VPN vs No VPN

Most of us know what a VPN is, it is a software we use to access blocked websites.


Is that it?

No, a VPN also makes your Internet traffic secure.


But how can a VPN make your Internet traffic secure? Did you see it with your eyes?

If not yet, then let's do it now!



Your Internet traffic, is it safe?


Anyone who is connected to the same Wi-Fi network as you, can see all your Internet traffic, this is pretty basic thing to know.

But then, if anyone can see your Internet traffic does that mean your Facebook username and password which you submitted on Facebook.com to login to your account is already read by someone? Probably not.


Facebook or any other trusted website uses HTTPS which is a protocol that inserts an additional level of security over the usual HTTP protocol. This makes the Internet traffic between you and Facebook.com encrypted.

Which means, anyone can see your Internet traffic but they just can't make any use of it since it's all gibberish (encrypted text).


But if you're using a website that doesn't use HTTPS, your traffic with that website is literally available for anyone to read in your Wi-Fi network and also at all the routers that are in between you and the web server of the website you are visiting.


So there must not be any problem if you are submitting crucial information (like passwords) on HTTPS websites, but there definitely is a potential risk if you are doing the same on a website that doesn't use HTTPS.




How to be that Man In the Middle?


You can send fake ARP requests on a network claiming that you are the gateway of that network, and by doing so, all the devices on the network will forward their Internet traffic to you, instead of the gateway router. In such a way, you can read all the traffic of any device you want on your network.


There is a detailed explanation video tutorial about ARP spoofing on my website, check it out


If you're on Windows, you can use this ARP spoofer

If you're on Mac, you can use arpy

If you're on Kali Linux, arpspoof comes installed by default


After sending spoofed arp requests, you need to capture the packets received from the victim's device through Wireshark. You can download Wireshark from here for your Operating System.


Now run the arp spoof program on the computer which you want to be the Man In The Middle.


arpy on Mac

Here, 192.168.2.104 is the IP address of the target and 192.168.2.1 is the IP address of the default gateway.



Open Wireshark and start capturing packets.


Click on your Interface to start capturing.

That's it, you can now see all the packets on Wireshark that contains the Internet traffic of the victim.



Browsing without VPN


For example, if the victim visits techraj156.com, you can see the packets of the same on Wireshark.


Apply the filter ip.addr == <ip of techraj156.com> in wireshark search bar to see all the packets that are exchanged between techraj156.com and the victim.


Double click on any packet to analyze it, you can see that all the data is encrypted since techraj156.com uses HTTPS


But one thing to notice here is that, even though the website uses HTTPS we were still able to know that the victim is visiting techraj156.com. This means that we can know all the websites that the victim is visiting no matter if they are using HTTPS or not.


Same way, if the victim is using a website with no HTTPS, all the traffic will can be retrieved and even modified since there is no encryption and authentication.



Browsing with VPN


Now if the victim is using a VPN, and then tries to access techraj156.com

You will not be able to see any packets that belong to techraj156.com. Which means there is no evidence that the victim actually visited techraj156.com even though the victim actually visited this website.


This is because all the traffic that is coming out from the victim's device is actually headed to the VPN server and not to the server of that particular website. Also, the data going from the victim's PC to the VPN server is encrypted by the VPN. So even the traffic of websites with no HTTPS will be encrypted.


You can see this yourself by once again applying the filter :

ip.addr == <ip of techraj156.com> in wireshark search bar.

This time, you will not be able to see any packets that tells you the victim is visiting techraj156.com


Also, due to an extra layer of security added by the VPN, your traffic is also secure.



Finally, the advantages of using a VPN

  1. Your internet traffic is encrypted no matter if the websites you are accessing are using HTTPS or not

  2. No one in your network will be able to know which websites you're visiting.

539 views2 comments

© 2019 Tech Raj. Designed by Teja Swaroop

  • YouTube
  • Facebook Page
  • Twitter