✔️ Configure a Kali machine to perform ARP Poisoning against Windows and Linux machine

✔️ Use Wireshark to analyze intercepted traffic to find sensitive information and files

Our Machine...

we should always remember to enable IP Forwarding before ARP spoofing so that we don't :

• break the communication between hosts
• cause a denial of service

$ echo 1 > /proc/sys/net/ipv4/ip_forward
$ arpspoof -i <interface> -t <target> -r <host>

Linux Machine ↔ Webserver

1. start the arpspoof attack between the IP of the machine and webserver
2. run wireshark

once any requests and responses are sent between the client and the server...

• filter the HTTP content and observe the traffic requests and responses

Windows 7 ↔ Windows Share

1. run wireshark

2. whenever a client opens a file in the server/ share,

   it is downloaded and opened for read/write on the go

3. open the captured traffic,

   • filter the traffic as: "smb"
   • view the objects at: file > export objects > smb/smb2