Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow realizing efficient attacks, and also allows carrying out denial of service attacks and port scanning. Powered by bettercap and Nmap
For more detail read previous article from here.
In this article I am going to use yplay attack which will play background sound in victim browser.
Requirement: kali Linux & xerosploit tool
First you need to download xerosploit from github or you can visit to above link. I have already downloaded it in my tool folder.
Open terminal and start xerosploit tool ./xerosploit.py
This tool is very easy to use and provide complete information as you can see I have detail of my network configuration which will help me for selecting target in my network; after the tool starts it will ask to type help to view its command for attack. Go with this comment and type help.
In this grid we have list of commands for our attack and we are going for man in middle attack so I will choose scan command in my next step for scanning the whole network.
This command will scan complete network and found devices on your network.
There are so many hosts in this network; you have to choose your target from given result. I am going to select 192.168.1.19 for man in middle attack.
In next comment it will ask for module you want to load for man in middle attack. Go with this comment and type help.
Look at the list of modules and I would select yplay for modules which will play you tube videos as background sound in all web pages when victim will search for any web site in his/her browser. Open your browser and choose your favorite video in YouTube which you want to play in background in victim’s browser.
If video having any advertisement then skip that and select id from url. Look at image as I have selected the video id and copy it. Come back to xerosploit.
To execute yplay module for attack type run.
Insert you tube video ID which you have copy above from url in next step.
yplay ➮ Wd2B8OAotU8
Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here