Professional penetration testers deploy various tools during their penetration tests.
When an IT security professional has successfully performed a MITM attack on a local network, he will be able to perform numerous other attacks on the network.
Such network attacks comprise interception of login credentials, conversations, emails, and other sensitive information.
In this tutorial, we will be showing you how to perform a successful Man-in-the-middle attack (MITM) with Kali Linux and Ettercap.
What is a MITM Attack?
A Man-in-the-middle attack (MITM) refers to an attack where a cyber adversary places himself in a colloquy between a user and an application.
Notably, the purpose of
Hackers partake in MITM attacks to steal personal information such as login credentials and credit card numbers belonging to other people.
The target of a Man-in-the-middle-attack is usually a user of e-commerce websites, and financial sites where logging into an account is required.
What is Ettercap?
Ettercap permits a professional penetration tester to sniff live connections which will be our primary focus in this tutorial.
Note: This is a penetration testing tutorial. You are responsible for your own actions.
1. Enable Packet Forwarding In Kali Linux
To begin this tutorial, start Kali Linux and
Default Kali account root login information – Login: root – Password:
We have to forward every IPv4 network package because the target system will need to maintain the network connection while the penetration tester is launching an ARP poisoning attack.
Open a new terminal window and type in the following:
systctl -w net.ipv4.ip_forward=1
Alternatively, you can achieve packet forwarding by typing into the terminal the following:
echo 1 > /proc/sys/net/ipv4/ip_forward
If your system fails to forward the necessary packets, the network connection of the target will cease which ultimately renders the attack futile.
2. Edit Ettercap Configuration File
To use Ettercap, it will be necessary to edit its configuration file.
Open a terminal window and type in the following:
Once the text version of the configuration file is opened, we will pay attention to the first two lines under the “[privs]” section.
The default numerical value for “ec_uid” and “ec_gid” is 65534.
We need to change 65534 to 0 for both “ec_uid” and “ec_gid“
We don’t have to remove the “# nobody is the default” line. Just leave it as it is.
In the toolbar of
In the “Find” search window, type in “
After doing so, we will be taken to the “Linux” section.
Under the “# if you use iptables:” section, we have to uncomment “#redir_command_on” and “#redir_command_off“
Proceed by exiting leafpad. Click “Yes” when it asks you if you want to save your changes to “etter.conf“.
3. Start Ettercap-gtk
To start Ettercap-gtk, open a new terminal window and type in the following:
Ettercap will begin to open. After the Ettercap GUI starts, go to the toolbar and click “Sniff” and choose “Unified sniffing“.
4. Choose The Appropriate Network Interface
In the “ettercap Input” window, choose the appropriate interface that is currently connected to your network.
In our tutorial, we are using an ethernet connection which is wired and means that our interface is “eth0“. If you are using a WLAN connection which is wireless, then you will likely choose a different option.
An easy way to find out the name of your network interface which you are currently connected to is by typing into the terminal the following:
5. Start Scanning For Hosts
In the bottom white window command box of the
Continue by clicking “Hosts” in the toolbar and choose “Scan for hosts“.
Ettercap will momentarily scan for hosts on the network.
We will eventually be greeted with the following messages in the white window command box:
“Randomizing # hosts for scanning“
“Scanning the whole netmask for # hosts“
“# hosts added to the host list“
6. Add The Appropriate IP Addresses Of Both The Router And Pentest Target’s System
Go to the toolbar again, click “Hosts“, and choose “Hosts list“.
Under the “Host List” tab, select the router’s IP address and continue by clicking the “Add to Target 1” button.
Continue by choosing the IP address belonging to the
7. Launch ARP Poisoning Attack
Go to the toolbar and click “Mitm“. Choose “Arp poisoning“.
A box called “MITM Attack: ARP Poisoning” will appear. Make sure to check the box next to “Sniff remote connections” and press “OK“.
8. Start Sniffing To Arp Poison The Target And Router
In the toolbar, click “Start sniffing“.
Ettercap will begin to Arp poison the victim and router. Wait for a little bit while the attack commences.
The target’s system will still be able to maintain a connection to the network without becoming aware that you are between the network and the router.
If the target you are penetration testing is unable to connect, it is most likely due to packet forwarding not being enabled.
If you want to stop the Man-in-the-middle-attack, simply go to the toolbar, click “MITM“, and select “Stop
The network will restore back to its usual state.
When you are finished with your MITM attack, you can go ahead and disable packet forwarding by typing into the
systctl -w net.ipv4.ip_forward=0
Congratulations! You have successfully achieved a Man-in-the-middle attack.