Man in the middle

All of the following will require at least 2 machines:

To launch a mitm attack, you will most likely want to use ettercap. A simple ettercap run is shown as follows:

      ettercap -T -q -i eth0 -M arp /// ///

You can view the manpage to view what the options are above. (-M means mitm, arp means arp poisoning, the triple slashes represent the entire LAN). As it is running, you can hit the h key for some inline help. It will allow you to activate/deactivate plugins, other stuff, and end the attack.

You should try it and verify that the gateway mac address on your victim machines have changed to correspond to the mac address of your Kali machine.

Part I

Begin by doing a mitm rewrite select dns as I demoed in class. You can edit /etc/ettercap/etter.dns to decide how to intercept traffic. You should make it so anytime the victim tries to access they will be redirected to the website for Take a screenshot that proves this from your victim.

Hint: you could also add the -P dns_spoof flag to the above ettercap command.

Part II - Exploration

For this part, you can choose on of the following:


If you can’t get your bridged and NAT network up at the same time, try watching this video


A single pdf document is great.

Last Updated 02/12/2021