TransWikia.com

Arp poisoning doesn’t work with HTTPS navigation

Information Security Asked by user13105993 on October 28, 2021

I’m trying to do an ARP poisoning attack in my LAN. I use Ettercap and I place my attacker computer between my routers and target Windows computer.

Despite the target ARP table changing, when I use this computer to visit an HTTPS website, the browser (Chrome) stops the connection. Is there a method to make an ARP poisoning attack and allow the HTTPS navigation in the victim’s computer?

One Answer

With an ARP spoof, you intercept only the Ethernet layer. To have a ManInTheMiddle position, you need to spoof both client and server and enabling forwarding.

Without that, when your victim computer tries to browse tinder.com, the IP layer is built with the IP of tinder.com and sent to your evil computer (if you spoof the gateway address or the tinder.com address).
If your evil computer does not have a web service listening on port 80, tinder.com will appear unreachable for your victim computer. Maybe you also intercepted the DNS request and the victim computer never received the Ip to use to contact tinder.com

If you configured your ettercap attack to forward the captured packet to the real destination, you should be able to see the cleartext traffic. I remember that ettercap tries to spoof the SSL layer by default. If yes, your problem could come from the fact that ettercap displays an untrusted certificate to the victim and the tinder.com is configured with HSTS to avoid this.
If you disable the ssl interception (with -S) the victim should be able to reach tinder.com but you will not see the content of the HTTPS layer (you will only see the Ethernet, IP, and TCP layers)

Answered by Sibwara on October 28, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP