MAN IN THE MIDDLE ( MITM) ATTACK : USING

WIRESHARK AND CAIN & ABEL

Posted by 0x333.c 2 comments

Today i got a request from my friend , he wants to know how to use wireshark and cain & abel tools.
To make this tutorial interesting i will show how do MITM attack including ARP Cache Poisoning. Then
we will inject the cookies we get , to browser for hijack the account.

Please make sure that this two tool has been installed on your machine. You can get Wireshark here ,
Cain & Abel here. If your antivirus keep annoy about this tool just ignore. Sometime when you run
Cain & Abel the popup say WinPcap driver not found please install it first , you can get it here

Lets start the tutorial. On your Cain & Abel , Click on Sniffer tab , active the sniffer and click "+" sign.

Check on All hosts in my subnet and tick on All Tests for more .
You will get a list of IP depend on the client on the network. Make sure that you know which one is
Client IP (Victim) and your Gateway IP ( Router ). For my case , 192.168.0.1 is my Gateway IP and
192.168.0.102 is Client IP.
After that , Click APR tab that has radioactive sign. then click on "+ " sign
First click on your Gateway IP ( 192.168.0.1) on the left option , and click Client IP ( 192.168.0.102)
on right option.
Select Gateway IP and Start APR by click radioactive sign.
Run Wireshark tools.

Select the network interface that currently used by click Interface List. To confirm which interface is it
, look at the packet. In my case WiFi is my currently network interface used , tick on it and Start.
You will get a lot of data. To confirm that you ARP Cache Poisoning is succesfull look at the Source ,
it will listing the Victim IP.
To steal the cookies of victim , Filters the result with "http.cookies" .

Then click on Hypertext Transfer Protocol , identify where is cookies from "www.blogger.com" , and
copy truncated cookies.
To inject cookies on your browser you will need a Tampermonkey extenison (Chrome user) or
Greasemonkey extension (Firefox user ). Download Tampermonkey here Greasemonkey here.
And also Cookie Injecter script here.
Restart Your Browser. Goto to website that the cookies come from. In my case is "www.blogger.com"
Press ALT + C button to get the injector cookies pop up.

Paste The cookies on the fill box. Then refresh the browser.
Now you have access to the blogger page admin without need to know the username and password.
Cookies can be used untill the victim did not logout the account.

Oftenly this technic is used by Hacker on CyberCafe , school network , Wifi Hotspot to steal
facebook cookies.