1 00:00:00,060 --> 00:00:02,850 ‫-: Hi. Within this lecture we're going to see how 2 00:00:02,850 --> 00:00:07,260 ‫we can do the ARP Spoofing, ARP Attack using Better Cap. 3 00:00:07,260 --> 00:00:10,680 ‫So far we have connected our USB Wifi card, 4 00:00:10,680 --> 00:00:14,400 ‫we started Better Cap, and we detected the target. 5 00:00:14,400 --> 00:00:18,720 ‫Over here we know the IP address, if I run help 6 00:00:18,720 --> 00:00:23,130 ‫I will see the ARP Spoof Module over here as not running. 7 00:00:23,130 --> 00:00:26,190 ‫Of course it's not running right now but we have to 8 00:00:26,190 --> 00:00:29,370 ‫start it manually and before we have to start it, 9 00:00:29,370 --> 00:00:32,610 ‫we have to know how it works. So what do we do? 10 00:00:32,610 --> 00:00:36,930 ‫We use help documentation one more time and we are 11 00:00:36,930 --> 00:00:40,290 ‫going to have to of course specify the target that 12 00:00:40,290 --> 00:00:42,330 ‫we want to attack. 13 00:00:42,330 --> 00:00:46,230 ‫So I'm going to say help arp.spoof and it'll just 14 00:00:46,230 --> 00:00:50,370 ‫show me the documentation of the ARP Spoof Module. 15 00:00:50,370 --> 00:00:54,090 ‫As you can see there, simple comments like ARP spoof 16 00:00:54,090 --> 00:00:59,090 ‫on ARP spoof off, but also we see the ARP ban on. 17 00:00:59,220 --> 00:01:03,930 ‫Ban means it, it attacks with the authentication module. 18 00:01:03,930 --> 00:01:08,550 ‫So it's makes the target lose its connection. 19 00:01:08,550 --> 00:01:12,570 ‫So it's a cool story, it's a cool module as well, 20 00:01:12,570 --> 00:01:14,790 ‫but we are not interested in that. 21 00:01:14,790 --> 00:01:18,570 ‫We don't want the we don't want Target to lose its 22 00:01:18,570 --> 00:01:19,860 ‫connection. 23 00:01:19,860 --> 00:01:22,770 ‫On the contrary, we want the target to be connected to the 24 00:01:22,770 --> 00:01:27,770 ‫same network so that we can spoof it by using ARP spoofing, 25 00:01:27,870 --> 00:01:32,870 ‫okay? So we have different options over here like ARP spoof, 26 00:01:33,300 --> 00:01:37,920 ‫full duplex, ARP spoof internal ARP spoof targets, 27 00:01:37,920 --> 00:01:39,270 ‫and white list. 28 00:01:39,270 --> 00:01:42,210 ‫So we are gonna have to make sure that we 29 00:01:42,210 --> 00:01:46,440 ‫adjust them correctly, otherwise it won't work. 30 00:01:46,440 --> 00:01:51,130 ‫So if you come over here and look to ARP spoof full duplex 31 00:01:52,320 --> 00:01:56,880 ‫it says that if this is true both the targets and gateway 32 00:01:56,880 --> 00:01:58,290 ‫will be attacked. 33 00:01:58,290 --> 00:02:01,950 ‫Otherwise only the targets will be attacked. 34 00:02:01,950 --> 00:02:06,950 ‫So if you remember the chart that I have shown you 35 00:02:07,620 --> 00:02:11,460 ‫we have to attack both the gateway, gateway means the 36 00:02:11,460 --> 00:02:16,460 ‫router, and the target in order to be a man in the middle to 37 00:02:16,830 --> 00:02:19,680 ‫get the information from one side and forward to 38 00:02:19,680 --> 00:02:20,970 ‫the other side. 39 00:02:20,970 --> 00:02:23,790 ‫Otherwise, it'll be a one way show. 40 00:02:23,790 --> 00:02:27,600 ‫So maybe we can get the requests, but we won't be able to 41 00:02:27,600 --> 00:02:30,150 ‫see the responses and visa versa. 42 00:02:30,150 --> 00:02:35,150 ‫So make sure you change this to true, okay? 43 00:02:35,400 --> 00:02:40,400 ‫Otherwise it won't work as you might want it. 44 00:02:40,530 --> 00:02:44,520 ‫And in order to change a parameter in Better Cap we always 45 00:02:44,520 --> 00:02:49,520 ‫use the same syntax, same writing structure. 46 00:02:50,040 --> 00:02:54,420 ‫You write sets and then the parameter that you want to 47 00:02:54,420 --> 00:02:59,010 ‫change and then the value that you want to assign to that 48 00:02:59,010 --> 00:03:00,360 ‫parameter. 49 00:03:00,360 --> 00:03:04,740 ‫So in our case we want to change ARP spoof full duplex 50 00:03:04,740 --> 00:03:09,720 ‫parameter, and we want this parameter to have the value 51 00:03:09,720 --> 00:03:12,810 ‫of true rather than false. 52 00:03:12,810 --> 00:03:17,530 ‫So I'm going to write set arp.spoof.fullduplex and with 53 00:03:18,840 --> 00:03:21,810 ‫a space true, okay? 54 00:03:21,810 --> 00:03:25,470 ‫And remember this structure because you will use it 55 00:03:25,470 --> 00:03:30,090 ‫for every parameter in Better Cap. This is how it works. 56 00:03:30,090 --> 00:03:34,800 ‫Set ARP spoof, full duplex, true, and now it's done. 57 00:03:34,800 --> 00:03:39,660 ‫And the other thing over here is the ARP spoof internal. 58 00:03:39,660 --> 00:03:42,990 ‫As you can see, it says that if it is true the 59 00:03:42,990 --> 00:03:47,220 ‫local connections among computers of the network will be 60 00:03:47,220 --> 00:03:52,140 ‫spoofed, otherwise only connections going to end coming from 61 00:03:52,140 --> 00:03:54,600 ‫the external network. 62 00:03:54,600 --> 00:03:59,430 ‫So most of the times you're gonna have to try if this 63 00:03:59,430 --> 00:04:03,210 ‫works or not. So default is false. 64 00:04:03,210 --> 00:04:08,210 ‫So I generally leave it as false and try if it works or not. 65 00:04:09,660 --> 00:04:14,130 ‫And if it doesn't work, I, I try with set arpspoof.internal 66 00:04:14,130 --> 00:04:16,170 ‫too as well, okay? 67 00:04:16,170 --> 00:04:19,110 ‫So you know how to change the parameters like 68 00:04:19,110 --> 00:04:23,610 ‫set ARP spoof internal true, set ARP spoof internal false. 69 00:04:23,610 --> 00:04:27,960 ‫You can try this on your own. I'm gonna leave it as false, 70 00:04:27,960 --> 00:04:32,370 ‫and I'm going to move to the ARP spoof targets because 71 00:04:32,370 --> 00:04:36,210 ‫that's the thing that we should not forget, right? 72 00:04:36,210 --> 00:04:39,420 ‫So we are going to write set ARP spoof targets 73 00:04:39,420 --> 00:04:42,150 ‫1 9 2 1 6 8 1 28. 74 00:04:42,150 --> 00:04:45,927 ‫And since we are seeing targets not target, we can actually 75 00:04:45,927 --> 00:04:48,180 ‫have multiple targets over here. 76 00:04:48,180 --> 00:04:51,150 ‫You can just put a comma and then write whatever 77 00:04:51,150 --> 00:04:55,320 ‫IP addresses that you may think of, like if they're 78 00:04:55,320 --> 00:05:00,270 ‫on the same network of course, and try attacking all of them 79 00:05:00,270 --> 00:05:03,270 ‫at once and try to gather information from 80 00:05:03,270 --> 00:05:05,160 ‫all of them at once. 81 00:05:05,160 --> 00:05:09,747 ‫So once I do that, as you can see, I, I detect my target 82 00:05:09,747 --> 00:05:14,550 ‫and I lose the connection to my target sometimes over here. 83 00:05:14,550 --> 00:05:19,080 ‫Make sure your target is detected by the Better Cap 84 00:05:19,080 --> 00:05:21,930 ‫and then start the ARP spoof. 85 00:05:21,930 --> 00:05:26,010 ‫Like I have started A, ARP spoof by saying ARP spoof on, 86 00:05:26,010 --> 00:05:29,670 ‫but if it loses connection I can say ARP spoof off. 87 00:05:29,670 --> 00:05:34,670 ‫Then again ARP spoof on to make sure this is working, okay? 88 00:05:34,950 --> 00:05:39,270 ‫So it, if it loses connection like this and the 89 00:05:39,270 --> 00:05:41,580 ‫ARP attack will end. 90 00:05:41,580 --> 00:05:45,900 ‫So make sure your target is connected to the network 91 00:05:45,900 --> 00:05:48,300 ‫and make sure you run ARP spoof. 92 00:05:48,300 --> 00:05:51,750 ‫After you run help you will see everything is running, 93 00:05:51,750 --> 00:05:55,110 ‫but not this net.sniff. 94 00:05:55,110 --> 00:05:59,880 ‫Which is the module that we should run in order to get 95 00:05:59,880 --> 00:06:04,590 ‫the information and show it on, on our terminal, 96 00:06:04,590 --> 00:06:08,700 ‫and we are going to say net.sniff on. 97 00:06:08,700 --> 00:06:11,507 ‫So we are gonna stop here and within the next lecture 98 00:06:11,507 --> 00:06:15,840 ‫we are going to see if we can gather information from our 99 00:06:15,840 --> 00:06:19,740 ‫phone while we browse the internet, okay? 100 00:06:19,740 --> 00:06:21,393 ‫Let's see in the next lecture.