Hi All,
Setup: Hyper-V host running WIN server 2019 with apache tomcat unsecure webserver - port 80. On the same LAN i have a target (win 10) and attacker (Kali). All on the same subnet. I can send ICMP packets and access webserver from all of the hosts. If I run Wireshark locally on the target host (win10 accessing unsecure local webserver) i can see the HTTP traffic.
I'm trying to execute MITM attack using ettercap and it is not displaying the HTTP packets in Wireshark capture logs. HOWEVER, if I visit the vulnerable ONLINE website (vulnweb - which does not have SSL) from target host, I can see all of the traffic including HTTP. So why does the same rules apply for LAN Traffic?
Sidenote: I'm doing a college work on 'Zero Trust security model' and trying to apply it to an unsecure webserver.
