Windows 7 ettercap

I hope some developper fix the IPv5 bug of Ettercap soon. Download ettercap for free. It supports active and passive dissection of many protocols even ciphered ones and includes many feature for network and host analysis. As pentester we use a lot of tools during penetration tests. One of the main parts of the penetration test is man in the middle and network sniffing attacks. We generally use popular tool named ettercap to accomplish these attacks. In this tutorial we will look installation and different attack scenarios about ettercap.

Note that this tutorial assumes you have already set up a virtual environment where 2 VMs can communicate with each other. Below are each steps needed to complete this with screenshots of the ARP poisoning taking place utilizing Ettercap.

It is your choice on what OS you choose to use to carry out this attack. However, for the purpose of this tutorial it is recommended you use Kali Linux for one VM, and Windows 7 for the other.

Once you have both VMs up and running make sure that on the Windows 7 machine, the firewall is turned off and network sharing is turned on.

This is located in the Network and Sharing Center by right-clicking the internet symbol on the bottom right of your screen. On both machines, pull up a terminal and type ifconfig Kali and ipconfig cmd Windows to write down the IPV4 address of both machines.

Also, write down the gateway address. This ensures that your Kali machine can receive the packets that will be forwarded by the attack. Screenshot below. If you are using a wireless card adapter click on that interface. Usually, though, you will just see eth0. Note: Unified sniffing can be used to perform MITM attacks from a single network device, and with the target device being in the same subnet as you typically connected to the same router.

Once you have done that you should see on the bottom window of Ettercap that unified sniffing started. If not just click on the sniffing tab on the top of the Ettercap window and click start sniffing.

In this screenshot, you can also see that ARP poisoning was successful, which is possible by running the chk poisoning plugin. This can be done by clicking the plugins tab and clicking on that plugin. Now we are going to click on the tab labeled Mitm. An attacker is a person that steals your data without permission and a feature of some attacks is that they are hidden. Ettercap provides different type of user interface.

GUI is the easiest one but we will use text only interface in this tutorial. Before specifying interface we should list available interfaces. We can list interfaces with -I option. The first thing we should learn is select interface we want to operate with ettercap.

We will use de facto option -i to specify interface we want to select. In this example we will select interface ens3. We can start GUI with the following command.

Because ettercap will sniff and change os settings we need to provide root privileges while starting ettercap. We can list live hosts from the menu Host.

We can see that IP address and MAC address information about the hosts are provided in the following screenshot.