Sardar Vallabhbhai National Institute of Technology,Surat
Ethical Hacking and Penetration Testing
2 Semester, M.Tech CSE-IS
nd
Lab Assignment 5 : ARP Spoofing (Man-in-the-Middle Attack)
Objective:
The objective of this assignment is to implement ARP Spoofing using Kali Linux as
the attacker machine and Windows 7/10 as the target machine. Students will
demonstrate their understanding of ARP spoofing and Man-in-the-Middle attacks by
executing the provided steps, writing Python code, and submitting detailed
documentation with screenshots.
Assignment Tasks:
Task 1: Perform ARP Spoofing using arpspoof Command
1. Configure Network Setup:
o Ensure both Kali Linux (attacker) and Windows 7/10 (target) machines
are in the same subnet.
o Use ifconfig on Kali and ipconfig on Windows to verify the IP
addresses.
2. Enable IP Forwarding on Kali Linux:
o Run the following command to enable IP forwarding:
o echo 1 > /proc/sys/net/ipv4/ip_forward
o Take a screenshot of the terminal showing IP forwarding enabled.
3. Identify Network Details:
o Use ifconfig to find the attacker's IP and interface.
o Use route -n to find the gateway IP.
o Take screenshots of these network details.
4. Execute ARP Spoofing using arpspoof:
o Run the following commands:
o arpspoof -i <interface> -t <target_ip> <gateway_ip>
o arpspoof -i <interface> -t <gateway_ip> <target_ip>
o Replace <interface>, <target_ip>, and <gateway_ip> with actual
values.
o Capture screenshots showing the successful execution of the
commands.
Task 2: Perform ARP Spoofing using Python Code
1. Install Dependencies:
o Ensure that scapy is installed using the command:
o pip install scapy
� Sardar Vallabhbhai National Institute of Technology,Surat
Ethical Hacking and Penetration Testing
2 Semester, M.Tech CSE-IS
nd
o Take a screenshot of the successful installation.
2. Write and Run Python Code:
o Use the provided Python code for ARP spoofing.
o Modify <target_ip> and <gateway_ip> in the code to match your
network.
o Execute the Python script and capture screenshots of the code editor,
terminal output, and ARP table changes.
Submission Guidelines:
Submit a detailed report that includes:
o Introduction: Brief explanation of ARP Spoofing and its significance.
o Step-by-Step Execution: Detailed documentation of each step
performed with corresponding screenshots.
o Python Code Implementation: Include the Python code, terminal
outputs, and ARP tables before and after the attack.
o Conclusion: Summary of what was learned from the lab.
Include screenshots for every step, such as:
o Network configuration (IP addresses of all machines)
o Enabling IP forwarding
o Running arpspoof commands
o Python code execution
o ARP table verification
o Captured traffic during the attack
Expected Outcome:
By completing this assignment, students will:
Gain hands-on experience in ARP Spoofing attacks.
Understand the risks associated with ARP poisoning.
Learn how to implement network attacks using both built-in tools and custom
Python scripts.
Note: This lab assignment is intended for educational purposes only. Performing ARP
spoofing outside a controlled environment without authorization is illegal and
punishable by law.
