There is a mobile phone connected to wifi. In addition, wifi connected the laptop with Kali. The phone is knocking on some server on the Internet. I need to prevent data leakage from the phone and find out what is being sent.
ARP spoofing wraps traffic between the phone and the router on the laptop. I watch wireshark - packets pass through me. Next, I want them not to go outside and send packets to the phone from the server on their own.
Suppose ip phone 192.168.1.76. It is known that messages go through port 80 with source address 192.168.1.76. The first is a packet with a SYN flag to establish a TCP connection. You need to block this package, create your SYN, ACK package and send it to your phone on behalf of the server.
Using scapy is no problem creating a package and sending it. It works, but there are problems with the server not receiving packets. So I understand you need to use a firewall
At first I tried to block all outgoing traffic from the laptop, the address at the source of which is 192.168.1.76:
iptables -t filter -A output -s 192.168.1.76 -p tcp --dport 80 -j DROP
1) wireshark does not display a packet (although it should, it was supposed to be received by the laptop, processed, but not sent further)
2) much worse that the answers come from the server
Question: How to correctly block traffic to replace the Internet for the phone?
