Basically, I am trying to sniff the network traffic from my other computer. So here's the situation:
I am in a network, where:
192.168.1.1 - default gateway
192.168.1.24 - "victim" (my other computer)
192.168.1.20 - "attacker"
I am using bettercap
, but I actually tried ettercap
before. Steps to reproduce:
echo 1 > /proc/sys/net/ipv4/ip_forward
bettercap -i wlan0
> arp.spoof targets 192.168.1.24
> arp.spoof on
Then I can check that it works by actually pinging 192.168.1.20
, the attacker IP, and it responds rapidly quick, so I actually ping the default gateway. I guess that's how it works, right?
Then I run some sniffing. Tried multiple tools:
urlsnarf - doesn't show anything. It can actually show the localhost traffic (done from the attacker pc)
dsniff - same as above
tshark/wireshark - They are showing some udp/tcp packets, but still no http ones (f.e entering a website, POSTing in a fake user/pass form)
bettercaps net.sniff - actually pretty much the same as tshark/wireshark
I uncommented those 2 iptables
lines from ettercap.conf
, when I was using ettercap
(btw, I was doing: ettercap -Tqi wlan0 -M arp (or arp:remote) // //
So my question here is: Is there something wrong with my spoofing, or do I need to sniff somehow different?
P.S I tried those things on both Kali
and Blackarch
.
P.S 2 I actually tried bettercaps dns.spoof
and it also works only on the "attacker" pc, when I ping or go to some website on my "victim" machine, everything works fine - so not fine, cuz it should redirect