Xerosploit - Man in The Middle Attack Tool Full Using Tutorial

  A man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. There are many open source tools available online for this attack like Ettercap, MITMF, Xerosploit, e.t.c Networking is an important platform for an Ethical Hacker to check on, many of the threat can come from the internal network like network sniffing, Arp Spoofing, MITM e.t.c, This article is on Xerosploit which provides advanced MITM attack on your local network to sniff packets, steal password etc.
 

Features -

  • Port scanning
  • Network mapping
  • Dos attack
  • Html code injection
  • Javascript code injection
  • Download interception and replacement
  • Sniffing
  • DNS spoofing
  • Background audio reproduction
  • Images replacement
  • Drifnet
  • Webpage defacement and more 
 
Full Video :-
coming soon ........
 
💥 Xerosploit Installation 💥
 

Open This Post and Install This Tool 👇

 

Also Read : Xerosploit - MITM Framework Tool Install 

 

 
💥 Xerosploit MITM Using 💥
 
In the next comment, it will ask for the module you want to load for the man in the middle attack. Go with this comment and type help.
help
 
 
1.  pscan (Port Scanner)
Let’s begin with pscan which is a port scanner, it will show you all the open ports on the network computer and retrieve the version of the programs running on the detected ports. Type run to execute pscan and it will show you all the open ports of the victim’s network.
pscan
 
 
2.  DOS (Denial of service)
Type “dos” to load the module, it will send a succession of TCP-SYN request packet to a target’s system to make the machine unresponsive to legitimate traffic which means it is performing SYN Flood attack.
dos
run
press ctrl + c to stop If you are aware of HPING tool then you can notice, this module is initially using HPING command for sending countless SYN request packet.
 
 
3.  Inject HTML (HTML Injection)
HTML injection is the vulnerability inside any website that occurs when the user input is not correctly sanitized or the output is not encoded and the attacker is able to inject valid HTML code into a vulnerable web page. There are so many techniques which could use element and attributes to submit HTML content.
injecthtml
 
  So here we will replace the victim’s html page with ours. Select any page of your choice as you will notice that I have written “You have been hacked” in my index.html page which I will replace with the victim’s html page. Whatever page the victim will try to open he/she will see only the replaced one. First, create a page as I have created & saved it on Desktop by the name of INDEX.html
Now run injecthtml command to load the injecthtml module. And then type run command to execute the injecthtml and enter the path where you have saved the file. Bravo! We have successfully replaced the page as you can see in the picture below. Hit ctrl+c to stop the attack.
 
4.  Sniff
Now run the following module to sniff all the traffic of the victim with the command:
sniff
run
Now it will ask you if you want to use SSLTRIP to strip the HTTPS URL’s to HTTP so that we can catch the login credentials in clear text. So enter y.
When the victim enters the username and password it will spray and take all the data.
It will now open a separate terminal where we can see all the details in clear text. As you can see it has successfully taken the login details. Hit ctrl+c to stop the attack.
   
5.  dspoof
 
It load dspoof module which will supply false DNS information to all target browsed hosts Redirect all the http traffic to the specified one IP. Now type run command to execute module and then it will ask the IP address where you want to redirect the traffic, here we have given our Kali Linux IP.
dspoof
 
6.  Yplay (YouTube Play)
Now let's capture another exciting yplay module. It will play the background video audio in your favorite victim's browser. So first execute the yplay command followed by the run command and give the video of your choice. Open your browser and select your favorite YouTube video you want to play back in the victim's browser. If the video has an ad skip that and select an id from the URL. Go back to xerosploit.
yplay
To execute the yplay module for attack type run.
run
Insert youtube video ID which you have copy above from url in next step.
febVHEarpeQ
Now it doesn’t matter what the victim is doing on the laptop. If he tries to open any web page, then he / she will hear a song we want him to listen to. Hit ctrl+c to stop the attack.
 
7.  Replace
I hope all the attacks were really interesting. But what’s next will be amazing. We will now replace all images of the victim's website with our images. First of all, execute a command command followed by a running command. Don't forget to provide a file path for.
 
replace
run
/root/Desktop/1.png
As the victim opens any URL he/she will be amazed to see the replaced images of his/her website as shown here. Hit ctrl+c to stop the attack.
7.  move
 
move your website   

Comments

Post a Comment

Popular posts from this blog

Mobile Legend Phishing Hacking Use Android Termux and Linux

Image
Mobile Legend ID Hack Use Termux     This Tool is only educational purpose and we are not responsible for kind of illegal activity done by this tool ABOUT TOOL : MOBILE_LEGEND-PHISING IS A PHISING TOOL WICH IS USED TO PHISH A MOBILE LEGEND ACCOUNT OF YOUR VICTIM. This tool works on both rooted Android device and Non-rooted Android device. AVAILABLE ON : Termux App Kali Linux Parrot OS Ubuntu Arch Linux MAC TESTED ON : Termux App Kali Linux Parrot OS Ubuntu REQUIREMENTS : Fast internet php ngrok token apache2 FEATURES : [ + ] Real hacking of Account ! [ + ] Updated maintainence ! [ + ] Custom link ! [ + ] Easy for Beginners ! How Free Fire Phishing tool works ? [ 1 ] Create a link using the Free Fire Phishing tool. [ 2 ] Send the link generated by the tool to the victim. [ 3 ] When the victim clicks on the link they will see the MOBILE LEGEND offer page where they will enter the username and password of the offer offer you will find that data in termux. ✅ ...
Read more

L3MON – Create FUD Payload and Hack Android Phone Remotely

Image
Hi , today in this tutorial we will share with you the android remote control suite called “L3MON”. L3MON is a cloud-based android management suite but for now we will fix it on localhost in our kali linux operating system. L3MON Android suite management is built in the NodeJS language. When viewed, it is a type of Android management tool that makes the completely inaccessible download of the Android app and accessible to every device. Features of L3MON GPS Logging Microphone Recording View Contacts SMS Logs Send SMS Call Logs View Installed Apps View Stub Permissions Live Clipboard Logging Live Notification Logging View WiFi Networks (logs previously seen) File Explorer & Downloader Command Queuing Built-In APK Builde Let’s take a look   !! Install & Setup Video Install Dependencies Tool Step 1 :-   Install Dependencies – NodeJs As we know that every project has a code in nodejs, so we have to install nodes in our system in order to use...
Read more

What is the Tor Browser? - Use the Tor Browser

Image
What is Tor? The Tor Project is a non-profit organization that conducts research and development on online privacy and anonymity. It is designed to stop people - including government agencies and companies - from studying your location or tracking your browsing habits. Based on that research, it provides technology that removes Internet users and websites through “transfers” run by thousands of volunteers around the world, making it very difficult for anyone to find a source of information or location for a user. Its software package - Tor's browser - can be downloaded and used to use that technology, with a different version available on Android smartphones. How to use the Tor Browser For most people, using Tor Browser is as easy as downloading and running it, just as you can download Chrome or Firefox. If you have never used Tor, the first thing you will notice is that it is slower - or at least, slower than normal internet browsing. However, Tor has accelerated ...
Read more