Time for action – session hijacking over wireless
Set up the test exactly as in the man-in-the-middle attack lab. On the victim, let's fire up the browser and type in https://www.google.com. Let's use Wireshark to monitor this traffic. Your screen should resemble the following:
Apply a Wireshark filter for DNS and, as we can see, the victim is making DNS requests for https://www.google.com:
In order to hijack the browser session, we will need to send fake DNS responses that will resolve the IP address of https://www.google.com to the hacker machine's IP address
192.168.0.199
. The tool that we will use for this is calleddnsspoof
and the syntax is as follows:dnspoof –i mitm-bridge
The output of the command is as follows:
Refresh the browser windows and now, as we can see through Wireshark, as soon as the victim makes a DNS request for any host (including
google.com
), Dnsspoof replies back:On the victim's machine, we see an error that says Unable to connect. This is because we made the IP address...