About Us Contact Us
Home About Services Solutions Industries Knowledge Blog Contact
Hit enter to search


CyberSecurity BFSI

Executing the Attack

In this article we're going to see how to execute an arp spoof attack that will also lead to sniffing packets along with stealing credentials. So let's get started without further ado ...

NOTE: Please perform this attack on your own machines or use the VMware / Virtual Box.
Stuffs I’ll be using: –
1. Windows Machine (Target/Victim)
2. Kali Linux (Attacker)
3. Ettercap (Tool present in kali for performing MITM attacks)
4. Wireshark (Used for sniffing packets)
Both the machines are connected in a single network.


1) Go to Kali Linux and click on the IP forwarding or you can drop all the packets between the target and the router.

Use the command to turn on IP Forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
and again cross check it by the command:
cat /proc/sys/net/ipv4/ip_forward
Make sure the value is 1
infopercept blog
2) Check your router's default gateway or IP using the following command:
ip route
infopercept blog
3) Go to your windows machine and open cmd by typing: and check your IP address: ipconfig
infopercept blog
4) Start the Ettercap tool GUI by typing: ettercap –G
infopercept blog
5) Go to the tab and click the button Unified Sniffing
infopercept blog

6) You will then be asked to choose your own network adapter for the network adapter. In my case, their wlan0 as I use the wireless network card of my KALI.

infopercept blog
7) Click on Targets tab and select Current targets.
infopercept blog

8) In place of target 1 add the IP address of the default gateway and in the place of target 2 add the IP address of the target (Windows machine).

infopercept blog
9) Click on the MITM tab and select arp poisoning
infopercept blog
10) Now pick the remote connection for sniffing and then press all right.
infopercept blog

11) Now open Wireshark to sniff all of our target's packets.

12) Choose your network interface after opening and press the Start button.

13) Go to your windows machine now and try logging into any website.

14) Come back to Wireshark and try using filters like ip.addr ==’s IP address) to show all packets related to our target only.

15) Now search for the packets for any sensitive information, but most passwords are sent in post requests so try to search for any post requests and if you're lucky you might get something like that?

infopercept blog

So that’s for now. See you next time.