How to Perform Sniffing Attack with Xerosploit Framework?
Step 1: Launch the Xerosploit Framework
Now that Xerosploit is fully installed, we can launch the core framework to access its web penetration testing capabilities. To do this by running the main execution script xerosploit.py from within our cloned repository directory :
xerosploit
Step 2: List of the Modules
The Xerosploit console now running, our next step should be to see the available modules and commands before proceeding with scanning or exploitation. The help command will output a listing of all built-in Xerosploit modules we can use.
help
Step 3: Scanning the Network
Now that we have an overview of Xerosploit’s capabilities, we can begin reconnaissance and information gathering on our web application target. The scan module provides automated crawling, mapping, and auditing of the target site to detect surface vulnerabilities. We can run a scan using:
scan
Step 4: Select the Target
We simply copy our intended IP Address target into the input, paste it at the prompt, and hit enter to confirm the selection.
After Pasting the IP address you can see the Prompt of that your Target is Set.
Step 5: Setting up the Sniffing Module
After Setting up the Target we need to set the Module that we want to use. Use the following Command to list the Modules.
help
This is the List of our Modules Below :
Step 6: Using the Sniff Module
Xerosploit has a useful sniff module that lets us intercept and analyze web traffic to and from the target during assessments. We can enable network sniffing in Xerosploit using a three-step process:
1. First, we load the sniffer module:
sniff
2. Next, we activate continuous sniffing by running:
run
3. Finally, we permit the inclusion of Loading the SSLstrip data with:
y
Step 7: Captured & Intercepted Data from the IP Address
After Running all the above commands you can see Some windows popping up, which captures the data. When the Victim opens the Browser and Surf the websites, then all the surf data will be sniffed and shown in the opened windows.
In the below screenshot, you can see the Captured Data and the Visited Sites from the victim’s Computer and Overall Data Packets.
Sniffing with Xerosploit – An Advanced MITM Framework
Xerosploit is an open-source framework that makes it easy to perform man-in-the-middle (MITM) attacks on networks you have access to. The goal of an MITM attack is to get between two parties communicating and intercept or even alter their communications without them realizing it. The key advantage of Xerosploit is it automates many complex MITM attack techniques so even a beginner can sniff lots of sensitive information off a network. However, it is meant only for ethical, authorized testing, as MITM attacks capture private data and can violate wiretapping laws.