Network traffic monitoring

The goal of the task is to obtain data sent from a web form (by the attacker) that the user (victim) fills out at http://www.cybfut.eu/. Both the victim and the attacker are connected to the same segment of the local network. The web server is located on a different network.

The attacker will use a Man In The Middle (MITM) attack scheme and the ARP Poisoning (ARP Spoofing) method, where the Wireshark application will monitor network traffic.

What you will learn in this task

• The basic MITM attack scheme,
• the principle of ARP Poisoning (ARP spoofing),
• basic operations with the Bettercap application,
• Basic operations with the Wireshark application.
• Recognize HTTP, ICMP, SMTP, and SSH network traffic.

The ongoing tasks are:

• Perform ARP spoofing at all necessary locations.
• verify that the ARP attack was successful
• verify that the attacker is capturing network traffic
• capture data from the submitted form (as the attacker)
• end the attack

Workstations available for the task

• user (victim) – Windows OS
• attacker – Kali OS
• web server – Ubuntu OS

Network diagram

The maximum time required for the lab task is 45 minutes.