Redirect all IPv6 traffic through your attacker machine with parasite6

Parasite6 is the arpspoof in IPv6 networks and also a part of the THC-IPv6 tools suite. As always they have made it very simple & effective. Parasite6 just spoofs the neighbor advertisement & solicitation packets. Specifically, it advertises that the attacker machine is the router for every neighbor solicitation packet. So virtually all traffic in the IPv6 network gets the false advertisement from the attacker machine & sends all packets to the attacker machine thinking that it is the router. We can either specify a mac address or run without specifying it. Either way, this works very good just like arpspoof tool.


Syntax: parasite6 [-lRFHD] interface [fake-mac]
-l       loops and resends the packets per target every 5 seconds.
-R       try to inject the destination of the solicitation

NS security bypass:

-F       fragment, 
-H       hop-by-hop and 
-D       large destination header

Homepage: https://www.thc.org/thc-ipv6/

Reference: Cisco

Note: This tutorial was written when Kali 1.0.9 was the latest. In newer versions (Kali Sana & Kali Rolling) the command has changed to atk6-tool. For example, you are using parasite6, in the newer version becomes atk6-parasite6.

Lab: Spoof the network and Route all packets through your system.

Scenario: I have an IPv6 network & some IPv6 hosts

IPv6 network : fc00::01/64

Attacker : Kali Linux VM

This is simple as it is. First turn on IPv6 forwarding and run parasite.

Command: echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
Command: parasite6 eth0<replace with your interface> -l
Packets Being Spoofed

Try different options yourself including giving a fake mac address in square brackets after options.

To evaluate if it’ s working correctly, test with Passive Discovery6. Click here to view tutorial on it. You can also do it with urlsnarf or driftnet or just any other sniffer.

Don’t forget to comment & Subscribe. It’s what keeps us alive.