ettercap redirect stopped working?

[XOIIO]

Alright, this problem arose just overnight, the day before ettercap as redirecting websites just fine but today, i get nothing.

These are the steps that I put together and used, and it worked many times.

nano /usr/local/share/ettercap/etter.dns

Change website address to redirect, and ip to redirect it to. Save with Ctrl+o then enter.

Open ettercap-gtk

Sniff –> Unified Sniffing

Host, Scan for hosts. Add the router to target 1, and the others to target 2

Mitm > arcp poisoning > sniff remote connections

start scanning

Plugins > manage plugins > dns_spoof plugin


However, today I can't get it to work, and I've done everything i can think of short of reinstalling the OS. These steps worked perfectly fine yesterday, so I don't get whats going on. The section that shows when the target attempts to access the webpage just stays empty, and the target is un-affected.

So, what is the fix for this?

Also, can I select just one or two targets from the command line, and have it work the same? I'd rather do it that way that dealing with the GUI

[XOIIO]

Heres where the output stops, and I don't get any feedback. I've also enabled ip forwarding, but it still doesnt work. using arpspoof in terminal is bust too.

Scanning the whole netmask for 255 hosts...
4 hosts added to the hosts list...
Host 172.16.*.** added to TARGET1
Host 172.16.*.*** added to TARGET2

ARP poisoning victims:

GROUP 1 : 172.16.*.*** B8:E6:25:8E:0D9

GROUP 2 : 172.16.*.** F0:7B:CB:5A:76:5E
Starting Unified sniffing...

Activating dns_spoof plugin...

I've seen some placed 64 bit is a problem with ettercap, is that true? would installing 32 bit fix that?

[maverik35]

Heres where the output stops, and I don't get any feedback. I've also enabled ip forwarding, but it still doesnt work. using arpspoof in terminal is bust too.

Scanning the whole netmask for 255 hosts...
4 hosts added to the hosts list...
Host 172.16.*.** added to TARGET1
Host 172.16.*.*** added to TARGET2

ARP poisoning victims:

GROUP 1 : 172.16.*.*** B8:E6:25:8E:0D9

GROUP 2 : 172.16.*.** F0:7B:CB:5A:76:5E
Starting Unified sniffing...

Activating dns_spoof plugin...

I've seen some placed 64 bit is a problem with ettercap, is that true? would installing 32 bit fix that?

You might want to check the poissoning..I always use cli, I post my command line:
ettercap -Tqi eth1 -M arp:remote // // -P dns_spoof

Recheck the etter.dns file (/usr/share/ettercap/etter.dns) and see if nothing has been changed as to redirecting IP.

After using the ettercap line I posted above, use the key "h" for help (i belive that is the key, anyway, below the command, it says the key).

look for the option: check poissoning. Check it. No arp-poissoning, no dns_spoof, no sniffing, nothing. Traffic never passes thru your PC.

[XOIIO]

You might want to check the poissoning..I always use cli, I post my command line:
ettercap -Tqi eth1 -M arp:remote // // -P dns_spoof

Recheck the etter.dns file (/usr/share/ettercap/etter.dns) and see if nothing has been changed as to redirecting IP.

After using the ettercap line I posted above, use the key "h" for help (i belive that is the key, anyway, below the command, it says the key).

look for the option: check poissoning. Check it. No arp-poissoning, no dns_spoof, no sniffing, nothing. Traffic never passes thru your PC.

Ahh, thanks, but I figured our what I was doing wrong, I was editing the etter.dns file, but somehow I had one in the wrong directory lol, so that's why nothing was changing.

[zimmaro]

hi
I'm NOT expert:
I must be honest to me sometimes happens that the DNS_spoof associated with "" ARP "" INTO-ETTERCAP should not be always successful!.I've done a lot of testing (BT5-R3-32-bit VM)
I noticed (my opinion):
that in (my) version (VM-32-gnome "update" hdd install) sometimes does not work
as well (cleaning the iptables & switching "0/1" ip forwarding) ... but if you start BT5-R3_LIVE-mode (VM) function always good!.
I am not able to understand if it is a question of "ettercap" or the "assignment-dns" in the network!
the result of WORKED-TEST:

http://vimeo.com/59764427

sorry low-quality
bye

[maverik35]

I had a lots of problems using ettercap installed in my debian Testing, not as to installation is concerned, but the thing is that arp poissoning is just almost impossible in some scenarios. Then I tried from live DVD and strange thing, the same result, no arp poissoning..I also have BT5r3 in the same hdd, along side with mint, Xp and W7.

Also tried with the BT5r3 HDD installation, same result....

Some how I never knew if there was something going on in that particular lan I was auditing..I search and research about ettercap, arp poissoning..Everything remains the same..Everything I do seems to be just fine. It has become an obsesion with that lan....mmmmm...

But in my case, it could probably have been something in that lan I was auditing...Still trying after 4 months with that lan...

[zimmaro]

hi maverik35
if you can be of interest to "flush out" any problems
I did a lot of tests (in MY-lan) using the example posted earlier [(dns_spoof + arp) ettercap] 32-bit
the best result (in MY case) you have with the version BT5-r3 LIVE! 10/10
instead with the installations (updated) in HHD (vm or physical) I got 5/10

ps: With your permission I enclose a(VM)live-mode demo

http://vimeo.com/59855773

ps1: it worked as well without ip_forward

MANY THANKS as always