What is Xerosploit
What is Man in the Middle Attack
A man-in-the-middle attack is a sort of cyberattack wherever a malicious actor inserts him/herself into a conversation between 2 parties, impersonates each parties and gains access to info that the 2 parties were making an attempt to send to each other. A man-in-the-middle attack permits a malicious actor to intercept, send and receive information meant for somebody else, or not meant to be sent at all, without either outside party knowing till it’s too late. Man-in-the-middle attacks are often abbreviated in so many ways, together with MITM, MitM, MiM or MIM.
Xerosploit Advanced MITM – Sniffing| Spoofing| Injecting JS| Replacing Images
Installation of Xerosploit
Xerosploit is available on github. Clone the repository from github by executing the below command
git clone https://github.com/LionSec/xerosploit
Get into the directory
Execute the installer file after giving permission to the file.
chmod +x install.sh && ./install.sh
After installation is done, run the tool by typing
Features of Xerosploit
Port Scanning – Port scanning is a technique to find the open ports with a listening service on a host machine by sending client requests to a range of server port addresses on a host. The attacker uses this to find out what services are running on a victim machine and to get a idea of the what operating system is running on a host machine .
Network Mapping – Network mapping is the process of discovering the devices on the network and their physical & virtual network connectivity. In simple words, It is the physical connectivity of networks.
Network mapping systems uses a process called active probing which is used to gather network data by sending probe packets that hop from node to node, which returns the information to the mapping system with the IP addresses.
Sniffing – Sniffing is the process of capturing all the packets transmitted over a network. It allows to capture data as it is transmitted over a network. This technique is used for good as well as for bad purposes like attackers uses this technique to capture unencrypted data, like passwords and usernames on a network. A user can also gain access to a system or network using sniffing.
DNS Spoofing – DNS spoofing is a technique that tricks a DNS server into believing that it has received authentic data when actually, it has received a fake information. It permits malicious user to replace the ip addresses entries for a target web site on a given DNS server with the ip address of the server he controls.
How To use Xerosploit
Run the tool by typing
You can view all the commands available by typing help
After launching xerosploit, type scan to scan the entire network and to detect all the live devices on the network.
Then, after scanning, it will displays all the devices found on the network.
Now select the target IP address to perform MITM attack. Type “all” to select all the devices
After selecting, type help to view all the modules available (sniff, dspoof, injectjs, rdownload, pscan, driftnet etc)
Select any one of the module and after selecting, launch the MITM attack by typing run command.
Modules Available in Xerosploit
pscan – pscan is the port scanner.
dos – Launch a dos attack on target.
ping – Check weather the host target is live or not.
injecthtml – This module helps us in injecting our own html code on target web page.
rdownload – We can replace the download file with own malicious file.
sniff – This module captures the information inside network packets.
dspoof – Redirect all the http traffic to the specified one IP.
yplay – Play background sound in target browser.
replace – Replace all web pages images with your own one.
driftnet – Captures and see all images requested by your target.
Do you want to write for TheHackerStuff ? If you have an interesting and intelligent topic you think we would like to publish, send it to email@example.com
Disclaimer This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and www.thehackerstuff.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.
Akshay Sharma is a Cyber Security Analyst. He is a CCNA certified and owner of TheHackerStuff.