I'm currently following a pentesting book by Georgia Weidman. I'm in the ARP spoofing part. I enabled IP forwarding using
sysctl, and added MASQUERADE to the POSTROUTING chain in the NAT table. But when I set the filter in Wireshark to the incoming packets to the target's IP (ip.dst == target's ip), all I see are green ICMP network unreachable from my IP (attacker) and other DNS servers. The outgoing is fine, but mostly DNS. I also tried flushing the filter table and adding set iptables -P FORWARD ACCEPT. The target can't browse anything.
I tried searching for ARP spoofing and MITM. I learned about MITM proxy and set up redirects from 80 and 443 to 8080. It works, but it's almost red, maybe because the target does not trust the MITM proxy, so I tried a regular proxy from the Play Store, and it works. The DNS is still green, but I will try to redirect 53 to 8080 later.
Is this the only way to perform IP forwarding in Android?
Additional Info:
After everything, the packets in FORWARD chain from iptables -nvL is 0.
Asked by King Arthur
(1 rep)
May 28, 2025, 01:25 AM
Last activity: May 30, 2025, 10:52 AM
Last activity: May 30, 2025, 10:52 AM