Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Set up an APR (ARP Poison Routing) using Cain and Abel


Set up an APR (ARP Poison Routing) using Cain and Abel

By ghostghost | 28131 Reads |
0     0

Requirements:

Cain and Abel - a wonderful little program that does a very wide variety of hacking jobs. we're going to use one of them in our experiment today. http://www.oxid.it/cain.html

a computer (desktop or laptop) - what else would we be doing this on?!?! a calculator?!?! (well, maybe one of those nifty TI's) http://www.dell.com http://www.toshiba.com http://www.hp.com

access to an Ethernet connection - THIS WILL NOT WORK USING WIRELESS figure out yourself where to get it. if you're working on a desktop and you have Internet access, then you're all set. if you're on a laptop, then find one of those access points and plug 'dat plug!

Don't even think about trying this without Ethernet, because if your computer/connection can't handle the load of efficiently redirecting thousands and thousands of packets on top of routing its own, then you're not going to be monitoring the computer/s you're targeting, but instead setting up a Denial of Service!!! (tee hee)

ho'kay. so. here's the earth (chillin').

j/k

ho'kay. so. assuming that you're smart enough to have installed Cain and Abel already, fire that baby up. oh, make sure to turn off any software firewalls you have. it screwed stuff up when i was doing it. now click on the tab labelled "Sniffer" (with the little computer chip next to the name). Now click the little button on the toolbar at the top that has that same picture of a computer chip on it (next to the one that looks like a radioactive sign). if you haven't gotten an error, then that's very good. if you did, then do some research, post on the forum, whatever. now click in the empty grid (that makes up most of the window) and select "Scan MAC Addresses". Keep "All hosts in my subnet" marked unless you want to only scan a certain IP range. I don't know what the stuff on the bottom does - leave it unchecked.

Now press "OK" and it should be a very quick scan (depending on your connection speed and size of the network, i assume). A list of computers will show up. Press Ctrl+A (select all) and right click, selecting "Resolve Host Name". This will make it easier to know which computer/s you want to poison. your router normally has the last digit of its IP address as 1, but it can change with the make. Now click on the "APR" tab on the bottom of the window and click on the empty grid on the top of the window. this should enable the blue plus sign button on the toolbar, so click that. a new window should pop up, and select the IP address of the first computer you wish to poison route on the left, and then Shift click on the other computer you wish to poison route on the right. Typically, it's a router on the left and the computer you wish to monitor on the right, but if you want to monitor a connection between two computers, then just substitute the router for the other computer. The router is the final point of the network, where then it goes to the Internet (unless you have a router connected to another router, but don't worry about that). i haven't tried it yet, but i suppose you could even monitor multiple computers. if you want to, figure that out yourself.

click "OK" and then a line of text should show up in the previously empty top grid. now click on that little radioactive sign thing on the top toolbar and a bunch of packet data should appear in the empty grid below. a packet is a very small "packet" of data (hence the name) that the computer uses to send stuff. it's better to send a bazillion small pieces of a file you want to transmit than to transmit the file all at once. the logic behind this is that if there were some interruption in connection during transit, it's better to have a portion of the file you're receiving than to lose it all (trust me, i did my History Day project on the evolution of the Internet). now your computer is sorta acting like a proxy in the thought that you're directing all traffic between the two computers (or a router) through your computer first - almost like a middle-man. proxies work like this so that when you go to a website you wish to remain anonymous on, the website doesn't see you browsing, but instead the the proxy server you're going though. a proxy string or "proxy bouncing" is a long line of one proxy directing to another proxy directing to another… so that it completely hides you from the site you're visiting. this is how the real elite hackers work so they don't get caught.

okay back on topic. now click on the "Passwords" tab on the bottom of the window and anytime someone on the computer/s you're monitoring logs in to one of the services on the left, then it logs it. sometimes it's in clear text (not encrypted) so you can see the username and password right in front of you as soon as they log in. most of the time, though, they're encrypted. look at another article on using Cain and Abel for password decryption if you can't figure out how to do it yourself.

Well, this concludes this little guide on APR (ARP Poisoning Routing). My first guide on actual hacking, so I hope you liked it. If it's too detailed, not detailed enough, tell me so I can fix it for any new articles i may write in the futute.

sToRm_seveN :P

Comments
Acin's avatar
Acin 17 years ago

I see that you say you can't use APR on wireless. In the newer versions of cain, you can turn off promiscuous mode on the wireless card and use APR through it.

Acin's avatar
Acin 17 years ago

I see that you say you can't use APR on wireless. In the newer versions of cain, you can turn off promiscuous mode on the wireless card and use APR through it.

Acin's avatar
Acin 17 years ago

Sorry for the doble post, I refreshed without thinking.

ghost's avatar
ghost 17 years ago

Nice article m8 ;)

Very good! :D

n3w7yp3's avatar
n3w7yp3 17 years ago

Wow, great job. Another "how to use this tool" style article. Just what a sub-par site like this needs, yet another sub-par article.

ghost's avatar
ghost 17 years ago

Whenever I try to open up the ARP sniffer on Cain, it's says the "System could not find the driver specified" Any ideas on how to fix this? Even before this when I tried to do this I would get the same error.

ghost's avatar
ghost 17 years ago

^^^ You didn't pick the right NIC in Cain. Look in the menu bar. ^^^

The article was a decent introduction of Cain, with a less-than-decent introduction of ARP poisoning. Also, I didn't like the writing style… seemed like your focus was jumping around. Whether you were trying too hard to be funny or just throwing this into a quick Notepad window, it could've done with a bit of revision.

Still, it covered the concept at an average level.