0

  • I have virtual machine windows connected to NAT network.

  • I also have kali linux virtual machine connected to same NAT network.

  • I have port forwarding disabled. cat /proc/sys/net/ipv4/ip_forward gives me 0.

I run the command : mitmf --arp --spoof --gateway 10.0.2.1 --targets 10.0.2.4 -i eth0 . then I go to windows virtual machine type the url and it still accesses the website. Why? I know windows's virtual machine's ip is 10.0.2.4 so its requests have to come to kali linux machine first. I have ip forwarding disabled. so request doesn't go anywhere. why does it still work and accesses the website?

Nika Kurashvili
  • 105
  • 2

1 Answers1

1

This still works because MITMf automatically enables IP forwarding when using the --spoof option:

def set_ip_forwarding(value):
    log.debug("Setting ip forwarding to {}".format(value))
    with open('/proc/sys/net/ipv4/ip_forward', 'w') as file:
        file.write(str(value))
        file.close()
Joe
  • 2,734
  • 2
  • 12
  • 22
  • What should I do to disable it? – Nika Kurashvili Mar 08 '19 at 22:50
  • You could run without `--spoof` but then it's not a mitm, so I don't see what you are trying to achieve if you want to mitm your network but without ip forwarding? – Joe Mar 08 '19 at 23:01
  • The thing why I decided to ask this question is because I didn't understand this: when target makes request, it first comes to middle-man(hacker computer), then it forwards the request to the router. Question 1) i didn't specify that target's mac_address for router has to change to my mac_address, i only specify router's mac address to change to my mac_address for target., but not vica verca. so what will happen after router returns response? does router return response to hacker or target without middleman? – Nika Kurashvili Mar 08 '19 at 23:10
  • what do you think? When i was using arspoof command, i'd run two commands. but now with mitmf, i can only run one command. – Nika Kurashvili Mar 08 '19 at 23:22
  • The router returns the response to the man in the middle. I would recommend further reading on the ARP protocol and [how ARP-based MITM works](https://security.stackexchange.com/a/153328/147932) to ensure you fully understand how the attack works – Joe Mar 08 '19 at 23:25
  • how does this work? i didn't run the command to change router's arp table for target's ip's mac address to my(hacker's) mac_address. does that command I specifed in the question do the both automatically? – Nika Kurashvili Mar 08 '19 at 23:28
  • That's my question. I know how it works. just curious one command does change router's mac address to hacker's mac address and also target-s mac adress to hacker's mac address? – Nika Kurashvili Mar 08 '19 at 23:32
  • Yes, MITMf also does all this with the [`--arp`](https://github.com/byt3bl33d3r/MITMf/blob/067cc4e3370ec1a73aa7b761bf5b664ec5f77041/core/poisoners/ARP.py) option – Joe Mar 09 '19 at 10:36
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/90802/discussion-between-nika-khurashvili-and-joe). – Nika Kurashvili Mar 09 '19 at 10:59