I need to arp poisoning / redirect clients in some how the traffic from the LAN goes to my own machine (not forward to just sniff). Let me explain, I'm inside a network and I want to setup a fake custom service (it's part from a ERP) to steal authentication.
What's the problem?
They do not use DNS queries to arrive at this server (they use direct IP).
They do not use DHCP in this LAN.
Is there a way I can impersonate local users (a kind of arp poison, etc) to make all requests that should go to server 10.0.0.2 (MAC 01:02:03:04:05:06) goes to my machines 10.0.0.26 (MAC 66:66:66:66:66:66) ? Yes, I do not want to forward the traffic, I want to bind a port and myself response to this services.
Any ideas about how to do it in Windows or Linux?
How are you?
Sure, I work for a security company and one of my jobs are internal penetration tests, as I already had explained it here in another post I was believing it was clear.
Some evidences goes here:
Sorry if it was not clear since the first post.
Related with the thread, someone have some suggestion for me?
If you are on the same network segment as the victim, try using arpspoof.
Thank you for reply.
I did think in use dsniff package (arpspoof) but I got no sucess. In theory I should only setup a one way arp spoof and disable ip_forward, not?
However in my tests it do not work, it poison (the arp entry in VictimIP is forged), but if I setup a service in my attacker machine and try to connect from the VictimIP it gives connection refused.arpspoof -t VictimIP IPofMachineIWantToBe
echo 0 > /proc/sys/net/ipv4/ip_forward
off: Is there a way to use arpsoof to poison a entire segment (like a class C network) instead of a machine? I did look at man page and it do not say anything.
Thank you in advance.
Edit: Forgot to mention: A segment arpspoof WILL set off a IDS if there is one on the network. Not sure of your contract terms, but can you be caught/blatantly obvious or do you need to remain stealthy? An arpspoof that big is a dead give away.