In this article, I’m going to teach you about spying on networks with ARP poisoning attacks. After ARP Poisoning a network you will be able to see the following information visited by the victim.
Capturing usernames and passwords entered by the victim
ARP Poisoning And Spying On The Network
To open and start bettercap type in the following command
sudo bettercap -iface wlan0
Starting The Attack
Once you open bettercap you need to enable net.probe and net.recon for this type in the following commands:
net.probe on net.recon on
Once the net.probe module is activated this will send different types of packets to each IP in the current subnet in order for the net.recon module to detect them.
Once the net.recon module is enabled it will start reading the system ARP table in order to detect new hosts on the network.
Now we need to enable the net.sniff module. This module is a network sniffer which will help us in capturing websites visited by the victim, usernames, and passwords typed by the victim, and much more data about the victim. To enable this module type in the following command:
Once you enable the net.sniff module you will be able to capture all packet’s on your local network. Eg; Sites Visited by the victim, usernames and passwords typed in by the victim, and much more.