1
00:00:00,300 --> 00:00:01,133
‫Instructor: Hi.

2
00:00:01,133 --> 00:00:02,160
‫Within this lecture,

3
00:00:02,160 --> 00:00:04,650
‫we're going to see the different tools

4
00:00:04,650 --> 00:00:08,130
‫that we can use in order to be man in the middle.

5
00:00:08,130 --> 00:00:10,740
‫We're going to install the real tool that we're

6
00:00:10,740 --> 00:00:14,430
‫going to use and we're going to learn how to use it

7
00:00:14,430 --> 00:00:18,660
‫in order to have an ARP attack on the target.

8
00:00:18,660 --> 00:00:22,440
‫So first of all, make sure your phone, your device,

9
00:00:22,440 --> 00:00:25,500
‫your Android or iOS device is connected

10
00:00:25,500 --> 00:00:29,520
‫to the same network that we connected with Kali Linux.

11
00:00:29,520 --> 00:00:31,920
‫For example, in my iPhone right now,

12
00:00:31,920 --> 00:00:36,240
‫I'm connected to the Home router over here.

13
00:00:36,240 --> 00:00:38,580
‫So if I go to Settings, okay,

14
00:00:38,580 --> 00:00:40,110
‫let me show you what I mean.

15
00:00:40,110 --> 00:00:43,920
‫If I go to Settings, if I go to Wi-Fi over here,

16
00:00:43,920 --> 00:00:46,590
‫I can click on the blue button,

17
00:00:46,590 --> 00:00:48,840
‫the Information button over here,

18
00:00:48,840 --> 00:00:51,510
‫and I can see my own IP address.

19
00:00:51,510 --> 00:00:55,975
‫As you can see, it's 192.168.128.

20
00:00:55,975 --> 00:00:56,808
‫Okay?

21
00:00:56,808 --> 00:01:00,360
‫So this is the same network with the Kali Linux.

22
00:01:00,360 --> 00:01:04,650
‫So I have 192.168.124 in Kali Linux,

23
00:01:04,650 --> 00:01:08,850
‫which means that I can actually do an ARP attack,

24
00:01:08,850 --> 00:01:11,490
‫and be man in the middle to this phone.

25
00:01:11,490 --> 00:01:12,323
‫Okay?

26
00:01:12,323 --> 00:01:14,040
‫So make sure your phone is connected,

27
00:01:14,040 --> 00:01:15,780
‫or your device is connected

28
00:01:15,780 --> 00:01:18,267
‫to the same network as Kali Linux.

29
00:01:18,267 --> 00:01:23,267
‫So that's all you need in order to be man in the middle.

30
00:01:23,460 --> 00:01:26,430
‫You have to be on the same network.

31
00:01:26,430 --> 00:01:28,080
‫Since we are on the same network,

32
00:01:28,080 --> 00:01:31,410
‫I'm just gonna go over and tell you the different tools

33
00:01:31,410 --> 00:01:35,370
‫that we can use in order to have an ARP attack.

34
00:01:35,370 --> 00:01:38,449
‫So we have several options for that,

35
00:01:38,449 --> 00:01:42,420
‫and I have tried a area of them.

36
00:01:42,420 --> 00:01:44,880
‫So let me change my keyboard,

37
00:01:44,880 --> 00:01:47,730
‫because I'm using a Turkish keyboard right now,

38
00:01:47,730 --> 00:01:50,880
‫and I will just write the names for you.

39
00:01:50,880 --> 00:01:53,910
‫So if you got the complete Ethical Hacking Course from me,

40
00:01:53,910 --> 00:01:56,340
‫you know most of these tools,

41
00:01:56,340 --> 00:02:00,540
‫because we see each of them in that course,

42
00:02:00,540 --> 00:02:03,720
‫because it works much better in the computers

43
00:02:03,720 --> 00:02:06,060
‫rather than mobile devices.

44
00:02:06,060 --> 00:02:10,080
‫But again, it works in mobile devices as well at some point,

45
00:02:10,080 --> 00:02:12,750
‫so we're going to see it over here as well.

46
00:02:12,750 --> 00:02:15,987
‫So we have ARPspoof, Man in the Middle Framework,

47
00:02:15,987 --> 00:02:19,560
‫Ettercap and Bettercap tools over here.

48
00:02:19,560 --> 00:02:21,930
‫ARPspoof is the most basic one,

49
00:02:21,930 --> 00:02:26,370
‫it just does an ARP attack, but it doesn't get us datas,

50
00:02:26,370 --> 00:02:28,230
‫it doesn't show us datas.

