To do this we are using basically 2 tools in kali.
- Ettercap
- Xplico
Xplico is not coming inbuilt manner in kali. In Back track it's in-built. For kali you have to install it. So to do it follow..
type in Terminal,,,
apt-get update
apt-get install xplico
Now go to Application > kali linux > Information Gathering > Traffic Analysis
There you will see "Xplico" , "Xplico start" , "Xplico stop"
To start Xplico firstly you have to start Apache2
go Application > Kali Linux > System Services > HTTP >
Click on "Apache2 start".
Then go to again "Traffic Analysis" and click on "Xplico start" and click on "Xplico".
User name : xplico
Password : xplico
OK..Here what we gonna do..
We are using Ettercap to ARP Poisoning our router or a selected destination PC. Lets say we Poisoned our friend PC using Ettercap.. Then all the IP packets to and from his PC directed through our PC (Kali). And then we gonna track/ analyse deep into packets which going through our ethernet connection (E0). when we inspecting what are going through our ethernet interface, undoubtedly we catching the packets of our friends PC. Then we can deeply and easily investigate what images, web pages, links, sites, voip calls has been made by our friend using Xplico. So let's do it.
ettercap -G
Then Ettercap Graphical user interface will open
Go ot sniff > Unified sniffing
Select your Ethernet adapter.
Then go to Hosts > Scan for hosts
and again go to hosts > host list
Then it will show the scanned hosts.
selet the host you want to ARP Poison. and click on Add to target 1 (You can add another target in same manner and click on Add target 2)
Click on Mitm (It's a abbreviation for Man In the Middle) and click on ARP Poisoning
Click OK
now you have ARP poisoned your colleague. Go to his machine and try brows something. you will see it's not browsing.because it's packets are now directing to our machine and they will don't know how to go onwards. So we have to IP Forward in order to give those packets direct to default gateway through our machine to able him brows Internet. Do it in this way
get terminal and type this
sysctl -w net.ipv4.ip_forward=1
Then again go to your friends computer and see whether you can brows the Internet. Yes you can.
Now we have ARP poisoned your friends PC and his Internet Packets are go through your kali. now we gonna capture the packets and analyse them. As i said Xplico is such a graeate tool for packet analysing it gives comprehensive view of what the has been browsed through a given ethernet adapter.
Here we go open the Xplico as i mentioned above. Now click on "New case" and you will get a form to fill. give a name to the case and select "Live Aquisition". Then click on "New Session" And give a name to Session and create the session. Select the session that you've create and then select the Adapter you want the Xpico keep listen. And click on start. After that all the traffic go through the selected adapter will monitored. After you feel now i wanna look at what my colleague has browsed, simply stop the monitoring and you will see different options are available to you to check of the traffic of your friend..
enjoy..
No comments:
Post a Comment