1

Basically, I am trying to sniff the network traffic from my other computer. So here's the situation:

I am in a network, where:

192.168.1.1 - default gateway
192.168.1.24 - "victim" (my other computer)
192.168.1.20 - "attacker"

I am using bettercap, but I actually tried ettercap before. Steps to reproduce:

echo 1 > /proc/sys/net/ipv4/ip_forward
bettercap -i wlan0
> arp.spoof targets 192.168.1.24
> arp.spoof on

Then I can check that it works by actually pinging 192.168.1.20, the attacker IP, and it responds rapidly quick, so I actually ping the default gateway. I guess that's how it works, right?

Then I run some sniffing. Tried multiple tools:

urlsnarf - doesn't show anything. It can actually show the localhost traffic (done from the attacker pc)
dsniff - same as above
tshark/wireshark - They are showing some udp/tcp packets, but still no http ones (f.e entering a website, POSTing in a fake user/pass form)
bettercaps net.sniff - actually pretty much the same as tshark/wireshark

I uncommented those 2 iptables lines from ettercap.conf, when I was using ettercap (btw, I was doing: ettercap -Tqi wlan0 -M arp (or arp:remote) // //

So my question here is: Is there something wrong with my spoofing, or do I need to sniff somehow different?

P.S I tried those things on both Kali and Blackarch. P.S 2 I actually tried bettercaps dns.spoof and it also works only on the "attacker" pc, when I ping or go to some website on my "victim" machine, everything works fine - so not fine, cuz it should redirect

0 Answers0