Network traffic monitoring

The goal of the task is to obtain data submitted from a web form (by the attacker) that the user (victim) fills out at http://www.cybfut.eu/. Both the victim and the attacker are connected to the same local network segment. The web server is located in a different network.

The attacker will use the Man In The Middle (MITM) attack scheme and the ARP Poisoning (ARP Spoofing) method to attack, using the Wireshark application to monitor network traffic.

What you will learn in the task

• Basic MITM attack scheme,
• ARP Poisoning attack principle (ARP spoofing),
• basic tasks with the Bettercap application,
• basic tasks with the Wireshark application,
• recognize network traffic of HTTP, ICMP, SMTP, SSH protocols.

Ongoing tasks are

• perform ARP spoofing in all necessary places
• verify that the ARP attack was successful
• verify that the attacker is capturing network traffic
• capture data from the submitted form (as the attacker)
• terminate the attack

The workstations available within the task are

• User (victim) – Windows OS
• Attacker – Kali OS (Debian)
• webserver – Ubuntu OS

Network diagram

The time required for the lab task is max. 45 minutes.