PytheM is a python multi-purpose pentest framework. It has been developed in the hope that it will be useful and I don’t take responsibility for any misapplication of it. Only runs on GNU/Linux OS.
ARP spoofing – Man-in-the-middle
- use SET or any other site cloner to clone the site of your choice and host in the apache2
- Start BeEF xss framework and get the hook script url
- First get the source of the web page formulary and get the id= value of the login and password.
- Show the redirect results of the attempt so if goes to a different page may have worked.
Can be useful overthrow the DNS to force the administrator connection with his credentials in the HTTP server of the router to check what’s happening while the sniffer is running kk.
Tip: start apache2 or any other web server with your best hax0r3d html message.
If your network pass through a proxy you can add the rule:
iptables -t nat -A PREROUTING -p tcp –dport PROXY_PORT -j REDIRECT –to-ports 80
Πηγή : securityonline