application) in your kali Linux.
Click on (sniff) and then click on (unified sniffing).
Sniffing in Ettercap
Then select the interface as (eth0) are (wlano) to which you are connected and victim’s computer is connected as (wlan0) for (WiFi) and click (ok).
Interface or network selection in Ettercap
Then click on (hosts) and click on (scan for hosts).
Then again click on host and click on (host list) to see the connected the machines or hosts. Then select the (ip address of your victim) and click on (add to target 1) to capture the data of your victim’s computer. Then select the (ip address of your kali Linux computer) and click on (add to target 2) to see the data of victim’s computer.
Hosts scanning in Ettercap
Target setting in Ettercap
Then click on (Mitm) and click on (ARP Poisoning). You will see two options so tick on (sniff remote connections) and click on (ok).
Then click on (start) and click on (start sniffing).
Now as victim will enter his/her details on his computer in websites as his/her usernames, password, date of birth etc. Then we can capture it in Ettercap and we can username the detail our victim to login to same websites.
Captured details of victim in Ettercap
It can be dangerous if victim enters his/her different accounts details. This method can be helpful to hack the username and password of website if we attach ourselves to the network of our victim by going to near him. It is easy way if victim login to his/her website when we are using Ettercap his/her network. Is not allowed but we must hack the fake and sixes website using this easy method. So, good luck for Ettercap.
b). WIRESHARK:
It is also a tool of kali Linux that is used for man in the middle attack. It is very important software of kali Linux the works in graphical user interface mode and use to capture and analyze the different requests and packet in a network. It support (Ethernet) and (wlan0) etc. for man in the middle attack. It is not easy as Ettercap but it is more useful than other tool used for man in the middle attack. So, a hacker must learn it deeply for mitm attack. It is pre-installed in kali Linux so we can use it directly.
Now to capture the traffic in a network you must connect your computer of kali Linux with the (interface) in which you want to capture traffic like (wlan0), (WiFi) for (eth0) for (Ethernet) etc. let consider that you want to capture traffic using (WiFi) router of your victim. To do this you must be connected to WiFi router of your victim with which victim’s computer is connected.
Interface selection in Wireshark
Now open the (wireshark) in your kali Linux. Select the interface which you want to use, as (wlan0) for (WiFi) then are may be (WiFi) directly.
Then click on (green icon) like wireshark icon to (start the new live capturing) and capturing will start a capturing can start directly when you select the (interface). If you want to start capturing again and click on (capture) in menu and click on (restart) and capturing will start again. To stop capturing click on (red icon) click on (white icon) to (open the capture file), click on icon with white icon to (save the capture file) and click on (cross icon) to (close the capture file). If you want to (reload the capture file) click (inverted arrow) icon. To search any packet click black (umbrella like icon). You can use small arrow (to go to a specific packet number) to analyze and (to come back). (Downward) and (upward) blue follower like icons are used to go to (top) and (bottom) of capture packets you can (zoom in) and (zoom out) the packet details by icons as shown in the figure.
Useful icons of wireshark
You can search the specific packets by using (filter bar) in wireshark as DNS. As you will type (DNS) and press (enter) then packet related to (DNS) will show in (capture window). Now if you want to see the network a traffic of specific (ip address) then type (ip.src== 192.168.1.0) and press (enter) and packets only related to your ip address will show in (capture bar). If you want to search packet related to a protocol just type the protocol hint in (filter bar) and press (enter). For example, if you will type (tcp) in filter bar it will show you the traffic are packets related (tcp). Now if you want to see the traffic related to a specific port of a specific protocol then type (protocol name with port) for example
(udp.port= = 53) and press (enter) so traffic related to specific port (53) will show in wireshark. If you want to capture the traffic a specific ip address on its specific port and protocol type ip, protocol and port as
( ip.addr= = 192.168.1.0.1 88)
(tcp.port = = 53) and you can see traffic. You can analyze the traffic of a network to check that what is actually running in a network and what activities are being used by user network.
You can do this as security researcher or for wrong purpose also. But for wrong purpose it is not allowed so you must it for ethical purposes. Only type the protocol name and press (enter) in (filter bar) and see the (traffic details) in (second window) of wireshark as shown in figure. You can see transmission of packets and requests in second window in network. You can see the MAC address of ip addresses of servers of a victim in his/her network by wireshark. Websites links can be analyzed also. It was the detail of basic working method and options of wire shark. Now we will discuss about the major and dangerous properties of wireshark.
USERNAME, PASSWORD, EMAIL AND OTHER ACOUNTS HACKING BY WIRESHARK:
Wireshark is very powerful tool of kali Linux. It can help us very much for website, email, facebook hacking. We know that all these work related to (internet). Wireshark works in a network and can capture also (http) and (https) traffic also. Let consider that you are connected to the network of your victim and victim by chance (login) into his/her websites, email, facebook account etc. this detail related to website, email, facebook will capture in wireshark.
Accounts capturing in wireshark
Type (http) or (https) in (filter bar) in wireshark and press (enter), so packets related to (http) or (https) will show in wireshark. Click on different (ip address) and click on (authorization) in (send window) of the wireshark and if any (username), (password) or (email) or any other detail will be captured, it will show and you can use it for your own work.
You can also see the detail about the routers that are using in network of your victim like their BSSID, ESSID, MAC Address etc. using wireshark. You can captured (WiFi password) also if victim (enter) in his/her network when you are using wireshark, and you can use it.
You can also capture the performance of different scanning tool like nmap, nikto, vega, owasp zap etc. during scanning by wireshark.
This was all about the main working of wireshark. It has more many setting option but those are set by default. So, wireshark is good to use and you must use it for ethical purposes. It has command line interface (CLI) mode also but best is GUI mode. So, good luck for wireshark.