How to install Intercepter-NG in Linux

Intercepter-NG is a sniffer with a graphical interface that works under Windows.

This program has a long history and at present Intercepter-NG is a multifunctional set of network tools for IT specialists of various types. The main goal is to restore interesting data from the network stream and perform various types of man-in-the-middle attacks (MiTM). In addition, the program allows you to identify ARP spoofing (can be used to detect man-in-the-middle attacks), identify and exploit certain types of vulnerabilities, brute-force the login credentials of network services. To detect files and credentials the program can work with both a live traffic stream and analyze files with captured traffic.

There are several versions of Intercepter-NG, including for Android. For Linux, a console version has been developed, but it has not been updated for a long time. However, the latest version of Intercepter-NG can be run on most Linux distributions using Wine.

The installation process on different systems is similar. But at the same time, almost every distribution has its own nuances. I tested the installation in various distributions and assembled instructions for installing Intercepter-NG in Kali Linux, Ubuntu, Linux Mint, BlackArch and Arch Linux.

There are some problems with Intercepter-NG in the latest versions of Wine. The main functionality, including sniffing, works. But network scanning (to search targets for sniffing on the local network) works fine only on the old version of Wine 1.6, i.e. only in Linux Mint; although it does not prevent sniffing in other systems. The bug on other versions is connected, apparently, with the problems of determining the MAC address by Intersepter.

Intercepter-NG installation in Kali Linux

If you do not already have Wine installed, install it:

sudo dpkg --add-architecture i386
sudo apt update
sudo apt install wine32
wine --config

Than:

wget https://github.com/intercepter-ng/mirror/blob/master/wine_pcap_dlls.tar.gz?raw=true -O wine_pcap_dlls.tar.gz
sudo apt install libpcap-dev
sudo apt install tcpdump:i386
tar xvzf wine_pcap_dlls.tar.gz
sudo cp wpcap/wpcap.dll.so /usr/lib/i386-linux-gnu/wine
sudo cp packet/packet.dll.so /usr/lib/i386-linux-gnu/wine
rm -rf wine_pcap_dlls.tar.gz wpcap/ packet/
sudo apt install winetricks
winetricks cc580
sudo ethtool --offload eth0 rx off tx off

Create a directory where we will install Intercepter-NG, go to this directory:

mkdir Intercepter-NG
cd Intercepter-NG/

Download Intercepter-NG v1.0 and delete the wpcap.dll and Packet.dll files:

wget https://github.com/intercepter-ng/mirror/blob/master/Intercepter-NG.v1.0.zip?raw=true -O Intercepter-NG.zip
unzip Intercepter-NG.zip
rm wpcap.dll
rm Packet.dll

Launch:

sudo wine Intercepter-NG.exe

Intercepter-NG installation in Ubuntu or Linux Mint

If you do not already have Wine installed, install it:

sudo dpkg --add-architecture i386
sudo apt update
sudo apt install wine32
wine --config

Next, we install additional packages and files:

wget https://github.com/intercepter-ng/mirror/blob/master/wine_pcap_dlls.tar.gz?raw=true -O wine_pcap_dlls.tar.gz
sudo apt install libpcap-dev
sudo apt install tcpdump:i386
tar xvzf wine_pcap_dlls.tar.gz
sudo cp wpcap/wpcap.dll.so /usr/lib/i386-linux-gnu/wine
sudo cp packet/packet.dll.so /usr/lib/i386-linux-gnu/wine
rm -rf wine_pcap_dlls.tar.gz wpcap/ packet/
sudo apt install winetricks
winetricks cc580

Pay attention to the name of the network interface, here it is enp0s3, in contrast, for example, from Kali Linux, where the network interface is called eth0:

sudo ethtool --offload enp0s3 rx off tx off

Now we need to download and run Intercepter-NG. But by default in Ubuntu and Linux Mint we work under the normal user. Intercepter-NG requires elevated privileges. But if we use sudo, then Wine will issue an error that the directory (prefix) does not belong to us, i.e. it will output something like:

wine: /home/mial/.wine is not owned by you

Therefore, we need to login under the superuser. But in Ubuntu and Linux Mint, the superuser does not have a password by default; you cannot log in as root. Therefore, we begin by setting the password for the superuser:

sudo passwd

You will need:

• enter the password for the current user (since we are using sudo)
• create and enter a password for the superuser
• repeat password for superuser

Now we login under the superuser:

su -

Create a directory where we will install Intercepter-NG, go to this directory:

mkdir Intercepter-NG
cd Intercepter-NG/

Download and prepare Intercepter-NG:

wget https://github.com/intercepter-ng/mirror/blob/master/Intercepter-NG.v1.0.zip?raw=true -O Intercepter-NG.zip
unzip Intercepter-NG.zip
rm wpcap.dll
rm Packet.dll

Launch Intercepter-NG:

wine Intercepter-NG.exe

In Linux Mint, installing and running Intercepter-NG performs as in Ubuntu. But if you try to launch the command (for Wine installation):

sudo apt install wine32

You get an error that the wine32 package was not found, then instead of that command execute the following:

sudo apt install wine:i386

The rest of the installation process runs unchanged.

Intercepter-NG installation in BlackArch and Arch Linux

You need to start by installing Wine.

To enable multilib, open the /etc/pacman.conf text file:

sudo gedit /etc/pacman.conf

In it, find and uncomment the lines (be sure to uncomment both lines, otherwise, the changes will not take effect):

 [multilib]
Include = /etc/pacman.d/mirrorlist

Update the package information:

sudo pacman -Sy

Install Wine:

sudo pacman -S wine wine_gecko wine-mono lib32-mpg123 lib32-gnutls

Now that you have already installed Wine, we do the following:

Create a directory where we will install Intercepter-NG, go to this directory:

mkdir Intercepter-NG
cd Intercepter-NG/

Next:

wget https://github.com/intercepter-ng/mirror/blob/master/wine_pcap_dlls.tar.gz?raw=true -O wine_pcap_dlls.tar.gz
sudo pacman -S lib32-libpcap tcpdump winetricks
tar xvzf wine_pcap_dlls.tar.gz
sudo cp wpcap/wpcap.dll.so /usr/lib32/wine/
sudo cp packet/packet.dll.so /usr/lib32/wine/
rm -rf wine_pcap_dlls.tar.gz wpcap/ packet/
sudo winetricks cc580
sudo ethtool --offload enp0s3 rx off tx off

Download Intercepter-NG v1.0 and delete the wpcap.dll and Packet.dll files:

wget https://github.com/intercepter-ng/mirror/blob/master/Intercepter-NG.v1.0.zip?raw=true -O Intercepter-NG.zip
unzip Intercepter-NG.zip
rm wpcap.dll
rm Packet.dll

Fix for Arch Linux (BlackArch):

sudo ln -s /usr/lib32/libpcap.so /usr/lib32/libpcap.so.0.8

Launch Intercepter-NG in Arch Linux (BlackArch):

sudo wine Intercepter-NG.exe