ARP spoofing (also known as ARP poisoning) is a technique whereby an attacker sends fake “spoofed” Address Resolution Protocol (ARP) packets onto a Local Area Network (LAN). The purpose of this attack is to associate the attackers MAC address with the IP address of another host (such as a default gateway), causing any traffic that is meant for that IP address to be sent to the attacker instead.
ARP Spoofing may allow an attacker to intercept data frames on LAN, modify the traffic, or stop the traffic altogether. Often the attack is used as an opening for other attacks such as denial of service, man in the middle or session hijacking attacks.
The attack can only be used on networks that make use of the Address Resolution Protocol (ARP) and is limited to local network segments.
I will be using Linux KaliLinux version 1.0 as the attacker
Forward Linux Traffic
Should this be used as a denial of service attack you won’t need to run this, all traffic will hit the Linux box and terminate causing services not to run.
Should this be used as a man in the middle attack you will need to forward all traffic to the defined gateway
Temporarily Forward Traffic
echo "1" > /proc/sys/net/ipv4/ip_forward
Permanently Forward Traffic
uncomment out the following line
You should have two ARP attacks running, one against the target computer and one against the gateway for returning traffic.
arpspoof -i eth0 -t 192.168.0.2 192.168.0.254
arpspoof -i eth0 -t 192.168.0.254 192.168.0.2
Hold down Ctrl and press “C” to stop the attacks, two ARP packets will be sent after termination to set the arp table on the computer or router back to how they should be.
Only use this on devices you either own or have authorisation to use on.
Man in the Middle
- You can use tools such as Wireshark to capture and analyse packets
- SSL traffic needs to be stripped before viewing, you can use thee following tool SSLStrip
Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.