Skip to content

fallen/witm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
.gitignore
.gitignore
 
 
INSTALL
INSTALL
 
 
Makefile.in
Makefile.in
 
 
README
README
 
 
arp.c
arp.c
 
 
configure
configure
 
 
forward.c
forward.c
 
 
got_packet.c
got_packet.c
 
 
poisoning.c
poisoning.c
 
 
witm.c
witm.c
 
 
witm.h
witm.h
 
 

Repository files navigation

COPYRIGHT (c) 2010 Yann Sionneau <yann dot sionneau at telecom-sudparis dot eu>
Special thanks to ubitux for helping a *lot* on the Makefile
and to Stéphanie Ouillon for testing, motivating, support and for all the Fish !

This is a simple proof of concept software which does "Woman in the middle" attack.

Using this, you can take place of the router, in order to watch the traffic of the other persons of your network.

You go from this : 

{Internet} <--> <Router> <--> Target
                      î <---> You

To this : 

{Internet} <--> <Router> <--> You <--> Target

How it works : 

1°) enable capturing on your system

	On Mac OS X you have to do this as root : 
	# chmod 777 /dev/bpf*


2°) Start witm with the proper parameters : 
	$ ./witm networkInterface RouterIpAddress RouterMacAddress YouIpAddress YourMacAddress VictimIpAddress VictimMacAddress

* On Mac OS X, if you are using the integrated wifi adaptater, networkInterface is en1, if you are using the wired network it's en0
* On GNU/Linux if you are using the wired network, networkInterface is usually eth0

To see the interface on Mac OS X do this : sudo route -n get 0.0.0.0 | grep interface.
To see the interface on GNU/Linux do this : sudo route -n | grep 0.0.0.0 and you take the line beginning by "0.0.0.0", and the interface is the last word of the line.

You can get the RouterIpAddress by doing : 

	On Mac OS X : sudo route -n get 0.0.0.0 | grep gateway
	On GNU/Linux : sudo ip route | grep default | cut -d' ' -f 3

You can get the RouterMacAddress by doing : 

	On Mac OS X : sudo arp -a | grep "(192.168.1.1)" | cut -d' ' -f4
	On GNU/Linux : sudo arp -a | grep "(192.168.1.1)" | cut -d' ' -f4

You can get your MacAddress by doing : 

	On Mac OS X : sudo ifconfig en1 | grep ether | cut -d' ' -f2
	On GNU/Linux : ifconfig eth0 | grep HWaddr  and take the last word of the line

Mac addresses MUST be entered in THIS format : AB:CD:EF:GH:IJ:KL , so no '-', and if there is only one letter or figure before or after a ':', just put a 0 before it.

3°) You can start wireshark and you will see the packets from/to your victim !

Have fun !

BEWARE : it is illegal to use such a software on a network which is not yours, and to see communications that are not yours.
This is for educational purposes ONLY !

About

Woman In The Middle

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages