0

I'm running Windows 10 on a 64-bit machine. I'm looking for a way to do arp-spoofing to get network activity information for a specified device IP on the same network. I chose arp-spoofing as a proxying technique because I can't change network settings on the device whose network activity I want to intercept. I want to intercept only unencrypted HTTP traffic, so no need for SSL pinning.

So far I've tried Cain & Abel, but seems like it only lists me the accessed IPs of the intercepted requests, I'd like to get the full request & response (so path, headers etc.) Is there a way I can do that? Does it have such an option?

Thank you in advance

Improve this question
2
  • arp spoofing by itself will not direct traffic sent from the victim system to the attacker. Only traffic from other systems destined for the victim system will be directed to the attacking system.
    – Frank Thomas
    Commented Jul 23, 2021 at 22:51
  • @FrankThomas Does that mean I can only get the response? I'll take that but it doesn't seem to be doing it either, so what would I need to do
    – mikey_john
    Commented Jul 24, 2021 at 10:57

1 Answer 1

Reset to default
0

ARP spoofing is a well-known attack vector.

Linux and Windows have included protection mechanisms against it. From the above link:

Software that detects ARP spoofing generally relies on some form of certification or cross-checking of ARP responses. Uncertified ARP responses are then blocked. These techniques may be integrated with the DHCP server so that both dynamic and static IP addresses are certified. This capability may be implemented in individual hosts or may be integrated into Ethernet switches or other network equipment. The existence of multiple IP addresses associated with a single MAC address may indicate an ARP spoof attack, although there are legitimate uses of such a configuration. In a more passive approach a device listens for ARP replies on a network, and sends a notification via email when an ARP entry changes.

Your method is not working since you are coming up against one of these protection mechanisms. Information about how to trick these mechanisms is off-subject here (if I even knew it).

Improve this answer
1
  • Actually, it was just the tool that didn't have the feature. I had tried arpspoof.exe + Wireshark before but didn't get it to work, turns out I just didn't know how to use Wireshark properly, managed to find a tutorial and it worked, it was a matter of: arpspoof.exe TARGETIP ROUTERIP then on Wireshark ip.addr == TARGETIP && http
    – mikey_john
    Commented Jul 29, 2021 at 10:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .