advance main in the [MITM] attack using xerosploit in Kali Linux

Advance main in the middle [MITM] attack | xerosploit

Hello guys,

Welcome to MikeyToTech

In this article, I am going to talk about MITM[main in the middle attack] that how an attacker can intercept your online communication and also target your system’s information.

In this article I covered these topics –

What is MITM

How to install xerosploit advance MITM attack tool

Scan target

Port scan victim’s system with xerosploit

Inject JavaScript file to the victim’s system

Replace download file to victim

Monitor victim’s traffic

Warning :- this post is only for educational purpose. So, you will responsible if you will use it for illegal purpose.

What is MITM [main in the middle attack] -

Main in the middle attacks are cyberattack in which an outside entity intercepts communication between two computer systems. This can happen in any form of online communication, such as social media, web surfing etc. Attacker can also target all the information inside the victim’s computer system.

How to do advance MITM attack

Step 1 :- Here, I will have a tool xerosploit that is used for advance main in the middle attack and I will use this tool in Kali Linux system. So, first of all you need to install xerosploit. You can clone it from github it will take a little bit time. See the following picture –

git clone https://github.com/LionSec/xerosploit.git

step 2 :- now, you need to change directory in xerosploit and run execute install.py to do this you can run command ./install.py it will start installing xerosploit tool. Then it will ask to select your operating system I will type 1 that’s why I am using Kali Linux and hit enter. As you can see in the following picture –

Now, you can run this tool by running command xerosploit.

Scan targets

After starting xerosploit type scan it will scan all systems in your network such system IP, MAC addresses, manufacture etc. As you can see in the following picture –

Now, you can set target here. For example I am setting up 192.168.43.1 as a target.

Some examples of MITM attack

Let’s see some examples of MITM attack –

Port scanning –

Type pscan and hit enter and again type run and hit enter to run pscan module. As shown below –

Injecting JavaScript –

To inject JavaScript you need a JavaScript file, so I will make a JavaScript file and save named with inject.js. As you can see in the following picture –

Now, back to the xerosploit and type injectjs and hit enter to use this module and again type run and hit enter to execute injectjs module and then I will ask path of JavaScript file so type JavaScript file path.

When victim open link on target system the JavaScript file will be execute.

Press ctrl+c to stop injecting JavaScript file.

Replace download file –

To replace file you need a file on your system to replace it. I will replace file named rfile.zip that’s exit on /root/Desktop/ directory.

Monitor victim’s traffics [sniffing] –

We can monitor victim’s traffics by using sniff module. When you will use sniff module it will ask you to load ssltrip you need it so type y and hit enter.