DNS Spoofing In this section, we will learn about DNS server. DNS is basically a server that converts the domain name to the IP address of the device. We can convert the domain name like  www.google.com  to the IP addresses of the device where the Google website is stored. Since we are the MITM, we can have a DNS server running on our computer and resolve DNS requests the way we want. For example, whenever a person requests to Google.com, we can actually take them to another website, because we are in the middle. So, when someone requests it, we will actually give them an IP that we want, and then they will see a completely different website than what they are expecting. So, we can have a fake website running on our server and get requests, for example, from xyz.com to that website. To do this attack, the first thing we will do is redirect people to our web server. The web server is going to be run on our local Kali machine. We can redirect the people anywhere we want. ...

  Bypassing HTTPS In the previous section, we saw how to sniff and capture any packets sent over HTTP requests. Most famous websites like Google, Facebook uses HTTPS instead of HTTP. This means when we try to become the MITM, when the person goes to that website, the website will display a warning message saying that the certificate of that website is invalid. That's why the person won't log in to that page. So, we are going to use a tool SSLstrip. This tool is used to downgrade any HTTPS request to HTTP. So whenever the target person tries to go to any website, they'll be redirected to the HTTP page of this website. Let's go to the browser on the target, and we are going to try to go hotmail.com. Now, in the following screenshot, we can see that on the top in the address bar the website uses HTTPS, so if we try to become the MITM, this website will display a warning: To bypass the warning, we are going to use a tool called SSLstrip to downgrade any request to the HTTPS...

  ARP spoofing using MITMf In this section, we are going to talk about a tool called  MITMf (man-in-the-middle framework) . This tool allows us to run a number of MITM attacks. In this section, we are going to use a basic ARP poisoning attack, exactly like we did in the previous section. We are going to be using our Wi-Fi card to do these attacks. We can use Ethernet virtual card instead of Wi-Fi card. If we do  ifconfig  just to see our interface, we'll see that we have the  wlan0  card connected to the internet network at  10.0.0.11 : Now, run arp -a on the Windows machine to see our MAC address. In the following screenshot, we can see that we have the gateway at 10.0.0.1, and the MAC address ends with 49-df: So we're going to run ARP poising attack and see whether the MAC address changes and whether we can become the MITM. To use the  MTTMf  tool, we're going to put the command first. Then we're going to define the -- arp  --spoof (AR...

  ARP spoofing using arpspoof Now, we're going to run the actual ARP poisoning attack, redirecting the flow of packets and making it flow through our device. We'll use a tool called arpspoof, which is part of the suite called dsniff. This suite contains a number of programs that can be used to launch MITM attacks. We are going to see how to use  arpspoof tool  to carry out ARP poisoning, which redirects the flow of packets through our device. Now, let's see, at the target, Windows is the target device, and we are going to the ARP table. So, we will run  arp -a  on the  Windows  machine to see the ARP table. In the following screenshot, we can see that the IP address for the access point is 10.0.0.1, and we can see its MAC address is  c0-ff-d4-91-49-df . It is stored in the ARP table: So, we are connected now to the target network. We're going to use a tool  arpspoof  -i to choose our internet card which is  wlan0 . Then we are going...

  Man-in-the-Middle Attacks In this section, we are going to talk about   man-in-the-middle (MITM)   attacks. This is one of the most dangerous attacks that we can carry out in a network. We can only perform to this attack once we have connected to the network. This attack redirects the flow of packets from any client to our device. This means that any packet that is sent to or from the clients will have to go through our device. Now, we know the password and key to the network, so we will be able to read just read those packets, modify them, drop them. This attack is so effective and so powerful because it's very hard to protect against. This is due to the way the ARP protocol works. ARP has two main security issues. The first security issue is that each ARP request response is trusted, so whatever our device says to other devices that are in our network will be trusted. If we tell any device on our network that we are the router, the device will trust us. It will not ru...