1

I have been attempting to run a MiTM on a very old XP SP3 computer. I have attempted it with 3 products, as listed below:

Wireshark: Traffic from the computer did not even show up. (I did see traffic from multiple IP's, so I think I have the right adapter)

ARP Spoof: (with and without SSL Strip): As soon as attack took place victim was kicked off my network and not allowed back on until attack stopped

Cain: Showed a "half-routing" symbol. When I put in the command "ping google.com" on the victim the 4 packets went out and registered in Cain, but no response came back.

It seems to me that my router is detecting that I am MiTMing my computer, and refusing to allow it to connect. Does anyone know how I can circumvent this?

KnightOfNi
  • 2,247
  • 3
  • 18
  • 23
  • first of all Router cannot prevent the MITM. are you able to do the arp-spoof successfully ? – ifexploit Dec 21 '13 at 08:01
  • If you aren't seeing traffic from your target in Wireshark, then you have a basic routing problem. It is possible that you are not on the target's local network. What we would need from you is a description of your network setup. What's in between your target and your attacker? – schroeder Dec 31 '13 at 00:22
  • @schroeder I don't know of anything. I just checked again and it turns out the sites I used to test Wireshark on were not using the http protocal. However there is still a wireshark problem. – KnightOfNi Jan 03 '14 at 03:04
  • @user2945577 we can't help without a better description of the network configuration – schroeder Jan 04 '14 at 19:34

1 Answers1

1

You need to remember to tell the client about the gateway (which is you) and the gateway about the client (which is also you). It seems you have as the error says only spoofed one side of the network. You need to tell the router you're the PC and the PC you're the router and enable yourself to forward these packets along too. Forwarding will enable you to transmit the packets, and is achieved in linux by the following command:

echo 1 > /proc/sys/net/ipv4/ip_forward

You will have trouble if you only do the PC side or vice versa. Also remember to refresh your router and clients ARP cache or they will not be able to get out to the internet.

SPRBRN
  • 7,379
  • 6
  • 33
  • 37
Sighbah
  • 341
  • 1
  • 7
  • I remembered to enable forwarding first, but you make a good point about the arp cache - I did not need to refresh it to get back on the internet. Perhaps the poisoning went awry? – KnightOfNi Apr 04 '14 at 02:45