Thank you very much for excellent video and lots of information.... Only problem is when I tried to sniff my phone with Ip address found in net.show ...my phone got alerted and shown a message that some uncool activity is going on with wifi...so only when i bypassed it ...i would be able to connect and sniff my phone.... is there any way that target system or phone will remain unaware about this attack?
your videos are just mind blowing and informative. But for this one I have a question it is that can we call it or use it as a network jammer? btw nice content
Quite frankly, our data reaches the intended servers by the grace of MITM hackers. Am about to build a website with a private admin page to create, manage and perform data analysis on invoices. My very fear was .... What if a hacker modifies an invoice during creation??? I intend to use https (going serverless by the way), and use code verification via email to login into this admin page. I was almost certain the security was tight enough, then i thought of mitm. I was wondering if they can modify https data (like just add gibberish to the encrypted stuff), or even worst, delete it. Yep, thats how i got here, trying to find out how much harm they can cause. Sadly, they can do a whole lot, and with ease. 😔
I tried it using another computer in the network as target. And the browser of the target just freezes. Won't load. If the target is the same machine where your VM is, then it works. So this is not practical. Doesn't work in real world
the problem is,, user doesn,t go to website like that, people usually come from their history that have their cahche active or login from google , this attack don't work 100%
set arp.spoofing.targets doesnt give anything, like when i write the line and press enter, nothing shows and it just switches to a new line of code... any advice?
That just sets the targets, you need to start arp.spoof to actually start the process. I recommend trying the GUI which is started by the command http-ui on. It will start the Rest API and you can launch a browser and it should be running on port 80.
Hi Nour. At 6:00 when you are injecting Java script code, is that called cross-site scripting? Also, how do you mitigate ARP spoofing attacks? As I understand, ARP is layer 2 protocol.
I just need to block my location from work so I can work from out of town, but I still need my work to be able to see the work I'm doing. Will VPN block everything from my work?
How can you be less worried about who sees your data when using vpn ? What ever clients you have in your local network , are much more friendly, and much more easy to detect, than interception of data between you and your vpn, and not to mention all the hops between you and your vpn.. Do you not think vpn is like just,, a buzzword for 2023 ? a too popular word ? i do
I am thinking about getting a wifi adaptor compatible with kali and also has a monitoring mode to hack wifi. Is there anything I need to do to turn on monitor mode to dl this hack or can I just go and do the hack and it will do this automatically
I got an adaptor a while back now and it's the best choice ive ever made. I literally love wifi hacking. It's my favourite type of hacking to do. I used beef to hook a web browser (doesnt use the adaptor), but I can set up a thing to inject the js that hooks the browser on to any site so I can hook a browser on the same network as me as long as they visit a website
While using VPN you only showed us visiting https site, Even if i use http site with a vpn can a hacker read everything or it will be encrypted for them?
please tell me the reasons why my dns spoofing is not working even any mitm software doesnt detect my visits to youtube, google, facebook, instagram such websites
Thank you very much for excellent video and lots of information.... Only problem is when I tried to sniff my phone with Ip address found in net.show ...my phone got alerted and shown a message that some uncool activity is going on with wifi...so only when i bypassed it ...i would be able to connect and sniff my phone.... is there any way that target system or phone will remain unaware about this attack?
Sourceforge was on that HTTP list! That's crazy
your videos are just mind blowing and informative. But for this one I have a question it is that can we call it or use it as a network jammer? btw nice content
Quite frankly, our data reaches the intended servers by the grace of MITM hackers.
Am about to build a website with a private admin page to create, manage and perform data analysis on invoices. My very fear was .... What if a hacker modifies an invoice during creation??? I intend to use https (going serverless by the way), and use code verification via email to login into this admin page. I was almost certain the security was tight enough, then i thought of mitm. I was wondering if they can modify https data (like just add gibberish to the encrypted stuff), or even worst, delete it. Yep, thats how i got here, trying to find out how much harm they can cause. Sadly, they can do a whole lot, and with ease. 😔
Thank you man very useful video.
You blurred out the MAC addresses of your devices but they are in plain sight after you did a net.prob command 😅 around 0:41sec
🤣🤣🤣🤣
😂😂😂
I like hacker topic. Thank you sir.
oh la la... c'est tres cool.... super....
I tried it using another computer in the network as target. And the browser of the target just freezes. Won't load. If the target is the same machine where your VM is, then it works. So this is not practical. Doesn't work in real world
Spoofing is working but the victims network is getting cut off ... what's the solution???
Ip forward
Hey bro awesome video! I was able to redirect the websites to apache but it won’t change the urls :/ any tips?
the problem is,, user doesn,t go to website like that, people usually come from their history that have their cahche active or login from google , this attack don't work 100%
set arp.spoofing.targets doesnt give anything, like when i write the line and press enter, nothing shows and it just switches to a new line of code... any advice?
That just sets the targets, you need to start arp.spoof to actually start the process. I recommend trying the GUI which is started by the command http-ui on. It will start the Rest API and you can launch a browser and it should be running on port 80.
thank you very much for this video
Hi Nour. At 6:00 when you are injecting Java script code, is that called cross-site scripting? Also, how do you mitigate ARP spoofing attacks? As I understand, ARP is layer 2 protocol.
that is not XXS. XXS is when java script is interpreted by the browser as javascript of the web page
did you use a wifi adapter
Woo very nice sir
Sir I want to chart with you privately and how can I get you sir
I just need to block my location from work so I can work from out of town, but I still need my work to be able to see the work I'm doing. Will VPN block everything from my work?
usefull video thanks
Iam getting mdns request how to change it
thanks
thank u teacher
How can you be less worried about who sees your data when using vpn ?
What ever clients you have in your local network , are much more friendly, and much more easy to detect, than interception of data between you and your vpn, and not to mention all the hops between you and your vpn..
Do you not think vpn is like just,, a buzzword for 2023 ? a too popular word ? i do
It doesn't shows exact url shows something google tcp etc
Yes any solution
When I do all of this and turn arp and dns spoof on my wifi on my targeted device (myphone) wont work anymore
Same idk
Can Express-VPN hide my location when receiving and sending emails.
No
I am thinking about getting a wifi adaptor compatible with kali and also has a monitoring mode to hack wifi. Is there anything I need to do to turn on monitor mode to dl this hack or can I just go and do the hack and it will do this automatically
I got an adaptor a while back now and it's the best choice ive ever made. I literally love wifi hacking. It's my favourite type of hacking to do. I used beef to hook a web browser (doesnt use the adaptor), but I can set up a thing to inject the js that hooks the browser on to any site so I can hook a browser on the same network as me as long as they visit a website
Doesn’t work for my devices
I thinks these tools are out or not anymore in this years
Lol u dudes must be new these tools work fine
While using VPN you only showed us visiting https site, Even if i use http site with a vpn can a hacker read everything or it will be encrypted for them?
If you are using a VPN the traffick will be safe.
So is it DNS hijacking
Its DNS poinsoning because you can change their records but you are not changing the DNS record on the DNS server itself.
@@nourtechtalk got it Bro
please tell me the reasons why my dns spoofing is not working even any mitm software doesnt detect my visits to youtube, google, facebook, instagram such websites
might be firewall check if you can ping devices
dns.spoof not working, the websites still open
Do you have a VPN active? Because then it won't work.
when i type the command net.show no other network appears other than my network just me knowing that i am using two devices same network
It did something very odd. I entered the IP address of my phone and it instead showed me the things I visited with my computer instead of the phone.