XeroSploit Advanced MITM Attack -Sniffing|Spoofing|Injecting JS|Dos attack

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. There are many open source tools available online for this attack like Ettercap , MITMF , Xerosploit, e.t.c

Xerosploit is default installed in Kali Linux 2017.2 or 2017.3 ,if not installed you can installed from github.

This article is on Xerosploit which provides advanced MITM attack on your local network to sniff packets , steal password e.t.c

Dependencies :-

nmap

hping3

build-essential

ruby-dev

libpcap-dev

libgmp3-dev

tabulate

terminaltables

Features :-

Dos attack

Html code injection

Javascript code injection

Download intercaption and replacement

Sniffing

Dns spoofing

Background audio reproduction

Images replacement

Drifnet

Webpage defacement and more.

Step 1 : Open Terminal and Type xerosploit

Step 2 : There are various modules are available which you can see by just typing again "help" command.

pscan – Port Scanner

Port Scanner dos – Dos Attack

Dos Attack ping – Ping Request

Ping Request injecthtml – Inject HTML code

Inject HTML code injectjs – Inject Javascript code

Inject Javascript code rdownload – Replace files being downloaded

Replace files being downloaded sniff – Capturing information inside network packets

Capturing information inside network packets dspoof – Redirect all the http traffic to the specified one IP

Redirect all the http traffic to the specified one IP yplay – Play background sound in target browser

Play background sound in target browser replace – Replace all web pages images with your own one

Replace all web pages images with your own one driftnet – View all images requested by your targets

View all images requested by your targets move – Shaking Web Browser Content

Shaking Web Browser Content deface – Overwrite all web pages with your HTML code

These are the available attacks you can perform.

Step 3 : And then type scan and press enter so that you can see all the IP addresses in your network.

Step 4 : Choose you target and type its IP, so that now it has been targeted.

Step 5 : Then again type help to see all the command your can now use.

Step 6 : For sniffing, type "sniff" in same terminal followed by "run" command and type y if you want to use sslstrip for sniffing HTTPS packets.

Step 7 : Run

Step 8 : Now you can see that as our victim is trying to open Way2sms site. Thus, the victim will be hacked

Step 9 : And see the sniffing attack is now working.

Step 10 : Enjoy !

For References :-

I hope you enjoyed this article.