Get user passwords using scapy — Part 4

Maksym Postument
Aug 31, 2018 · 2 min read

Hello friends, this is a part 4 of my post series about Scapy. We are not going to write any code. Just use our previously created scripts to get information from our target.

To do this I am going to use two VM on the same network. One VM with kali linux and other with Windows 10. I am using VirtualBox to create this VM’s. But any other virtualization can be used for the test.

First what we are going to is to enable packet forwarding on Linux. Other Windows host will lose internet connection.

Execute this line in terminal:

echo 1 > /proc/sys/net/ipv4/ip_forward

For the next step, we are going to start ARP spoofer. This attack is described more in one of the previous scapy posts.

python arp_spoofing.py -t 10.0.2.4 -g 10.0.2.1
[+] Packets sent: 8^

Where 10.0.2.4 — Target IP address

10.0.2.1 — Router IP address

Let’s check if target ARP table was updated

Before arp spoofing:

And after:

As you can see the router mac address was changed. Now all target packets should go through hacker host (kali linux).

To steal packets we will use packet sniffer from the previous post:

python packet_sniffer.py -i eth0

And we should wait when the target will open some website to steal information. I am going to switch to windows host and try to login to some website.

And you can result of your attack in kali linux terminal:

python packet_sniffer.py -i eth0
[+] Http Request >> aavtrain.com/index.asp
[+] Possible username/passowrd user_name=target_user&password=secret+password&Submit=Submit&login=true
[+] Http Request >> aavtrain.com/index.asp
[+] Possible username/passowrd user_name=target_user&password=secret+password&Submit=Submit&login=true

Url and password provided by the user are displayed in the terminal.

ARP spoofer should be running all the while we are doing attack. Otherwise, ARP table will be restored.

Also, this attack is not going to work with https websites because traffic is encrypted.

I would not recommend using this to steal data. You can have criminal responsibility for hacking people

Part 1

Part 2

Part 3

Check my blog — http://devopslife.xyz

Script from this posts can be found on my GitHub repository https://github.com/Infectsoldier/hacking_tools

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade