Kali Linux – Sniffing and Spoofing
Sniffing is the process in which all the data packets passing in the network are monitored. Sniffers are usually used by network administrators to monitor and troubleshoot the network traffic. Whereas attackers use Sniffers to monitor and capture data packets to steal sensitive information containing password and user accounts. Sniffers can be hardware or software installed on the system.
Spoofing is the process in which an intruder introduces fake traffic and pretends to be someone else (legal source or the legitimate entity). Spoofing is done by sending packets with incorrect source address over the network. The best way to deal and tackle with spoofing is to use a digital signature.
Though Kali Linux comes packed with many tools for sniffing and spoofing the ones listed below, are mostly used by attackers these days.
Wireshark is a network protocol analyzer that is termed to be the most used and best tool around the word. With Wireshark, you can see what is happening in your network and apply filters to get the most efficient results for what you are looking for. In Kali, Linux Wireshark is already installed and can be located under Applications — sniffing and spoofing — Wireshark.
Wireshark is a GUI based tool, so once you click on the icon Wireshark GUI will open
Once the GUI loads you can see several interfaces like Ethernet, Wi-Fi, Bluetooth, and so on, based on your connection to the network you can choose the interface and start capturing the network traffic. In this case, we are on Ethernet(eth0), so select the eth0 interface and click on the start capturing packets icon which is located in the top left corner.
Once you start capturing packets it will look something like this :
You can also apply specific filters for better searching, for example, if you want to track only HTTP requests you can use apply a display filter bar and apply all the filters you need for better track results.
macchanger is the most used tool under sniffing and spoofing, macchanger can change your mac address, or we can say your physical address to hide your actual identity in the network.
You can locate macchanger in Kali Linux under Applications — sniffing and spoofing — macchanger
macchanger is a command-line based tool so once you click on macchanger a shell will pop up with the help menu
Here is the example of macchanger tool application.
Change random mac address: First, let’s change the network card’s hardware MAC address to a random address. First, we will find the MAC address of the eth0 network interface. To do this we execute macchanger with an option -s and an argument eth0.
macchanger -s eth0
Now the network interface you are about to change a MAC address should be turned off before changing the mac address. Use ifconfig command to turn off your network interface.
MITMPROXY is an SSL-capable man-in-the-middle HTTP proxy, providing a console interface that allows traffic flows to be inspected and edited at the moment they are captured. With mimproxy you can inspect and modify network traffic, save HTTP conversations for inspection, SSL inspection, and more.
To open mitmproxy in Kali Linux you can simply locate it under Applications — sniffing and spoofing — mitmproxy or you can use a terminal and type the following command to display the help menu of the tool.
Let’s see a simple example of using mitmproxy on port number, to do this you can simply use “mitmproxy -p portnumber”.
In our case, let’s use port 80
mitmproxy -p 80
Burpsuite is a java based penetration testing framework that is recognized as an industry-standard tool. Burp has many use cases in penetration testing and can also be used as a sniffing tool between your browser and web servers to find parameters the web application uses.
In Kali Linux, you can locate burpsuite under Applications — web analysis — burpsuite.
To use burpsuite as a sniffing tool we need to configure it to behave like a proxy. Open burpsuite and go to options and select interface “127.0.0.1:8080”
Now configure the browser proxy the same as the IP of burpsuite machine and the port.
To start the interception go to Proxy — intercept and click “intercept is on”. Now all the requests going through your browser will be intercepted and you can navigate all the requests.
Sniffing and spoofing deals a lot in information security, an intruder can track all the data flowing through your system, so make sure you follow the rules of CIA trait.