51
00:02:28,230 --> 00:02:30,630
‫And it works most of the time,

52
00:02:30,630 --> 00:02:35,630
‫but it is a very actually simple tool that you can use

53
00:02:36,090 --> 00:02:38,910
‫on the side when you're trying to do something else,

54
00:02:38,910 --> 00:02:42,510
‫rather than being man in the middle and getting the data.

55
00:02:42,510 --> 00:02:44,850
‫So Man in the Middle Framework is very good,

56
00:02:44,850 --> 00:02:46,080
‫but it's very old.

57
00:02:46,080 --> 00:02:49,080
‫It hasn't been updated for like two years.

58
00:02:49,080 --> 00:02:52,380
‫So it leaves us Bettercap and Ettercap.

59
00:02:52,380 --> 00:02:54,900
‫So we're going to use Bettercap over here,

60
00:02:54,900 --> 00:02:56,610
‫because it's the most innovative,

61
00:02:56,610 --> 00:03:01,320
‫and most latest up-to-date tool that we have right now.

62
00:03:01,320 --> 00:03:05,190
‫So make sure you run this apt-get install bettercap.

63
00:03:05,190 --> 00:03:06,023
‫Okay?

64
00:03:06,023 --> 00:03:08,760
‫If it asks for some permission, like Yes or No,

65
00:03:08,760 --> 00:03:10,260
‫just give it Yes.

66
00:03:10,260 --> 00:03:13,230
‫It will install the tool for you.

67
00:03:13,230 --> 00:03:14,070
‫Okay?

68
00:03:14,070 --> 00:03:16,350
‫So it's that easy to use it.

69
00:03:16,350 --> 00:03:21,300
‫It's actually very easy to use as well once you install it.

70
00:03:21,300 --> 00:03:24,000
‫It's not the case with Ettercap, for example,

71
00:03:24,000 --> 00:03:25,650
‫it's very hard to use.

72
00:03:25,650 --> 00:03:30,630
‫So we're going to use Bettercap for this purpose.

73
00:03:30,630 --> 00:03:33,120
‫So in order to run the Bettercap,

74
00:03:33,120 --> 00:03:36,840
‫all you have to do is just run bettercap -iface,

75
00:03:36,840 --> 00:03:39,810
‫which is interface obviously.

76
00:03:39,810 --> 00:03:41,370
‫And then you're gonna have to specify

77
00:03:41,370 --> 00:03:45,120
‫your interface as WLAN0.

78
00:03:45,120 --> 00:03:50,120
‫So if we were doing this on an wired network, for example,

79
00:03:51,030 --> 00:03:55,470
‫we can use, we could have used ETH0 as well,

80
00:03:55,470 --> 00:03:58,530
‫but since we are attacking the wireless networks,

81
00:03:58,530 --> 00:04:01,860
‫or attacking the other targets using wireless networks,

82
00:04:01,860 --> 00:04:04,350
‫we're going to use WLAN0.

83
00:04:04,350 --> 00:04:06,660
‫So if you run Help, once you do that,

84
00:04:06,660 --> 00:04:08,998
‫you will see all the instructions,

85
00:04:08,998 --> 00:04:13,560
‫and all the modules that you can find in the Bettercap.

86
00:04:13,560 --> 00:04:17,280
‫For example, we can see the available comments for you,

87
00:04:17,280 --> 00:04:21,180
‫and Help actually is a very good resource in Bettercap.

88
00:04:21,180 --> 00:04:24,570
‫It's not like the standard Help documentation.

89
00:04:24,570 --> 00:04:26,850
‫You can see everything over here.

90
00:04:26,850 --> 00:04:28,980
‫And we have a lot of modules.

91
00:04:28,980 --> 00:04:32,460
‫We're gonna see the most popular ones and as you can see,

92
00:04:32,460 --> 00:04:36,180
‫only the events.stream module is working right now,

93
00:04:36,180 --> 00:04:37,680
‫running in the background.

94
00:04:37,680 --> 00:04:40,500
‫So this is to keep track of what's going on

95
00:04:40,500 --> 00:04:41,400
‫inside of the tool.

96
00:04:41,400 --> 00:04:43,050
‫So it runs every time.

97
00:04:43,050 --> 00:04:45,695
‫You don't have to start it or stop it,

98
00:04:45,695 --> 00:04:50,190
‫but we're going to have to work with the other modules.

99
00:04:50,190 --> 00:04:51,720
‫And in order to do that,

100
00:04:51,720 --> 00:04:54,480
‫we're going to have to learn how they work.

