Results 1 to 5 of 5

Thread: Ettercap + Ubuntu = frustrated

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    7

    Default Ettercap + Ubuntu = frustrated

    Hey all. Been a longtime visitor of the site and user of backtrack. Anyhow, I have Ubuntu running on a permanent workstation and decided to install some of the tools that are on backtrack. Ettercap in particular has been giving me lots of issues. Network is just your basic home network with a WRT54GL (dd-wrt) as the gateway/switch. Etter.conf has been edited to set the UID to 0 and the comments removed from the iptables lines. Now, as for the basic mitm, it works just fine. Certificates are issued and it snags passwords without issue. The problem comes with the dns_spoof and remote_browser plugins. As for dns_spoof, I have my etter.dns file edited and just have one entry--

    *.google.com A xxx.xxx.xxx.xxx

    I am running the command as follows--
    sudo ettercap -i eth0 -T -q -P dns_spoof -M arp:remote /192.168.1.1/ //

    It starts up and propogates the host list and activates the plugin and appears as if everything is ok. But alas, no dice. Now using the backtrack live CD (well, USB jump drive) this works flawlessly and shows the proper output and such. On the ubuntu machine? It says [xxx.google.com] spoofed to [xxx.xxx.xxx.xxx] but the websites are all loaded correctly. I cleared the dns cache, tried reloading the page, everything. Just doesn't work! The remote_browser plugin gives the same result. I made sure to change the line in etter.conf to "firefox" as well. I did some searching on google and I got a quite a few searches that turned up solutions like "we don't support that kind of activity on this site". So I turn to you! Anyone have ettercap working successfully on Ubuntu?

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Most likely ppl here will run ettercap on BT

    Maybe try a Ubuntu forum, the ettercap one or google for the use of ettercap on ubuntu.
    Tiocfaidh ár lá

  3. #3
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    7

    Default

    No, I know that. I myself use BT. The ubuntu forums do not condone this type of activity it seems and I searched in the ettercap.sourceforge forums and found nothing. Also to note, the official ettercap forums are all but dead.

  4. #4
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    I'd use Wireshark to compare the frames being sent out by Backtrack with the frames being sent out by Ubuntu. There must be a difference... find that difference...
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  5. #5
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    7

    Default

    Quote Originally Posted by Virchanza View Post
    I'd use Wireshark to compare the frames being sent out by Backtrack with the frames being sent out by Ubuntu. There must be a difference... find that difference...
    Noted. I'll do that tonight.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •