COMPUTER SCIENCE AND ENGINEERING

FACULTY OF ENGINEERING AND TECHONLOGY

CYBER SECURITY (303105342) B. TECH 3RD YEAR
ENROLLMENT NO: - 2203031240389

3. Save Rules:
iptables-save > /etc/iptables/rules. v4
4. Restore Rules:
iptables-restore < /etc/iptables/rules. v4

Page |
 COMPUTER SCIENCE AND ENGINEERING
FACULTY OF ENGINEERING AND TECHONLOGY
CYBER SECURITY (303105342) B. TECH 3RD YEAR
ENROLLMENT NO: - 2203031240389

Practical - 03
Aim: To hide and extract information within multimedia files using steganography.

Objective: To understand the principles of steganography and apply them to securely embed
and retrieve data in files.

Requirements:
 Kali Linux installed on VirtualBox
 Tools: steghide, stegsolve
 Internet connection
 A multimedia file (image or audio)
Theory:
Steganography
Steganography is the practice of concealing messages within another medium, such as images,
audio, or video files. Unlike cryptography, which makes the message unreadable,
steganography aims to make the message invisible to the naked eye.
Steganography works by embedding information in non-visible portions of a file. In images,
this is typically done in the least significant bits (LSB) of pixel data, ensuring that the visual
representation remains unchanged to the human eye. In audio files, steganography embeds data
in frequency spectrums beyond the range of human hearing.
Steghide
Steghide is a steganography tool that allows users to hide and retrieve data in various file
formats, such as BMP, JPEG, WAV, and AU. It compresses and encrypts the hidden data,
providing additional security. Steghide uses passphrases to ensure only authorized users can
access the embedded data.
Features of Steghide:
1. Data Compression and Encryption: Steghide compresses the data before embedding,
reducing the file size. Encryption ensures that unauthorized users cannot access the
hidden information.
2. File Format Support: It supports common file formats, making it versatile for different
use cases.
3. Minimal Alteration: The tool ensures minimal distortion of the carrier file, preserving
its original quality.
Implementation of Steganography:
Embedding Data:
steghide embed -cf cover.jpg -ef secret.txt -p password

Page |
 COMPUTER SCIENCE AND ENGINEERING
FACULTY OF ENGINEERING AND TECHONLOGY
CYBER SECURITY (303105342) B. TECH 3RD YEAR
ENROLLMENT NO: - 2203031240389

 -cf: Specifies the carrier file.

 -ef: Specifies the file to embed.
 -p: Sets the passphrase for encryption.

Extracting Data:
steghide extract -sf cover.jpg -p password
 -sf: Specifies the stego file (carrier with embedded data).

EXAMINATION:
Step 1: Write a secret message in .txt format (Ex: evidence a.txt).

Page |
 COMPUTER SCIENCE AND ENGINEERING
FACULTY OF ENGINEERING AND TECHONLOGY
CYBER SECURITY (303105342) B. TECH 3RD YEAR
ENROLLMENT NO: - 2203031240389

Step 2: Using S-Tools, drag and drop the cover image file (original-zebras.bmp), and
then enter secret message file on top of it.

Step 3: Now to encrypt the stego file. Create a new password for the encryption and
click on the “OK” button.

Step 4: It was generating a new stego image. To save the stego file, right-click on the
image and select the “Save as...” option.

Step 5: Specify the destination to save the stego image and click on the “Save” button.

Step 6: Now, to extract the concealed information from the stego image, run the S-Tools and
then drag and drop the file into it. Right-click on the image and select the “Reveal” option from
the top-down menu.

Step 7: “Revealed Archive” window displaying the secret message file name.

Page |
 COMPUTER SCIENCE AND ENGINEERING
FACULTY OF ENGINEERING AND TECHONLOGY
CYBER SECURITY (303105342) B. TECH 3RD YEAR
ENROLLMENT NO: - 2203031240389

OBSERVATION: Now, Right-click on the file name and then select the “Save as…”
option to save it in a location. Next check the extracted file.