101
00:04:54,480 --> 00:04:58,560
‫So first of all, we're going to start with net.probe,

102
00:04:58,560 --> 00:05:00,270
‫and net.recon.

103
00:05:00,270 --> 00:05:04,440
‫So this is to discover the other devices

104
00:05:04,440 --> 00:05:06,030
‫in the same network.

105
00:05:06,030 --> 00:05:09,960
‫So suppose that you're connected to some restaurant Wi-Fi,

106
00:05:09,960 --> 00:05:13,740
‫and you need to find the IP addresses of other devices,

107
00:05:13,740 --> 00:05:18,090
‫this is where you run net.probe or net.recon.

108
00:05:18,090 --> 00:05:22,050
‫So if you run help net.probe,

109
00:05:22,050 --> 00:05:24,090
‫it will show you how to start it.

110
00:05:24,090 --> 00:05:24,923
‫Okay?

111
00:05:24,923 --> 00:05:26,430
‫So it's very easy.

112
00:05:26,430 --> 00:05:29,670
‫All you have to do is just say net.probe on,

113
00:05:29,670 --> 00:05:33,060
‫and in order to stop this, net.probe off.

114
00:05:33,060 --> 00:05:35,910
‫So once you start net.probe,

115
00:05:35,910 --> 00:05:39,900
‫I believe it will automatically start the net.recon as well.

116
00:05:39,900 --> 00:05:41,130
‫Let's try this.

117
00:05:41,130 --> 00:05:45,510
‫I'm gonna say net.probe on and hit Enter.

118
00:05:45,510 --> 00:05:46,440
‫Here you go.

119
00:05:46,440 --> 00:05:49,050
‫It already detected some other devices

120
00:05:49,050 --> 00:05:52,830
‫on the same network like this, as you can see.

121
00:05:52,830 --> 00:05:56,160
‫So even though I showed you the IP address

122
00:05:56,160 --> 00:06:00,570
‫of my iPhone device like 192.168.128,

123
00:06:00,570 --> 00:06:02,220
‫even though we didn't know that,

124
00:06:02,220 --> 00:06:05,640
‫we could have gotten from the net.probe like this.

125
00:06:05,640 --> 00:06:10,640
‫So we see my phone over here, 192.168.128,

126
00:06:10,860 --> 00:06:13,767
‫it's been detected by the net.recon.

127
00:06:13,767 --> 00:06:16,290
‫And if you say net.show,

128
00:06:16,290 --> 00:06:20,460
‫it will show you the available IP addresses,

129
00:06:20,460 --> 00:06:24,870
‫and some vendor information in Mac addresses as well.

130
00:06:24,870 --> 00:06:27,000
‫As you can see, sometimes,

131
00:06:27,000 --> 00:06:30,510
‫we lose the devices on the network,

132
00:06:30,510 --> 00:06:34,890
‫and they got reconnected like this at some point.

133
00:06:34,890 --> 00:06:37,144
‫So whenever it's connected,

134
00:06:37,144 --> 00:06:40,050
‫it appears in the net.show table.

135
00:06:40,050 --> 00:06:42,870
‫Whenever it disconnects, it doesn't appear.

136
00:06:42,870 --> 00:06:46,620
‫So make sure your target is connected to,

137
00:06:46,620 --> 00:06:51,620
‫or it's detected by the net.probe or net.recon,

138
00:06:51,870 --> 00:06:56,580
‫and that's how you get the information about your target.

139
00:06:56,580 --> 00:06:57,413
‫Okay?

140
00:06:57,413 --> 00:07:00,900
‫Of course, you can try this with computers as well.

141
00:07:00,900 --> 00:07:03,120
‫It works much better in computers

142
00:07:03,120 --> 00:07:05,430
‫than it works in mobile devices.

143
00:07:05,430 --> 00:07:08,400
‫However, this is not the point of this course.

144
00:07:08,400 --> 00:07:09,233
‫Okay?

145
00:07:09,233 --> 00:07:11,280
‫We're focusing on the mobile devices,

146
00:07:11,280 --> 00:07:14,340
‫so I'm going to do my example on my iPhone,

147
00:07:14,340 --> 00:07:17,160
‫and I'm going to show you how it works,

148
00:07:17,160 --> 00:07:19,890
‫and how it doesn't work sometimes.

149
00:07:19,890 --> 00:07:21,600
‫So we're going to stop here,

150
00:07:21,600 --> 00:07:23,823
‫and continue within the next lecture.