advance main in the [MITM] attack using xerosploit in Kali Linux

Advance main in the middle [MITM] attack | xerosploit


Hello guys,
Welcome to MikeyToTech

In this article, I am going to talk about MITM[main in the middle attack] that how an attacker can intercept your online communication and also target your system’s information.

In this article I covered these topics –
What is MITM
How to install xerosploit advance MITM attack tool
Scan target
Port scan victim’s system with xerosploit
Inject JavaScript file to the victim’s system
Replace download file to victim
Monitor victim’s traffic

Warning :- this post is only for educational purpose. So, you will responsible if you will use it for illegal purpose.

What is MITM [main in the middle attack] -

Main in the middle attacks are cyberattack in which an outside entity intercepts communication between two computer systems. This can happen in any form of online communication, such as social media, web surfing etc. Attacker can also target all the information inside the victim’s computer system.

How to do advance MITM attack



Step 1 :- Here, I will have a tool xerosploit that is used for advance main in the middle attack and I will use this tool in Kali Linux system. So, first of all you need to install xerosploit. You can clone it from github it will take a little bit time. See the following picture –



step 2 :- now, you need to change directory in xerosploit and run execute install.py to do this you can run command ./install.py it will start installing xerosploit tool. Then it will ask to select your operating system I will type 1 that’s why I am using Kali Linux and hit enter. As you can see in the following picture –



Now, you can run this tool by running command xerosploit

Scan targets


After starting xerosploit type scan it will scan all systems in your network such system IP, MAC addresses, manufacture etc. As you can see in the following picture –



Now, you can set target here. For example I am setting up 192.168.43.1 as a target.




Some examples of MITM attack

Let’s see some examples of MITM attack –

Port scanning –

Type pscan and hit enter and again type run and hit enter to run pscan module. As shown below –



Injecting JavaScript –


To inject JavaScript you need a JavaScript file, so I will make a JavaScript file and save named with inject.js. As you can see in the following picture –



Now, back to the xerosploit and type injectjs and hit enter to use this module and again type run and hit enter to execute injectjs module and then I will ask path of JavaScript file so type JavaScript file path.



When victim open link on target system the JavaScript file will be execute.

Press ctrl+c to stop injecting JavaScript file.


Replace download file –

To replace file you need a file on your system to replace it. I will replace file named rfile.zip that’s exit on /root/Desktop/ directory.




Monitor victim’s traffics [sniffing] –


We can monitor victim’s traffics by using sniff module. When you will use sniff module it will ask you to load ssltrip you need it so type y and hit enter.



Capturing traffics – as you can see in the following picture packets are saving into the /opt/xerosploit/serosniff/192.168.43.1411-Feb-2020.pcap.




Thus, you can also use other modules. To display list of all module use command help and try yourself.


Thanks for reading.
If you have any question or suggestion then please do the comment.

Post a Comment

0 Comments