Ettercap without ARP Spoofing
I'm trying to use Ettercap for sniffing and manipulating packets coming across the wire.
My current setup is Client > Wlan-(Karma)-Eth > My Box < Wlan < Router.
So the problem I'm running into is that I don't want to run ARP spoofing and need to forward what is coming in Eth0 to Wlan0 so that the client still has web access.
I've got everything else working fine, such as SSLStrip, but I'm having problems with Ettercap.
Whenever I enable Ettercap (ettercap -Tqi eth0), it disables ip_forward, which I can understand because Ettercap should be forwarding everything for me. Problem is that Ettercap is not properly forwarding from what it seems. All of the rules are showing up in iptables, so that isn't the issue.
I've been beating my head off my desk because I can't for the life of me figure out how to get Ettercap to work without ARP spoofing. I'm already sitting in the middle of the line, so there is no need to try and get the clients to connect to me.
If anyone has any idea and could push me in the right direction, I would really appreciate it.
Re: Ettercap without ARP Spoofing
If i've understood well,
You got a client (wireless connection)
You want it to connecto to YOU on your wireless interface
Link your wireless interface to your wired interface
and your wired interface connected on your router ?
##Client## ---- Wireless ---- ##Wlan0 -> Computer -> Eth0## ---- Wired ---- ##Router##
If it is, then what i should have done is :
Setting up a Fake Ap (it will use Wlan0 as a fake access point, and eth0 to get access to the internet)
Since datas go through wlan0 and eth0, no need of MITm with ettercap, because it's a MITM in itself.
Let's just capture packets with wireshark, apply filters if you want to see only your client's packets, and i think u're done.
I hope u'll understand my answer (i'm french T-T), anyway, if i've misunderstood something, or if i've not been clear enough PM me :)
Re: Ettercap without ARP Spoofing
Let me quote: "I've been beating my head off my desk because I can't for the life of me figure out how to get Ettercap to work without ARP spoofing. "
Well, you need to use -u...ettercap -Tqiu "your iface" or ettercap -T -q -u -i "your iface" This way you prevent ettercap from enabling forwarding, in such case you would have to forward the traffic in kernel with arpspoof.
Luck.
Re: Ettercap without ARP Spoofing
The problem with using -u is that it disables the ability to do packet injection. That's my entire problem.
Ettercap is great for MiTM when you're not actually in the middle, but if you are physically in the middle of a connection, it seems to be lacking.
