LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-12-2017, 11:16 PM   #1
sadranger
LQ Newbie
 
Registered: Jun 2017
Posts: 24

Rep: Reputation: Disabled
arpspoofing on kali linux is not working


I'm new to perform arpspoofing. I let my target to run in virtualbox and its ip address is 192.168.100.14. I wrote the following code to perform the attack code:"arpspoof -i wlan0 -t 192.168.100.1 -r 192.168.100.14"
while i execute this command, my machine which is running in virtualbox is not accessing internet but it is accessing router. When i stop spoofing it normally access the internet. I don't know what wrong i had done. Please help me. I'm new to this and this is my first post so please excuse me if i had done anything wrong. Thanks in advance
 
Old 06-14-2017, 10:59 AM   #2
mralk3
Senior Member
 
Registered: May 2015
Distribution: Slackware, OpenBSD
Posts: 1,549

Rep: Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869
You need to set up a host-only or bridged network interface within Virtual Box. Otherwise the host machine cannot contact the virtual machine to issue the ARP poisoning attack. I suggest you set up two virtual machines, one as the attacker, one as the victim, and use a host-only network within Virtual Box.

A bridged network, if memory serves me correctly, will allow your virtual machine victim to appear on the host machine's network. The only issue with learning to do an ARP poisoning attack with this configuration is you can accidentally take down machines on your home network (or whatever network you are connected to)

The process of learning to ARP poison requires a basic understanding of the network fundamentals required to issue the attack. I suggest you read the following:

https://en.wikipedia.org/wiki/ARP_spoofing
https://www.irongeek.com/i.php?page=security/arpspoof

This page should help you understand how to configure your lab environment:

https://www.virtualbox.org/manual/ch06.html
 
Old 06-15-2017, 06:53 AM   #3
sadranger
LQ Newbie
 
Registered: Jun 2017
Posts: 24

Original Poster
Rep: Reputation: Disabled
that worked (solved)

Quote:
Originally Posted by mralk3 View Post
You need to set up a host-only or bridged network interface within Virtual Box. Otherwise the host machine cannot contact the virtual machine to issue the ARP poisoning attack. I suggest you set up two virtual machines, one as the attacker, one as the victim, and use a host-only network within Virtual Box.

A bridged network, if memory serves me correctly, will allow your virtual machine victim to appear on the host machine's network. The only issue with learning to do an ARP poisoning attack with this configuration is you can accidentally take down machines on your home network (or whatever network you are connected to)

The process of learning to ARP poison requires a basic understanding of the network fundamentals required to issue the attack. I suggest you read the following:

https://en.wikipedia.org/wiki/ARP_spoofing
https://www.irongeek.com/i.php?page=security/arpspoof

This page should help you understand how to configure your lab environment:

https://www.virtualbox.org/manual/ch06.html

hi mralk3,
Thanks for your answer. It did work on changing my network connection in virtual box from NAT to Bridged Adapter and specifying interface as wlan0. Arpspoofing is working fine. I'm using sslstrip to grab information. It is not working on some sites like Facebook,Gmail etc,, while it is working perfectly in some other. I'm using firefox in target machine and my sslstrip version is 0.9. Can you suggest me another method which can grab information more efficiently.Thanks in advance
 
Old 06-15-2017, 10:50 AM   #4
mralk3
Senior Member
 
Registered: May 2015
Distribution: Slackware, OpenBSD
Posts: 1,549

Rep: Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869
Quote:
Originally Posted by sadranger View Post
Thanks for your answer. It did work on changing my network connection in virtual box from NAT to Bridged Adapter and specifying interface as wlan0. Arpspoofing is working fine. I'm using sslstrip to grab information. It is not working on some sites like Facebook,Gmail etc,, while it is working perfectly in some other. I'm using firefox in target machine and my sslstrip version is 0.9. Can you suggest me another method which can grab information more efficiently.Thanks in advance
I assumed your intention was to ARP poison in a test environment. I'm not going to help you hack into Facebook or Gmail accounts. Even if the account is your account it's not legal.

I answered your original question and will leave it at that.
 
Old 06-15-2017, 11:56 AM   #5
sadranger
LQ Newbie
 
Registered: Jun 2017
Posts: 24

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by mralk3 View Post
I assumed your intention was to ARP poison in a test environment. I'm not going to help you hack into Facebook or Gmail accounts. Even if the account is your account it's not legal.

I answered your original question and will leave it at that.
I'm not understanding why it is illegal i want to do it on my account only right? Just for educational purpose only.
Just tell me process please.
 
Old 06-15-2017, 09:31 PM   #6
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,517

Rep: Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619
it is under the CFAA
that 1986 law that is in need of fixing

then there is the forum RULE !!!!!!!
NO CRACKING / BLACK HAT HACKING!!!!!
 
Old 06-15-2017, 11:48 PM   #7
mralk3
Senior Member
 
Registered: May 2015
Distribution: Slackware, OpenBSD
Posts: 1,549

Rep: Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869
Quote:
Originally Posted by John VV View Post
it is under the CFAA
that 1986 law that is in need of fixing

then there is the forum RULE !!!!!!!
NO CRACKING / BLACK HAT HACKING!!!!!
If you build your own Web application, on your own hardware, on your own network, using Free and open source software to host it ( under most licenses anyway ), then Crack away. However, LQ is not the place to post about this stuff.

