Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm new to perform arpspoofing. I let my target to run in virtualbox and its ip address is 192.168.100.14. I wrote the following code to perform the attack code:"arpspoof -i wlan0 -t 192.168.100.1 -r 192.168.100.14"
while i execute this command, my machine which is running in virtualbox is not accessing internet but it is accessing router. When i stop spoofing it normally access the internet. I don't know what wrong i had done. Please help me. I'm new to this and this is my first post so please excuse me if i had done anything wrong. Thanks in advance
You need to set up a host-only or bridged network interface within Virtual Box. Otherwise the host machine cannot contact the virtual machine to issue the ARP poisoning attack. I suggest you set up two virtual machines, one as the attacker, one as the victim, and use a host-only network within Virtual Box.
A bridged network, if memory serves me correctly, will allow your virtual machine victim to appear on the host machine's network. The only issue with learning to do an ARP poisoning attack with this configuration is you can accidentally take down machines on your home network (or whatever network you are connected to)
The process of learning to ARP poison requires a basic understanding of the network fundamentals required to issue the attack. I suggest you read the following:
You need to set up a host-only or bridged network interface within Virtual Box. Otherwise the host machine cannot contact the virtual machine to issue the ARP poisoning attack. I suggest you set up two virtual machines, one as the attacker, one as the victim, and use a host-only network within Virtual Box.
A bridged network, if memory serves me correctly, will allow your virtual machine victim to appear on the host machine's network. The only issue with learning to do an ARP poisoning attack with this configuration is you can accidentally take down machines on your home network (or whatever network you are connected to)
The process of learning to ARP poison requires a basic understanding of the network fundamentals required to issue the attack. I suggest you read the following:
hi mralk3,
Thanks for your answer. It did work on changing my network connection in virtual box from NAT to Bridged Adapter and specifying interface as wlan0. Arpspoofing is working fine. I'm using sslstrip to grab information. It is not working on some sites like Facebook,Gmail etc,, while it is working perfectly in some other. I'm using firefox in target machine and my sslstrip version is 0.9. Can you suggest me another method which can grab information more efficiently.Thanks in advance
Thanks for your answer. It did work on changing my network connection in virtual box from NAT to Bridged Adapter and specifying interface as wlan0. Arpspoofing is working fine. I'm using sslstrip to grab information. It is not working on some sites like Facebook,Gmail etc,, while it is working perfectly in some other. I'm using firefox in target machine and my sslstrip version is 0.9. Can you suggest me another method which can grab information more efficiently.Thanks in advance
I assumed your intention was to ARP poison in a test environment. I'm not going to help you hack into Facebook or Gmail accounts. Even if the account is your account it's not legal.
I answered your original question and will leave it at that.
I assumed your intention was to ARP poison in a test environment. I'm not going to help you hack into Facebook or Gmail accounts. Even if the account is your account it's not legal.
I answered your original question and will leave it at that.
I'm not understanding why it is illegal i want to do it on my account only right? Just for educational purpose only.
Just tell me process please.
it is under the CFAA
that 1986 law that is in need of fixing
then there is the forum RULE !!!!!!! NO CRACKING / BLACK HAT HACKING!!!!!
If you build your own Web application, on your own hardware, on your own network, using Free and open source software to host it ( under most licenses anyway ), then Crack away. However, LQ is not the place to post about this stuff.
At any rate, this process would give you a far better understanding of how/what ARP Poisoning with sslstrip actually is... better than I could explain it here.
There are plenty of tutorials online discussing how to go about installing and configuring a lab environment to learn such things.
Hi sadranger. Sorry things are not going well with this discussion.
Think of: asking a PoliceOfficer: "Lets discuss techniques *I* could use, to GRAB your gun..."
The conversation would NOT go well Also, spend some time on LQ rules, FAQ, etc.
Have a look at this: http://www.linuxquestions.org/questi...-up-4175591644
Also, the Kali doc specifically says: ...for experienced professionals...
A recent post said: "Kali is for users who already know how to use it".
Using LQ for Kali questions == -> .
I'm sincerely trying to help, by pointing out "cold reality". Best wishes.
p.s. More "Rule reality": 'black-hatting' will get Thread Closed; a 2nd such new-Thread-post attempt seems to just get account banned. LQ maintains high standards.
Hi sadranger. Sorry things are not going well with this discussion.
Think of: asking a PoliceOfficer: "Lets discuss techniques *I* could use, to GRAB your gun..."
The conversation would NOT go well Also, spend some time on LQ rules, FAQ, etc.
Have a look at this: http://www.linuxquestions.org/questi...-up-4175591644
Also, the Kali doc specifically says: ...for experienced professionals...
A recent post said: "Kali is for users who already know how to use it".
Using LQ for Kali questions == -> .
I'm sincerely trying to help, by pointing out "cold reality". Best wishes.
p.s. More "Rule reality": 'black-hatting' will get Thread Closed; a 2nd such new-Thread-post attempt seems to just get account banned. LQ maintains high standards.
Ok fine one thing I get from this discussion is this site is not for learning ethical hacking
It's not a question of ethical hacking. You are trying to do something that is illegal and announced it on a public message board. More importantly, you appear to have no intention of learning about the inner workings of the technology. That's not "black hat", it's " script kiddie".
It's not a question of ethical hacking. You are trying to do something that is illegal and announced it on a public message board. More importantly, you appear to have no intention of learning about the inner workings of the technology. That's not "black hat", it's " script kiddie".
I apologise for your inconvenience. I'm new to this forums so I don't know what to ask and what not to. I do have intentions of learning about inner work of technology, but don't know where to start. Thanks for your time.
>"I apologize ... Thank you ..."
Ah! Welcome back to the LQprecinct
(I was afraid that my post#8 might cause a flame-out, or even be an LQinfractionI didn't realize!)
>"there are many other forums for ethical hacking and ethical pen-testing"
Think of it like a devout church that doesn't want to discuss atheism, or Dem vs. Rep politics or ...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.