Note: This only works on people who are connected on the same (V)LAN as you, i.e. your campus network! This allows you to 'Frape' or 'Facebook Rape' people in your university accommodation for example, without having to be anywhere near their computer! Yet again: This will only work for people on the same network as you, not someone else across the internet.
What is ARP (Address Resolution Protocol)?Address Resolution Protocol (ARP) is a protocol that associates MAC addresses (like the hardware serial number of your network card) to IP addresses. In simple terms, ARP works by broadcasting something along the lines of 'Who is X.X.X.X, tell Y.Y.Y.Y', where X.X.X.X is the IP address of the computer being queried, and Y.Y.Y.Y is the IP address of the computer making the query. The computer Y.Y.Y.Y will respond directly (i.e. not broadcast, but instead unicast), saying X.X.X.X is hh:hh:hh:hh:hh:hh (the MAC address of the machine with the IP address X.X.X.X).
Software RequiredThis is the software stack I will be explaining how to use:
Mozilla Firefox
Firesheep Firefox Plugin
Cain and abel
wincap
Discovering your Network Gateway IPFrom the command prompt, run the following command, and note down the IP address 'Default Gateway':
- Code:
-
ipconfig
Discovering your Target(s)Discovering your target who's running Windows is made easy due to NetBIOS host names of computers being named NAMEHERE-PC under Windows Vista/7 by default! Simply open up 'Network', and let Windows enumerate all the hosts it can find on the subnet. Note the names of the targets. Now run the following commands to find the target's IP address by querying the target's NetBIOS name table, then listing the local NetBIOS cache (replacing COMPUTERNAME with the target, 2NDCOMPUTERNAME with the second target, and so on):
- Code:
-
nbtstat -a COMPUTERNAME
nbtstat -a 2NDCOMPUTERNAME
nbtstat -c
[You must be registered and logged in to see this image.]MethodOpen up Cain, and select the Sniffer tab:
[You must be registered and logged in to see this image.]In the window, right click and select 'Scan MAC Addresses', select 'All hosts in my subnet', and hit OK:
[You must be registered and logged in to see this image.]You should now be presented with a list of hosts on your network. Now switch to the APR tab along the bottom. Click the + symbol on the toolbar. Now select the host you want to target on the left, and the IP address of the default gateway on the right (you should of noted this down earlier). If you want, you can select multiple targets by repeatedly pressing +, selecting a target and gateway, then confirming:
[You must be registered and logged in to see this image.]Now click the little radioactive symbol on the toolbar to start the ARP table poisoning attack and the router. You should see a list of routing information appear:
[You must be registered and logged in to see this image.]Now open Firefox, and click Start Capturing on the Firesheep side pane (you may need to enable it in the view menu). Also you may need to open Firesheep settings to select the correct network adaptor. If the target is on Facebook, you should be able to double click their name, and off you go!:
[You must be registered and logged in to see this image.] 
Wed Sep 28, 2011 1:33 pm