Just answer the three Question

Windows 7 VM

1. Boot the VM and note its IP address and default gateway.

ipconfig /all

2. Show the current ARP table, note which addresses are dynamic and which are static.

arp -a

Kali VM

3. Boot the VM and note its IP address and default gateway

ifconfig eth0

ip route

4. Start Ettercap GUI

ettercap -G

5. Configure Unified Sniffing to use eth0 Click "Sniff > Unified Sniffing... Ctrl+U". Select "eth0" as the network interface.

6. Stop Sniffing, we aren't ready for that yet. Click "Start > Stop sniffing Shift+Ctrl+E"

7. Now we need to detect hosts so we can configure our attack. Click "Hosts > Scan for hosts Ctrl+S" and then click "Hosts > Hosts list Ctrl+H" to view the list.

8. Configure the MitM by adding the default gateway as Target 1 and the Windows VM as Target 2. Select each host and click the "Add to Target" button.

9. Now start the ARP spoofing. Click "Mitm > ARP poisoning ...", select "Sniff remote connections" Click "Start > Start sniffing Shift+Ctrl+W".

Windows VM

10. Check your ARP table to see if the MitM was successful. If so, you'll see that the MAC address for the Default Gateway is the same as the Kali VM. Screenshot this output as proof of your MitM.

arp -a

Kali VM

11. Now that we have control of the Windows VM network traffic we can start passive or active attacks.

12. Browse the web on the Windows VM while sniffing images and URLs from the network traffic on the Kali VM. Play around with the following commands in Kali and screenshot any interestering output. Try to stay away from HTTPS websites. Q1. Explain your results. Submit at least one screenshot and an explaination of what is occuring.

driftnet -i eth0

urlsnarf -i eth0

Use "Ctrl+C" to exit.

13. Stop and close Ettercap. Use the "Quit" command in Ettercap. If Ettercap crashes or shuts down uncleanly, it will leave the Windows VM without internet connectivity since we did not repair the ARP poison. Ettercap does this when it shuts down.Using MITMf, perform another ARP poison attack while running Wireshark and monitoring the network traffic. You will need to install mitmf.

wireshark & apt install mitmf mitmf -i eth0 --spoof --arp --dns --target --gateway

Use "Ctrl+C" to close MITMf.

14. Identify the first packet where the ARP poisioning is occuring. Q2. Submit a screen shot showing this packet.

15. HSTS spoils most of our fun on real websites. Q3. Research HSTS and explain how HSTS prevents the SSLstrip vulnerability. Submit a brief explanation as part of your lab assignment.