PDA

View Full Version : Having trouble arpspoofing more than one target, arpspoof or distro issue?



2600
2013-04-11, 20:05
Alright I'm going to try and keep this short and simple, with backtrack I used to arpspoof all hosts on a network by simply issuing "arpspoof -i etho 192.168.0.1" and it would work fine, since updating to Kali, all issuing this command does is give me a solid cursor (not blinking, so I assume SOMETHING is going on?) and not output anything. However if I issue "arpspoof -i eth0 -t 192.168.0.1 -r 192.168.0.2" I get my arpspoof output and everything works as normal. To clarify, 192.168.0.1 is the defualt gateway in this example and 192.168.0.2 is one of multiple hosts on the network. What's going on?

Thanks

Vulpi
2013-04-13, 03:15
I've noticed this as well. I think the spoofing is still working, but I haven't tested it in depth yet.

Lordx19
2013-04-13, 12:42
Are you setting up ip forwarding and ip tables before hand? Maybe use the ettercap GUI to test if the arpspoof works. Just set up ip forwarding, then iptables, run ssltrip -k -l 8080, then open the ettercap GUI, shift+U, choose interface, Ctrl+s to scan for a host, choose the target as target 1, go to mitm an arp spoof one way (I think that's it, not on my laptop at the moment) then start the sniffer. See if that works.

Vulpi
2013-04-14, 05:55
The OP seems to be correct. On testing in the lab the spoofing is not working, and wireshark does not show any arp packets being sent.

While waiting for a fix, reverting to dsniff_2.4b1+debian-18 works.

repzeroworld
2014-02-08, 14:02
Alright I'm going to try and keep this short and simple, with backtrack I used to arpspoof all hosts on a network by simply issuing "arpspoof -i etho 192.168.0.1" and it would work fine, since updating to Kali, all issuing this command does is give me a solid cursor (not blinking, so I assume SOMETHING is going on?) and not output anything. However if I issue "arpspoof -i eth0 -t 192.168.0.1 -r 192.168.0.2" I get my arpspoof output and everything works as normal. To clarify, 192.168.0.1 is the defualt gateway in this example and 192.168.0.2 is one of multiple hosts on the network. What's going on?

Thanks

I have tried running arpspoof in kali..but the program doesn't show it is arpoisoning
arpspoof is in the package "dsniff 2.4b1+debian-22" this package contains the arpspoof program and other program
to verify this go to Application->System Tools-> Add/ Remove Programs
you can type dsniff in the search box and read the details of this package (it contains the arpspoof tool)

unfortunately this tool isn't working

REMOVE THE DSNIFF PACAKGE IN KALI
OPTION 1
go to Application->System Tools-> Add/ Remove Programs
type dsniff package in the search box and then untick the package
if told that the pakages depends on other packages and just click yes to remove the other dependent pacakges
once this is done click apply
that is it

OPTION 2
use the apt-get tool in a terminal
"apt-get purge dsniff"

THAT IS IT!

KNOW WHERE YOUR PAKCAGES ARE SOURCED FROM
the solution is to downgrade dsniff 2.4b1+ debian-22 to an older version, that is, 2.4b1+ debian-18
All your packages is being sourced from the kali linux repository (website) to view your the website location where your system updates packages
go to /etc/apt/ directory
you will see a file "sources.list" open the leaf with leafpad for easy modification and appends these lines


ADD ADDITIONAL REPOSITORIES TO YOUR SOURCE.LIST (BE CAREFUL!)
appends these lines to your sources.list file

## Debian Official Repository Mirror squeeze:
deb ftp://debian.oregonstate.edu/debian/ squeeze main contrib non-free
deb-src ftp://debian.oregonstate.edu/debian/ squeeze main contrib non-free
deb ftp://debian.oregonstate.edu/debian/ squeeze-proposed-updates main contrib non-free
deb-src ftp://debian.oregonstate.edu/debian/ squeeze-proposed-updates main contrib non-free

these lines simply make kali search the debian squeeze (older bedian version) site for a downgraded dsniff package.

DOING THIS IN A TERMINAL
terminal type "vim /etc/apt/sources.lst" and press the "I' button on your keyboard and then insert the repositories above.
once this is done press "ESC' and type ":wq" then press enter.. this will write the lines to the list and then quit the terminal notepad


UPDATE YOUR PACKAGE LIST
now that you have added these sites you need to update your package list
to update type in a terminal
apt-get update
the system will download package list that is from the debian site/repository you added

if you to the Add/remove programs you will see the dsniff 2.4b1+debian-18 package (old version that is working)
unfortunately i tried ticking this package in and applying changes but the pacakge isn't installing
to verify this
i type "mlocate dsniff" and noting was found

What i did was you use the apt-get command in a terminal and install the package
"apt-get install dsniff"
to confirm if it install type
"which dsniff" or "which arpspoof"
you will see the location

READY TO GO!
use arpoof and you will see the broadcat arp packets
use wireshark and see that you are broadcasting a fake gateway!

what you can do is add "#" to the lines you lines you append in your repository/ sources.list AFTER the tool is working so that when you run updates it will ignore any old packages from these sites
that can cause trouble

## Debian Official Repository Mirror squeeze:
#deb ftp://debian.oregonstate.edu/debian/ squeeze main contrib non-free
#deb-src ftp://debian.oregonstate.edu/debian/ squeeze main contrib non-free
#deb ftp://debian.oregonstate.edu/debian/ squeeze-proposed-updates main contrib non-free
#deb-src ftp://debian.oregonstate.edu/debian/ squeeze-proposed-updates main contrib non-free


hope this helps the newbies to linux like me!