Can't get ARP spoofing to work?

[colegagliano]

Hello guys, I'm hoping for some help. Over the past three months I have been trying to do ARP spoofing on my network. My problem is that after I execute the ARP attack, the machine that I'm arping (going between the router and it) completely loses internet connection!
This happens with both arpspoof and Ettercap. The machine that I'm arping against loses internet connection, so that you can't even connect to google.com. I tried messing around with ettercap for a long time, but finally gave up and am now trying the simpler "arpspoof," but the results are the same. I've enabled IP forwarding and IP tables in Kali, and tried EVERYTHING else out there, and still can't solve this.

Isn't the machine that your arping against supposed to maintain a connection (even if it's a slow one)?

Any ideas what could be causing the problem?

Commands that I use:
1: echo 1 > /proc/sys/net/ipv4/ip_forward
2: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
3: arpspoof -t 192.168.1.1 (router) 192.168.1.10 (target)
4: arpspoof -t 192.168.1.10 192.168.1.1

[rastamouse]

What do you have listening on port 8080?

[colegagliano]

Nothing yet, first I'm just trying to get the arp attack up and running.

[rastamouse]

Well it seems to me that all the traffic from your spoofed client could be reaching your attacker machine, but it's getting redirected to port 8080 and getting dropped (i.e. nothing is happening with it). Your spoofed client will then timeout and say it has no Internet connection. You could try attaching a sniffer to your network interface (not in promiscuous mode) or monitor the iptables to see if the expected traffic is hitting you.

[colegagliano]

I think that that is exactly the probelm. The traffic reaches me, but then is dropped. So in a sense, my arp attack is like a wall instead of a bridge, lol. Any way to fix this?

[rastamouse]

Well my assumption was that you had a tool listening on 8080 that would do something with the traffic (i.e. read or manipulate etc) and then pass it on to the correct destination. If it's getting dropped because there is nothing there, you have created a DOS condition. You either need to put something on 8080 (could be something simple like sslstrip); or change the rule entirely to a masquerade rule (which would just silently pass the traffic along).

[kevinmitnick]

Arp spoofing is not learned, it is mastered. You are need something on port 8080, to do this you need to start sslstrip, and set it on port 8080. As one of the worlds best hackers, I do this all the time in Hotel's etc. Easy to do, you must be an extreme Newbie.

[kevinmitnick]

How do you change it to masqurade rule?

[aerokid240]

First things first, remove the line "iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080". Also, ensure that the default poilicy for INPUT, FORWARD and OUTPUT chains is to ACCEPT. Everything else you've done appear to be correct. If you still have issues, use wireshark to give you some direction as to where the issue might be.