Page |
 COMPUTER SCIENCE AND ENGINEERING
FACULTY OF ENGINEERING AND TECHONLOGY
CYBER SECURITY (303105342) B. TECH 3RD YEAR
ENROLLMENT NO: - 2203031240389

Practical - 04
Aim: To implement a Man-in-the-Middle (MITM) attack using network sniffers like Ettercap
and understand how data can be intercepted and analyzes during transit.

Objective: To learn about MITM attacks and demonstrate how a network sniffer like
Ettercap can be used to intercept traffic between two devices on a network.

Requirements:
 Kali Linux installed on VirtualBox
 Tools: Ettercap
 A local network with at least two connected devices

Theory:

Man-in-the-Middle (MITM) Attacks

A Man-in-the-Middle (MITM) attack occurs when an attacker secretly intercepts and possibly
alters communication between two parties who believe they are directly communicating with
each other. The attacker can eavesdrop on the conversation, steal sensitive data, or inject
malicious content into the communication stream.
Key Concepts of MITM Attack:
1. ARP Spoofing: Address Resolution Protocol (ARP) spoofing is a common technique
used in MITM attacks. The attacker sends fake ARP responses to associate their MAC
address with the IP address of a target device.
2. Packet Sniffing: After redirecting traffic, the attacker captures data packets using tools
like Ettercap, Wireshark, or tcpdump.
3. Data Interception and Modification: Once the traffic passes through the attacker’s
device, they can read, modify, or even block data in transit.
Features of Ettercap:
 Performs ARP spoofing and DNS spoofing.
 Captures network traffic and displays data in real-time.
 Provides plugins for advanced attack techniques.
 Supports both graphical (GUI) and command-line (CLI) interfaces.
Implementation Steps:
Step 1: Configure Network Setup
 Ensure that Ettercap is installed on Kali Linux.

Page |
 COMPUTER SCIENCE AND ENGINEERING
FACULTY OF ENGINEERING AND TECHONLOGY
CYBER SECURITY (303105342) B. TECH 3RD YEAR
ENROLLMENT NO: - 2203031240389

 Connect the Kali Linux machine and the target devices to the same network.
Step 2: Launch Ettercap
1. Open Ettercap with root privileges:

2. Select the network interface (e.g., eth0 or wlan0) from the "Sniff" menu.

Step 3: Scan for Hosts

1. From the "Hosts" menu, select "Scan for Hosts."

Page |
 COMPUTER SCIENCE AND ENGINEERING
FACULTY OF ENGINEERING AND TECHONLOGY
CYBER SECURITY (303105342) B. TECH 3RD YEAR
ENROLLMENT NO: - 2203031240389

2. View the list of active hosts by selecting "Hosts List."

Step 4: Set Targets

1. Add the victim’s IP address as Target 1.

2. Add the gateway/router IP address as Target 2.

Page |
 COMPUTER SCIENCE AND ENGINEERING
FACULTY OF ENGINEERING AND TECHONLOGY
CYBER SECURITY (303105342) B. TECH 3RD YEAR
ENROLLMENT NO: - 2203031240389

Step 5: Start ARP Spoofing

1. Navigate to "Mitm > ARP Poisoning."

2. Enable the option "Sniff remote connections."

Step 6: Monitor Traffic

 View intercepted packets in real-time from the "Messages" window.

Page |
 COMPUTER SCIENCE AND ENGINEERING
FACULTY OF ENGINEERING AND TECHONLOGY
CYBER SECURITY (303105342) B. TECH 3RD YEAR
ENROLLMENT NO: - 2203031240389

Step 7: Analyze Captured Data

 Analyze sensitive data like usernames, passwords, or cookies by
inspecting the packets.
 Save the captured data for further analysis.
Step 8: Stop the Attack
1. Stop sniffing by selecting "Stop > Stop Sniffing."
2. Clear ARP spoofing effects by rebooting the network or using ARP restoration tools.

Page |