At any rate, this process would give you a far better understanding of how/what ARP Poisoning with sslstrip actually is... better than I could explain it here.

There are plenty of tutorials online discussing how to go about installing and configuring a lab environment to learn such things.
 
Old 06-16-2017, 01:11 AM   #8
Jjanel
Member
 
Registered: Jun 2016
Distribution: any&all, in VBox; Ol'UnixCLI; NO GUI resources
Posts: 999
Blog Entries: 12

Rep: Reputation: 362Reputation: 362Reputation: 362Reputation: 362
Hi sadranger. Sorry things are not going well with this discussion.
Think of: asking a PoliceOfficer: "Lets discuss techniques *I* could use, to GRAB your gun..."
The conversation would NOT go well Also, spend some time on LQ rules, FAQ, etc.
Have a look at this: http://www.linuxquestions.org/questi...-up-4175591644

Also, the Kali doc specifically says: ...for experienced professionals...
A recent post said: "Kali is for users who already know how to use it".

Using LQ for Kali questions == -> .
I'm sincerely trying to help, by pointing out "cold reality". Best wishes.

p.s. More "Rule reality": 'black-hatting' will get Thread Closed; a 2nd such new-Thread-post attempt seems to just get account banned. LQ maintains high standards.

Last edited by Jjanel; 06-16-2017 at 01:44 AM.
 
Old 06-16-2017, 11:52 AM   #9
sadranger
LQ Newbie
 
Registered: Jun 2017
Posts: 24

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Jjanel View Post
Hi sadranger. Sorry things are not going well with this discussion.
Think of: asking a PoliceOfficer: "Lets discuss techniques *I* could use, to GRAB your gun..."
The conversation would NOT go well Also, spend some time on LQ rules, FAQ, etc.
Have a look at this: http://www.linuxquestions.org/questi...-up-4175591644

Also, the Kali doc specifically says: ...for experienced professionals...
A recent post said: "Kali is for users who already know how to use it".

Using LQ for Kali questions == -> .
I'm sincerely trying to help, by pointing out "cold reality". Best wishes.

p.s. More "Rule reality": 'black-hatting' will get Thread Closed; a 2nd such new-Thread-post attempt seems to just get account banned. LQ maintains high standards.
Ok fine one thing I get from this discussion is this site is not for learning ethical hacking
 
Old 06-16-2017, 07:34 PM   #10
mralk3
Senior Member
 
Registered: May 2015
Distribution: Slackware, OpenBSD
Posts: 1,549

Rep: Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869Reputation: 869
arpspoofing on kali linux is not working

It's not a question of ethical hacking. You are trying to do something that is illegal and announced it on a public message board. More importantly, you appear to have no intention of learning about the inner workings of the technology. That's not "black hat", it's " script kiddie".
 
Old 06-16-2017, 07:36 PM   #11
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,517

Rep: Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619
the issue is that we really can KNOW if it is ethical or NOT

most of the things are a double edged sward

there are many other forums for ethical hacking and ethical pen-testing
 
1 members found this post helpful.
Old 06-17-2017, 12:14 AM   #12
sadranger
LQ Newbie
 
Registered: Jun 2017
Posts: 24

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by mralk3 View Post
It's not a question of ethical hacking. You are trying to do something that is illegal and announced it on a public message board. More importantly, you appear to have no intention of learning about the inner workings of the technology. That's not "black hat", it's " script kiddie".
I apologise for your inconvenience. I'm new to this forums so I don't know what to ask and what not to. I do have intentions of learning about inner work of technology, but don't know where to start. Thanks for your time.
 
1 members found this post helpful.
Old 06-17-2017, 12:15 AM   #13
sadranger
LQ Newbie
 
Registered: Jun 2017
Posts: 24

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by John VV View Post
the issue is that we really can KNOW if it is ethical or NOT

most of the things are a double edged sward

there are many other forums for ethical hacking and ethical pen-testing
Thank you John VV
 
1 members found this post helpful.
Old 06-17-2017, 06:58 AM   #14
Jjanel
Member
 
Registered: Jun 2016
Distribution: any&all, in VBox; Ol'UnixCLI; NO GUI resources
Posts: 999
Blog Entries: 12

Rep: Reputation: 362Reputation: 362Reputation: 362Reputation: 362
>"I apologize ... Thank you ..."
Ah! Welcome back to the LQprecinct
(I was afraid that my post#8 might cause a flame-out, or even be an LQinfraction I didn't realize!)

>"there are many other forums for ethical hacking and ethical pen-testing"
Think of it like a devout church that doesn't want to discuss atheism, or Dem vs. Rep politics or ...

Feel free to post 'good' questions on all Linux things, other than Kali&EH/pen-test.
Have a look at another post I made: http://www.linuxquestions.org/questi...0/#post5722799

Best wishes! p.s. -I- do see that you didn't intend to actually "GRAB the gun AND ..."

Last edited by Jjanel; 06-17-2017 at 07:19 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Wireless no working on kali linux. mominkhan Linux - Newbie 5 10-18-2016 06:16 AM
TP-Link WN725N not working in Kali Linux, ndiswrapper evansd321 Linux - Wireless Networking 7 02-23-2014 11:36 AM
[SOLVED] Kali Linux NOT Working!!! LLj Debian 11 12-19-2013 03:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration